{"id":28,"date":"2026-06-06T21:07:23","date_gmt":"2026-06-06T21:07:23","guid":{"rendered":"https:\/\/www.wisdomprompt.com\/blog\/essential-cpcsc-level-1-for-your-risky-overlooked-ai\/"},"modified":"2026-06-06T21:08:25","modified_gmt":"2026-06-06T21:08:25","slug":"cpcsc-level-1-ai-governance-evidence-map","status":"publish","type":"post","link":"https:\/\/www.wisdomprompt.com\/blog\/cpcsc-level-1-ai-governance-evidence-map\/","title":{"rendered":"CPCSC Level 1 and AI Governance: A Practical Evidence Map for Canadian Teams"},"content":{"rendered":"<p>You can picture the moment. A customer security lead asks how your AI platform is governed, and the first request is not for a model card. It is for access records, MFA coverage, connector inventories, endpoint controls, and proof that exceptions are tracked. That is why CPCSC Level 1 matters for AI governance teams now, not later.<\/p>\n<p>CPCSC Level 1 is the foundational cyber hygiene tier within the Canadian Program for Cyber Security Certification. While it is often discussed as Canadian cyber certification, its practical value for AI teams is broader. It gives you a simple question to answer before anyone asks: can we show how our AI systems are protected, operated, and reviewed?<\/p>\n<p>For AI governance leaders, the answer should live in a reusable evidence layer. That layer connects AI compliance evidence with everyday cyber hygiene records. As a result, you are not rebuilding the story every time an auditor, customer, board committee, or internal risk team asks.<\/p>\n<p>The official <a href=\"https:\/\/www.tpsgc-pwgsc.gc.ca\/app-acq\/cybersecurite-cybersecurity\/programme-certification-program-eng.html\">CPCSC overview<\/a> explains the program context. However, this article focuses on practical readiness, not legal, certification, or procurement advice.<\/p>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_85 ez-toc-wrap-center counter-hierarchy ez-toc-counter ez-toc-black ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #ffffff;color:#ffffff\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #ffffff;color:#ffffff\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.wisdomprompt.com\/blog\/cpcsc-level-1-ai-governance-evidence-map\/#Why_AI_Systems_Complicate_Basic_Cyber_Hygiene_Evidence\" >Why AI Systems Complicate Basic Cyber Hygiene Evidence<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.wisdomprompt.com\/blog\/cpcsc-level-1-ai-governance-evidence-map\/#The_Evidence_Layer_AI_Governance_Teams_Actually_Need\" >The Evidence Layer AI Governance Teams Actually Need<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.wisdomprompt.com\/blog\/cpcsc-level-1-ai-governance-evidence-map\/#Evidence_Layer_Checklist\" >Evidence Layer Checklist<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.wisdomprompt.com\/blog\/cpcsc-level-1-ai-governance-evidence-map\/#CPCSC_Level_1_Control-to-Evidence_Map_for_AI_Teams\" >CPCSC Level 1 Control-to-Evidence Map for AI Teams<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.wisdomprompt.com\/blog\/cpcsc-level-1-ai-governance-evidence-map\/#Access_Control\" >Access Control<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/www.wisdomprompt.com\/blog\/cpcsc-level-1-ai-governance-evidence-map\/#Identification_and_Authentication\" >Identification and Authentication<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/www.wisdomprompt.com\/blog\/cpcsc-level-1-ai-governance-evidence-map\/#System_and_Communications_Protection\" >System and Communications Protection<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/www.wisdomprompt.com\/blog\/cpcsc-level-1-ai-governance-evidence-map\/#Malicious_Code_Protection\" >Malicious Code Protection<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/www.wisdomprompt.com\/blog\/cpcsc-level-1-ai-governance-evidence-map\/#Media_Physical_and_Integrity_Evidence_for_AI_Workflows\" >Media, Physical, and Integrity Evidence for AI Workflows<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/www.wisdomprompt.com\/blog\/cpcsc-level-1-ai-governance-evidence-map\/#Media_Protection\" >Media Protection<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/www.wisdomprompt.com\/blog\/cpcsc-level-1-ai-governance-evidence-map\/#Physical_Protection\" >Physical Protection<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-12\" href=\"https:\/\/www.wisdomprompt.com\/blog\/cpcsc-level-1-ai-governance-evidence-map\/#System_and_Information_Integrity\" >System and Information Integrity<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-13\" href=\"https:\/\/www.wisdomprompt.com\/blog\/cpcsc-level-1-ai-governance-evidence-map\/#Real-World_Examples_of_Reusable_AI_Compliance_Evidence\" >Real-World Examples of Reusable AI Compliance Evidence<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-14\" href=\"https:\/\/www.wisdomprompt.com\/blog\/cpcsc-level-1-ai-governance-evidence-map\/#Risks_What_Happens_When_Evidence_Is_Not_Ready\" >Risks: