Applied AI cert-prep add-on

IAPP Artificial Intelligence Governance Professional (AIGP) Exam Prep Add-On

Convert AI Governance and Risk into an IAPP AIGP ramp for the AI privacy and governance credential.

$147 add-on40h additional studyTarget exam: IAPP Artificial Intelligence Governance Professional (AIGP)Exam fee: $550

What the add-on ships

++Domain reviews aligned to the official IAPP AIGP body of knowledge
++Three 100-question mock exams matching the IAPP AIGP format
++Focused review of NIST AI RMF, NIST AI 600-1, EU AI Act, Colorado AI Act, and ISO/IEC 42001
++Worked examples of AI risk register design, AI impact assessments, and AI bill-of-materials practice
++Direct link to the official IAPP AIGP exam page as the canonical reference

Built on the parent course

++AI Governance and Risk 12-module curriculum covering NIST AI RMF, EU AI Act conformity, vendor risk, privacy architecture, fairness
++Risk register, impact assessment, and audit-program practice from the parent course

Parent course: ai governance and risk

Best for

++Privacy professionals expanding scope into AI governance with the IAPP credential set
++GRC practitioners moving into AI governance leadership roles
++AI product managers and policy leads who need a portable governance credential

Practice surface

++Three 100-question mock exams in IAPP's format
++AI risk register and impact-assessment worked examples
++Targeted weak-area question drilling per AIGP body of knowledge

Buy the add-on

$147 on top of the ai governance and risk parent course. Lifetime access to the practice materials, mock exams, and exam-day worksheets.

See the parent course

Exam summary

IAPP Artificial Intelligence Governance Professional (AIGP) is the IAPP's AI governance credential and the working baseline for privacy professionals adding AI risk to their portfolio. The exam covers AI fundamentals, AI development and deployment, AI governance frameworks (especially NIST AI RMF and NIST AI 600-1), AI laws (EU AI Act, US state and federal action), and AI risk management. The exam is 100 questions in 2.5 hours with a passing score on a scaled scale published by the IAPP. The credential is ANSI / IAS accredited and pairs naturally with CIPP / E or US for privacy practitioners.

Domain reviews

Understanding the Foundations of AI

Vocabulary and concepts that underpin AI governance work. ML fundamentals, generative AI, AI lifecycle, AI value chain.

++Machine learning categories: supervised, unsupervised, reinforcement, generative
++Large language models, foundation models, fine-tuning, RAG
++AI lifecycle: data, training, evaluation, deployment, monitoring, retirement
++AI value chain: foundation-model providers, fine-tuners, deployers, end users
++AI risk vocabulary: bias, fairness, robustness, alignment, explainability, accountability

Primary sources:

Understanding AI Impacts on People and Responsible AI Principles

Why AI governance exists. Societal impacts, ethical frameworks, bias, fairness, transparency.

++Algorithmic bias, fairness frameworks (demographic parity, equalized odds, individual fairness)
++Disparate impact, disparate treatment
++Transparency requirements (model cards, system cards, data sheets for datasets)
++Human oversight and meaningful human control
++Privacy in AI (training data privacy, inference privacy, membership inference)

Primary sources:

Understanding AI Governance and Risk Management

The frameworks teams use to operate AI responsibly: NIST AI RMF, NIST AI 600-1, ISO/IEC 42001.

++NIST AI RMF four functions: GOVERN, MAP, MEASURE, MANAGE
++NIST AI 600-1 generative AI profile and the twelve named risk categories
++ISO/IEC 42001 AI management system standard
++AI risk register design, AI impact assessments, AI bill of materials (AI BOM)
++Third-party AI risk: vendor due diligence, model card review, contractual obligations

Primary sources:

Understanding How Current Laws Apply to AI Systems

Existing law applied to AI: anti-discrimination, privacy, consumer protection, sector-specific.

++EU AI Act (Regulation 2024/1689): risk tiers, prohibited practices, conformity assessment
++US state AI laws: Colorado AI Act, California generative-AI laws (SB 942, AB 2013, AB 1836), Illinois BIPA, NYC Local Law 144 (automated employment decision tools)
++EEOC AI hiring guidance and enforcement
++GDPR Article 22 automated decision-making, EU AI Liability Directive
++Sector-specific: HIPAA, COPPA, FCRA as applied to AI systems

Primary sources:

Understanding the Operational Layer (Development, Deployment, Monitoring)

How AI systems run in production. Data governance for AI, model evaluation, deployment, monitoring, incident response.

++Data governance for AI: provenance, quality, consent, retention, deletion rights
++AI evaluation: capability evaluation, safety evaluation, fairness testing, red teaming
++Deployment patterns: shadow deployment, canary, A/B, human-in-the-loop
++Monitoring: drift detection, performance metrics, safety metrics, fairness metrics
++AI incident response: detection, triage, containment, remediation, regulatory notification

Primary sources:

Practice scenarios (10)

Practice scenarios are scenario-based learning, not exam-question mimicry. Each scenario maps to a specific exam domain and includes a worked explanation plus a primary-source citation. Reproducing actual exam items would violate the cert body's NDA; the format here exercises the same underlying concepts under different surface phrasing.

Preview scenario 1 of 10 · Understanding AI Governance and Risk Managementfree preview

A company is implementing NIST AI RMF. Their AI governance lead wants to map controls to one of the four AI RMF functions. The team has documented who can approve high-risk AI deployments, who owns incident response, and how the AI policy is communicated to staff. Under which AI RMF function do these controls primarily sit?

A. GOVERN
B. MAP
C. MEASURE
D. MANAGE

Answer: A

GOVERN is the AI RMF function for policies, roles, accountability, and the foundational governance documentation. Approval authority, incident-response ownership, and policy communication are GOVERN activities. MAP is for context and AI-system understanding; MEASURE is for analysis and metrics; MANAGE is for risk-treatment decisions and prioritization in operation. NIST AI 100-1 Section 5 enumerates the four functions.

