Build an AI Governance Program Aligned to NIST AI RMF, ISO 42001, SOC 2

​AI governance is no longer optional.

​NIST AI RMF is referenced by FTC, FDA, SEC, CFPB, and EEOC. Colorado's AI Act cites it for safe harbor. ISO 42001 is becoming the certifiable AI management system standard. The EU AI Act has a high-risk deadline in August 2026. And SOC 2 Type II auditors in 2026 now expect AI-specific evidence: model versioning, inference logging, drift detection, training data lineage.

​Most AI-native startups have none of this in place.

​In this two-hour paid working session, you will design the architecture of your AI governance program, mapped across NIST AI RMF, ISO 42001, and SOC 2 AI controls simultaneously, using the Build Once, Map to All methodology.

​What you will build:

​- Your AI inventory template (covering models, datasets, vendors, fine-tuned variants)

​- Your AI risk tiering matrix

​- Your AI governance policy starter, mapped to NIST AI RMF Govern + ISO 42001 management system + SOC 2 AI evidence

​- A roadmap to operationalize AI governance over 90 days

​What we cover:

​- The 2026 AI governance landscape (US federal, state, EU, sectoral)

​- How to build one AI program that satisfies multiple frameworks

​- The 5 AI-specific SOC 2 evidence categories auditors now expect

​- What "AI risk assessment" actually looks like in practice

​Who it is for: AI startup founders, CTOs, security leads at Series A-B AI companies. Limited to 25 seats to keep the session interactive.

​You will leave with a complete AI governance program architecture mapped to three frameworks, a working AI inventory template, and the option to book a 30-minute consultation with me.

​Hosted by Meenu Chadha, founder of Cyber Advisory and fractional vCISO.