What Happens When Evidence Is Not Ready<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-15\" href=\"https:\/\/www.wisdomprompt.com\/blog\/cpcsc-level-1-ai-governance-evidence-map\/#A_30-Day_Readiness_Plan_for_AI_Governance_Teams\" >A 30-Day Readiness Plan for AI Governance Teams<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-16\" href=\"https:\/\/www.wisdomprompt.com\/blog\/cpcsc-level-1-ai-governance-evidence-map\/#Try_This_The_Two-Hour_Evidence_Table\" >Try This: The Two-Hour Evidence Table<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-17\" href=\"https:\/\/www.wisdomprompt.com\/blog\/cpcsc-level-1-ai-governance-evidence-map\/#Where_WisdomPrompt_Fits\" >Where WisdomPrompt Fits<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-18\" href=\"https:\/\/www.wisdomprompt.com\/blog\/cpcsc-level-1-ai-governance-evidence-map\/#Practical_Next_Steps\" >Practical Next Steps<\/a><\/li><\/ul><\/nav><\/div>\n<h2><span class=\"ez-toc-section\" id=\"Why_AI_Systems_Complicate_Basic_Cyber_Hygiene_Evidence\"><\/span>Why AI Systems Complicate Basic Cyber Hygiene Evidence<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Traditional cyber hygiene evidence usually starts with people, devices, applications, and networks. AI systems add more moving parts. For example, a single AI workflow may include a model endpoint, a vector database, a prompt orchestration layer, SaaS connectors, data pipelines, evaluation tools, logging services, and human reviewers.<\/p>\n<p>Therefore, the evidence trail becomes wider than the application inventory. You need to know which model is used, who owns it, what data touches it, which connectors can feed it, and which roles can change behavior. Moreover, you need to show those facts over time.<\/p>\n<p>AI governance evidence also ages quickly. A role matrix from last quarter may miss a new plugin. An access review may cover the SaaS console but ignore the model gateway. Likewise, endpoint evidence may cover laptops but not the automation runner that moves training or retrieval data.<\/p>\n<p>This is where CPCSC Level 1 style discipline helps. It pushes teams toward repeatable records, not one-off narratives. In short, your governance program becomes easier to trust when its facts can be exported, reviewed, and reconciled.<\/p>\n<p>For AI teams, the key shift is simple:<\/p>\n<ul>\n<li>Treat AI systems as governed technology assets, not isolated experiments.<\/li>\n<li>Link each AI asset to owners, users, data flows, and security controls.<\/li>\n<li>Keep evidence current enough to answer reasonable questions quickly.<\/li>\n<li>Record exceptions and remediation tasks before they become folklore.<\/li>\n<\/ul>\n<p>The Canadian Centre for Cyber Security publishes practical <a href=\"https:\/\/www.cyber.gc.ca\/en\/guidance\/baseline-cyber-security-controls-small-and-medium-organizations\">baseline controls<\/a>. Those concepts pair well with AI governance records when you map them deliberately.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"The_Evidence_Layer_AI_Governance_Teams_Actually_Need\"><\/span>The Evidence Layer AI Governance Teams Actually Need<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>A reusable evidence layer is not a giant folder called \u201caudit.\u201d It is a maintained set of records that describes how AI systems are owned, accessed, protected, reviewed, and improved. Ideally, it should serve CISOs, GRC leaders, platform owners, and internal auditors without forcing each group to maintain a separate truth.<\/p>\n<p>Start with a clear AI system inventory. Each system should have a business owner, technical owner, model or tool owner, data steward, and risk contact. Also, each record should note whether the system uses internal models, third-party models, embedded AI features, or external APIs.<\/p>\n<p>Then connect that inventory to operational records. For example, access reviews should reference the same AI system names used in governance reviews. Connector inventories should point to the same data-flow notes used in privacy and security assessments. As a result, evidence becomes reusable.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Evidence_Layer_Checklist\"><\/span>Evidence Layer Checklist<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Use this checklist as a practical starting point:<\/p>\n<ul>\n<li>Each AI system has an accountable owner and technical custodian.<\/li>\n<li>Each model, tool, connector, and data store has a named record.<\/li>\n<li>MFA evidence covers administrative consoles and AI platform access.<\/li>\n<li>Access reviews include privileged users, service accounts, and reviewers.<\/li>\n<li>Data-flow notes show inputs, outputs, logs, and retention points.<\/li>\n<li>Exceptions include risk rationale, expiry dates, and remediation owners.