Reference: NIST AI 100-1 Section 5

Unlock the rest

9 more practice scenarios with full explanations and primary-source citations

The remaining scenarios cover every exam domain at the same depth as the preview above. Includes the exam-day strategy guide and additional study resources. $147 one-time, lifetime access.

Exam-day strategy

++Read each question for which AI RMF function or which law it is testing. AIGP questions often turn on whether a control sits in GOVERN, MAP, MEASURE, or MANAGE.
++For EU AI Act questions, identify the risk tier first (prohibited, high-risk, limited-risk transparency, minimal-risk). The right answer usually follows from the tier.
++For Colorado AI Act and state-law questions, focus on developer vs deployer obligations. Many distractors swap those roles.
++Watch for fairness-criterion swaps: demographic parity vs equal opportunity vs equalized odds are tested repeatedly and the distinctions are precise.
++Pace at roughly 90 seconds per question on the first pass. 100 questions in 150 minutes is generous; flag and return on tough ones.

Additional resources

Sources

Official IAPP Artificial Intelligence Governance Professional (AIGP) exam page (certifying body)

Exam fee and blueprint last verified 2026-05-22. Confirm current values with the certifying body before scheduling the exam.

What the add-on ships

++Domain reviews aligned to the official IAPP AIGP body of knowledge

++Three 100-question mock exams matching the IAPP AIGP format

++Focused review of NIST AI RMF, NIST AI 600-1, EU AI Act, Colorado AI Act, and ISO/IEC 42001

++Worked examples of AI risk register design, AI impact assessments, and AI bill-of-materials practice

++Direct link to the official IAPP AIGP exam page as the canonical reference

Exam summary

Domain reviews

Understanding the Foundations of AI

Vocabulary and concepts that underpin AI governance work. ML fundamentals, generative AI, AI lifecycle, AI value chain.

++Machine learning categories: supervised, unsupervised, reinforcement, generative
++Large language models, foundation models, fine-tuning, RAG
++AI lifecycle: data, training, evaluation, deployment, monitoring, retirement
++AI value chain: foundation-model providers, fine-tuners, deployers, end users
++AI risk vocabulary: bias, fairness, robustness, alignment, explainability, accountability

Primary sources:

Understanding AI Impacts on People and Responsible AI Principles

Why AI governance exists. Societal impacts, ethical frameworks, bias, fairness, transparency.

++Algorithmic bias, fairness frameworks (demographic parity, equalized odds, individual fairness)
++Disparate impact, disparate treatment
++Transparency requirements (model cards, system cards, data sheets for datasets)
++Human oversight and meaningful human control
++Privacy in AI (training data privacy, inference privacy, membership inference)

Primary sources:

Understanding AI Governance and Risk Management

The frameworks teams use to operate AI responsibly: NIST AI RMF, NIST AI 600-1, ISO/IEC 42001.

++NIST AI RMF four functions: GOVERN, MAP, MEASURE, MANAGE
++NIST AI 600-1 generative AI profile and the twelve named risk categories
++ISO/IEC 42001 AI management system standard
++AI risk register design, AI impact assessments, AI bill of materials (AI BOM)
++Third-party AI risk: vendor due diligence, model card review, contractual obligations

Primary sources:

Understanding How Current Laws Apply to AI Systems

Existing law applied to AI: anti-discrimination, privacy, consumer protection, sector-specific.

++EU AI Act (Regulation 2024/1689): risk tiers, prohibited practices, conformity assessment
++US state AI laws: Colorado AI Act, California generative-AI laws (SB 942, AB 2013, AB 1836), Illinois BIPA, NYC Local Law 144 (automated employment decision tools)
++EEOC AI hiring guidance and enforcement
++GDPR Article 22 automated decision-making, EU AI Liability Directive
++Sector-specific: HIPAA, COPPA, FCRA as applied to AI systems

Primary sources:

Understanding the Operational Layer (Development, Deployment, Monitoring)

How AI systems run in production. Data governance for AI, model evaluation, deployment, monitoring, incident response.

++Data governance for AI: provenance, quality, consent, retention, deletion rights
++AI evaluation: capability evaluation, safety evaluation, fairness testing, red teaming
++Deployment patterns: shadow deployment, canary, A/B, human-in-the-loop
++Monitoring: drift detection, performance metrics, safety metrics, fairness metrics
++AI incident response: detection, triage, containment, remediation, regulatory notification

Primary sources:

Practice scenarios (10)

Preview scenario 1 of 10 · Understanding AI Governance and Risk Managementfree preview

A. GOVERN
B. MAP
C. MEASURE
D. MANAGE

Answer: A

Reference: NIST AI 100-1 Section 5

Unlock the rest

9 more practice scenarios with full explanations and primary-source citations

The remaining scenarios cover every exam domain at the same depth as the preview above. Includes the exam-day strategy guide and additional study resources. $147 one-time, lifetime access.

Exam-day strategy

++Read each question for which AI RMF function or which law it is testing. AIGP questions often turn on whether a control sits in GOVERN, MAP, MEASURE, or MANAGE.

++For EU AI Act questions, identify the risk tier first (prohibited, high-risk, limited-risk transparency, minimal-risk). The right answer usually follows from the tier.

++For Colorado AI Act and state-law questions, focus on developer vs deployer obligations. Many distractors swap those roles.

++Watch for fairness-criterion swaps: demographic parity vs equal opportunity vs equalized odds are tested repeatedly and the distinctions are precise.

++Pace at roughly 90 seconds per question on the first pass. 100 questions in 150 minutes is generous; flag and return on tough ones.