Workshop

Crosswalk Your AI Agent to the EU AI Act, NIST AI RMF and ISO 42001 in One Day

François B. Arthanas

Ph.D. Scholar, CISSP, CISA, AAIA™, CDPSE

Most AI governance programs fail because they stop at theory & principles.

Bring one AI agent. Leave with a practical governance crosswalk, risk profile, control-gap map, and 30-day action plan.

In this hands-on one-day cohort, you’ll map a real AI agent against three of the most important AI governance frameworks: the EU AI Act, NIST AI Risk Management Framework, and ISO/IEC 42001. You’ll translate abstract requirements into concrete controls, evidence, testing needs, monitoring practices, and next steps your team can actually execute.

This is not a lecture on AI policy. It is a working session designed to help you answer the questions enterprise buyers, security teams, auditors, legal teams, and regulators are starting to ask:

What does your agent do? What data does it touch? What can go wrong? What controls exist? What evidence proves it? What gaps need to be closed first?

What you’ll learn

Stop answering every AI framework from scratch. Build one control map for one agent that answers them all and find the gaps first.

  • Work on the Atlas Support Agent: it accesses customer data, calls tools, and issues refunds under limits.

  • Inventory its controls across six trust domains: data & privacy, security, safety, reliability, accountability, society.

  • Learn the rule that makes crosswalking possible: one control, many frameworks, one evidence source.

  • Walk the risk-classification ladder: minimal, limited, high, unacceptable and place the Atlas agent on it.

  • Map the agent's controls to the obligations its tier triggers: transparency, human oversight, logging, robustness.

  • Map the same control inventory to NIST's four functions: Govern, Map, Measure, Manage.

  • Cross to ISO/IEC 42001's management-system clauses and see how much you've already covered.

  • Assemble the one-page Compliance Readiness Brief: coverage by framework, top gaps, and recommended fixes.

  • Defend it in a mock audit Q&A facing auditor-, legal-, and buyer-style questions.

  • Leave with the reusable crosswalk matrix and templates ready to run on your organization's agent Monday.

Workshop agenda

  • Welcome and AI RMF orientation

    You will start by learning how NIST AI RMF works and why AI risk is different from ordinary software, cybersecurity, privacy, or model risk.

  • GOVERN: Set up the minimum viable AI governance process

    AI risk management needs clear ownership, decision rights, and escalation paths. In this block, you’ll learn how to make AI governance operational without overbuilding bureaucracy.

  • MAP: Understand the AI system before judging it

    Most AI reviews fail because teams jump straight to technical metrics without understanding the system’s real-world context. You will map how the system works, who uses it, and who is affected.

  • Lunch break

    To my overachiever you can use some of this time to refine your AI system description and prepare to turn your mapped concerns into measurable risks.

  • MEASURE: Turn AI risks into tests, metrics, and evidence

    Once risks are mapped, they need to be measured. This block teaches you how to design practical testing, evaluation, verification, and validation activities.

  • MANAGE: Make the risk decision

    AI risk management is not just about identifying risks. It is about making defensible decisions. In this block, you’ll learn how to prioritize risks, assign controls, and document residual risk.

  • 15 minutes Break

    Grab some water!

  • MONITOR: Post-deployment oversight, incidents, appeals, and decommissioning

    The riskiest moment is often after launch. AI systems can drift, fail, be misused, or create unexpected impacts once deployed.

  • SPECIAL FOCUS: GenAI, vendor AI, and foundation models

    Most organizations are not only building AI. They are buying it, embedding it, piloting it, and letting employees use it.

  • CLOSING: Your 30-day AI RMF action plan

    You’ll close the day by translating the workshop into a practical next-step plan for your organization.

Learn directly from François

François B. Arthanas

François B. Arthanas

Contact

Agentic AI Governance Practitioner | Ph.D. Candidate, CISSP, CISA, AAIA™, CDPSE

Centene
ISACA
Trenton Health Team
WGU
Cyber Pros Training
See all products from François B. Arthanas

Who this workshop is for

  • For teams responsible for approving, governing, or deploying AI

  • Risk, compliance, legal, privacy, security and internal audit teams

  • Consultants, advisors, procurement and vendor-risk teams

What's included

François B. Arthanas

Live sessions

Learn directly from François B. Arthanas in a real-time, interactive format.

Lifetime access

Go back to course content and recordings whenever you need to.

AI RMF implementation template pack

You will receive reusable templates for inventory, risk tiering, mapping, impact assessment, measurement, risk treatment, monitoring, incidents, vendor review, and executive approval.

AI RMF Resource library

You’ll receive a curated set of NIST AI RMF references, implementation prompts, checklists, and suggested next steps.

GenAI and vendor AI addendum

You will learn how to adapt the process for GenAI tools, RAG systems, copilots, AI agents, and third-party AI platforms.

Community of peers

Stay accountable and share insights with like-minded professionals.

Certificate of completion

Share your new skills with your employer or on LinkedIn.

30-day action plan

You will leave with a practical roadmap for applying the workflow inside your organization.

Maven Guarantee

Your purchase is backed by the Maven Guarantee.

Frequently asked questions

Maven for Teams

Reimbursement

Get your company to pay

Everything L&D needs: email template, receipts, and certificate of completion.

Get reimbursed

Private cohort

Run a cohort for your org

A dedicated cohort with a custom schedule and curriculum, tailored to your team.

Book a private cohort