<\/li>\n<li>Review history shows who approved changes and when they reviewed them.<\/li>\n<li>Remediation tasks link to the control gap they are closing.<\/li>\n<\/ul>\n<p>This evidence layer supports sovereign AI governance because it helps Canadian organizations explain where AI systems run, who controls them, and how records are retained. It also supports defence supply-chain cyber readiness without turning the AI program into a paperwork machine.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"CPCSC_Level_1_Control-to-Evidence_Map_for_AI_Teams\"><\/span>CPCSC Level 1 Control-to-Evidence Map for AI Teams<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>The 13 control areas below are grouped for readability. They are a practical evidence map for readiness discussions, not a substitute for official requirements or professional assessment. The goal is to help AI governance teams maintain records that align with basic cyber hygiene expectations.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Access_Control\"><\/span>Access Control<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><strong>1. Authorized access to AI systems<\/strong><br \/>\nMaintain exports showing who can access each AI platform, model gateway, evaluation environment, and administrative console. For evidence, keep MFA and access review exports with dates, reviewers, and scope notes.<\/p>\n<p><strong>2. Least privilege and role separation<\/strong><br \/>\nKeep a role matrix that distinguishes builders, reviewers, approvers, data stewards, and administrators. Also, document which roles can change prompts, models, connectors, policies, or data sources.<\/p>\n<p><strong>3. Access review and offboarding<\/strong><br \/>\nRecord quarterly or monthly access reviews for AI systems. Include departures, role changes, service account reviews, and evidence that removed users lost access across connected tools.<\/p>\n<p>Practical evidence records include:<\/p>\n<ul>\n<li>MFA exports for AI consoles, identity providers, and privileged groups.<\/li>\n<li>Access review files with reviewer names and review completion dates.<\/li>\n<li>Role matrices tied to named AI systems and owner records.<\/li>\n<li>Offboarding tickets showing removal from model, data, and admin tools.<\/li>\n<\/ul>\n<h3><span class=\"ez-toc-section\" id=\"Identification_and_Authentication\"><\/span>Identification and Authentication<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><strong>4. Unique user identification<\/strong><br \/>\nShared accounts create weak evidence. Therefore, AI teams should show that users are uniquely identified across orchestration tools, model portals, repositories, and monitoring dashboards.<\/p>\n<p><strong>5. Strong authentication for privileged access<\/strong><br \/>\nKeep proof that MFA applies to administrators and high-impact AI roles. Also, include conditional access policies where privileged access depends on device posture or location.<\/p>\n<p><strong>6. Service account and automation identity control<\/strong><br \/>\nAI workflows often use tokens, API keys, or automation accounts. Keep an inventory of service identities, owners, purpose, rotation schedule, and last review date.<\/p>\n<p>This matters because AI tools can act at machine speed. If a connector or automation token is over-permissioned, the blast radius can be larger than expected.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"System_and_Communications_Protection\"><\/span>System and Communications Protection<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><strong>7. Boundary protection for AI components<\/strong><br \/>\nDocument which AI services are internet-facing, internal, vendor-hosted, or isolated. Keep diagrams or data-flow notes showing boundaries, connectors, gateways, and approved communication paths.<\/p>\n<p><strong>8. Protection of data in transit and sensitive exchanges<\/strong><br \/>\nEvidence should show how sensitive prompts, outputs, logs, and retrieved documents move between systems. Include encryption settings, approved APIs, and any compensating controls.<\/p>\n<p>For example, a Canadian manufacturer using an internal AI assistant may rely on a vector database, document repository, and model API. Its evidence should show how documents move into embeddings, how users query them, and where logs are stored.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Malicious_Code_Protection\"><\/span>Malicious Code Protection<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><strong>9. Endpoint and workload protection<\/strong><br \/>\nAI governance teams should not stop at policy statements. Keep anti-malware, endpoint detection, and device compliance evidence for developer laptops, admin workstations, build runners, and AI service hosts.<\/p>\n<p>If AI engineers use notebooks, test harnesses, or local scripts, those tools should be in scope. Otherwise, malware protection evidence may miss the real work surface.