How mature is your Data & AI organization?Take the diagnostic
All trainings

AI TRAINING

NIST AI Risk Management Framework for Enterprise Teams

Equip risk and compliance leaders to implement the NIST AI RMF across enterprise AI governance structures.

Format
programme
Duration
16–32h
Level
practitioner
Group size
6–20
Price / participant
€2K–€4K
Group price
€12K–€35K
Audience
Risk managers, compliance officers, legal counsels, and IT governance leads at mid-to-large organisations deploying or evaluating AI systems
Prerequisites
Basic familiarity with enterprise risk management concepts; no prior AI technical knowledge required

What it covers

This programme walks participants through the four core functions of the NIST AI RMF — GOVERN, MAP, MEASURE, and MANAGE — and shows how to embed them into existing enterprise risk frameworks. Participants work through real playbook exercises, learn to document AI risk profiles, and explore the intersections with the EU AI Act and ISO 42001. Delivered as a structured workshop or programme, it blends instruction with hands-on case analysis so teams leave with a draft governance plan they can act on immediately.

What you'll be able to do

  • Apply the four NIST AI RMF core functions to a real or hypothetical AI use case in your organisation
  • Complete an AI risk profile using the official NIST AI RMF Playbook worksheets
  • Map identified AI risks to existing ERM categories and escalation paths
  • Identify which EU AI Act risk tiers and NIST categories overlap for a given AI system
  • Draft a governance committee charter with defined AI risk ownership roles

Topics covered

  • NIST AI RMF core functions: GOVERN, MAP, MEASURE, MANAGE
  • Using the NIST AI RMF Playbook for AI system risk profiling
  • AI risk categorisation and impact assessment methodologies
  • Integrating AI risk into enterprise risk management (ERM) frameworks
  • Mapping NIST AI RMF to EU AI Act requirements
  • Alignment with ISO/IEC 42001 and NIST Cybersecurity Framework
  • Roles and responsibilities: TEVV, governance committees, risk owners
  • Documenting AI system inventories and risk registers

Delivery

Typically delivered over two to four half-day sessions (remote or in-person), with pre-reading of the NIST AI RMF 1.0 document and Playbook. Sessions are 60% facilitated instruction and 40% applied exercises using participant-supplied or supplied case studies. Materials include annotated playbook worksheets, a risk register template, and a cross-framework mapping table (NIST ↔ EU AI Act ↔ ISO 42001). In-person delivery is recommended for the governance charter workshop component.

What makes it work

  • Securing cross-functional participation (legal, IT, risk, business owners) from the first session
  • Starting with a concrete, live AI system rather than abstract hypotheticals during playbook exercises
  • Appointing a named AI Risk Owner before the programme ends to drive post-training adoption
  • Scheduling a 30-day follow-up review to assess progress on the draft governance plan

Common mistakes

  • Treating NIST AI RMF as a checklist rather than an iterative risk management cycle
  • Assigning AI risk ownership solely to IT or data science teams without involving legal and compliance
  • Skipping the MAP function and jumping straight to MEASURE, missing systemic context for AI deployments
  • Conflating NIST AI RMF compliance with EU AI Act compliance without mapping the gaps explicitly

When NOT to take this

This training is not the right fit for a team that has no AI systems in production or in active procurement — they would benefit more from an AI strategy or literacy programme before tackling risk framework implementation.

Providers to consider

Sources

This training is part of a Data & AI catalog built for leaders serious about execution. Take the free diagnostic to see which trainings your team needs.

Run the diagnosticBook a call