<\/p>\n<p>Useful records include:<\/p>\n<ul>\n<li>Endpoint protection dashboards filtered to AI administrators and builders.<\/li>\n<li>Device compliance exports for privileged users and technical custodians.<\/li>\n<li>Malware alert review notes linked to AI system owners.<\/li>\n<li>Exceptions for unsupported endpoints with expiry dates and tasks.<\/li>\n<\/ul>\n<h2><span class=\"ez-toc-section\" id=\"Media_Physical_and_Integrity_Evidence_for_AI_Workflows\"><\/span>Media, Physical, and Integrity Evidence for AI Workflows<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Some AI evidence feels less obvious because it lives outside the model itself. However, media handling, physical protection, and system integrity controls can be highly relevant. They show whether AI data and operations are protected in normal work, not just in architecture diagrams.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Media_Protection\"><\/span>Media Protection<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><strong>10. Media handling for AI data and exports<\/strong><br \/>\nAI teams often export datasets, evaluation files, logs, embeddings, transcripts, or red-team findings. Keep records showing where exports are allowed, how they are labeled, and how they are deleted or retained.<\/p>\n<p>This is especially important when users test models with sensitive operational content. A \u201ctemporary\u201d spreadsheet can become the weakest evidence point in the room.<\/p>\n<p>Maintain evidence such as:<\/p>\n<ul>\n<li>Media handling records for datasets, logs, and evaluation files.<\/li>\n<li>Approved storage locations for AI exports and review artifacts.<\/li>\n<li>Deletion or retention notes for temporary analysis files.<\/li>\n<li>Exception records for removable media or offline transfer needs.<\/li>\n<\/ul>\n<h3><span class=\"ez-toc-section\" id=\"Physical_Protection\"><\/span>Physical Protection<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><strong>11. Physical protection for AI administration environments<\/strong><br \/>\nPhysical controls may seem far from AI governance. Still, admin access often happens from offices, labs, secure rooms, or managed workstations. Keep evidence that sensitive endpoints and workspaces are protected.<\/p>\n<p>For example, an aerospace analytics team may restrict AI administration to managed devices in controlled offices. The useful evidence is not a slogan. It is the device list, access policy, and review history.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"System_and_Information_Integrity\"><\/span>System and Information Integrity<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><strong>12. Vulnerability, patch, and configuration remediation<\/strong><br \/>\nAI platforms depend on packages, containers, plugins, notebooks, APIs, and infrastructure. Therefore, vulnerability evidence should include AI workloads and supporting components, not only corporate servers.<\/p>\n<p><strong>13. Monitoring, logging, and flaw response<\/strong><br \/>\nKeep review history for security logs, AI usage logs, and remediation tasks. Also, record how detected issues are assigned, tracked, accepted, or closed.<\/p>\n<p>For AI systems, integrity evidence should include change review. If a connector, system prompt, retrieval source, or model version changes, the governance record should show who approved it and why.<\/p>\n<p>A management system such as <a href=\"https:\/\/www.iso.org\/standard\/81230.html\">ISO\/IEC 42001<\/a> can inform broader AI governance. However, CPCSC Level 1 readiness stays focused on foundational cyber hygiene evidence.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Real-World_Examples_of_Reusable_AI_Compliance_Evidence\"><\/span>Real-World Examples of Reusable AI Compliance Evidence<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Consider a defence-adjacent sensor analytics company that uses AI to classify equipment signals. Its CISO already has MFA exports and endpoint dashboards. However, its AI governance team keeps model ownership, data-flow notes, and connector records in separate spreadsheets.<\/p>\n<p>During an internal review, the team discovers that the model gateway access list does not match the central access review. In addition, a service account has broad permissions because it was created during a pilot. The fix is not dramatic. The team creates one AI system record, links it to the role matrix, and adds the service account to the quarterly review. As a result, cyber hygiene evidence and AI governance evidence begin telling the same story.<\/p>\n<p>Now consider a Canadian enterprise using an internal knowledge assistant. The system connects to document repositories, ticketing tools, and policy libraries. The AI platform owner can show model settings, but the internal auditor asks for connector ownership and data-flow notes.<\/p>\n<p>The team creates a connector inventory with owners, scopes, review dates, and approved data sources. Then it links those records to access reviews and exception logs. Consequently, the next review focuses on decisions, not detective work.<\/p>\n<p>These examples are common because AI programs often move faster than evidence practices. The gap is rarely a lack of control. More often, the gap is scattered proof.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Risks_What_Happens_When_Evidence_Is_Not_Ready\"><\/span>Risks: What Happens When Evidence Is Not Ready<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Evidence gaps create friction even when teams are doing responsible work. First, they slow down reviews because every question becomes a scavenger hunt. Next, they weaken trust because records conflict or appear stale. Finally, they make remediation harder because no one knows which gap matters most.<\/p>\n<p>For AI systems, the risks are sharper. A missing access review may hide over-permissioned administrators. An outdated connector inventory may miss a sensitive data source. Likewise, an undocumented model owner may delay decisions during an incident.<\/p>\n<p>Key risks include:<\/p>\n<ul>\n<li>AI systems operate without clear accountable owners.<\/li>\n<li>Access evidence excludes model gateways, plugins, or service accounts.<\/li>\n<li>Data-flow notes omit logs, embeddings, prompts, or output storage.<\/li>\n<li>Exceptions never expire because no one tracks review dates.<\/li>\n<li>Remediation tasks sit outside the governance evidence record.<\/li>\n<li>Cyber teams and AI owners use different system names.<\/li>\n<\/ul>\n<p>The most costly risk is not failing a checklist. It is losing the ability to explain your AI operating environment with confidence. Once external pressure appears, rebuilding that picture is much harder.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"A_30-Day_Readiness_Plan_for_AI_Governance_Teams\"><\/span>A 30-Day Readiness Plan for AI Governance Teams<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>You do not need a massive transformation to improve CPCSC Level 1 readiness. You need a disciplined 30-day sprint that makes evidence visible, reusable, and reviewable.<\/p>\n<p><strong>Days 1 to 5: Define scope and naming<\/strong><br \/>\nPick the AI systems that matter most. Use consistent names across security, GRC, architecture, and platform records. Also, identify each system owner and technical custodian.<\/p>\n<p><strong>Days 6 to 10: Build the core inventory<\/strong><br \/>\nCreate records for models, AI tools, connectors, data stores, service accounts, and administrative consoles. Then link each item to an owner and review date.<\/p>\n<p><strong>Days 11 to 15: Gather access and authentication evidence<\/strong><br \/>\nExport MFA coverage, privileged groups, service identities, and recent access reviews. After that, reconcile the exports against your AI system inventory.<\/p>\n<p><strong>Days 16 to 20: Map data flows and protection evidence<\/strong><br \/>\nDocument where prompts, outputs, logs, embeddings, and source documents travel. Include encryption notes, approved APIs, storage locations, and retention points.<\/p>\n<p><strong>Days 21 to 25: Connect endpoint, media, and integrity records<\/strong><br \/>\nCollect endpoint protection evidence for AI builders and admins. Also, record media handling practices, vulnerability remediation tasks, and change review history.<\/p>\n<p><strong>Days 26 to 30: Review exceptions and publish the evidence pack<\/strong><br \/>\nIdentify gaps, assign remediation owners, and set due dates. Finally, create a simple exportable evidence pack for internal review.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Try_This_The_Two-Hour_Evidence_Table\"><\/span>Try This: The Two-Hour Evidence Table<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>If your team is unsure where to begin, start with one high-impact AI system. Then build a two-hour table with these columns:<\/p>\n<ul>\n<li>AI system name and business owner.<\/li>\n<li>Technical owner and model or tool owner.<\/li>\n<li>Administrative access groups and MFA evidence source.<\/li>\n<li>Connectors, data sources, and service accounts.<\/li>\n<li>Data-flow notes for prompts, outputs, logs, and retrieval.<\/li>\n<li>Current exceptions, expiry dates, and remediation tasks.<\/li>\n<li>Last review date and next scheduled review.<\/li>\n<\/ul>\n<p>This small exercise exposes evidence gaps quickly. More importantly, it gives CISOs and AI owners a shared language.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Where_WisdomPrompt_Fits\"><\/span>Where WisdomPrompt Fits<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>WisdomPrompt helps teams prepare, organize, map, and export AI compliance evidence. It is designed for organizations that need AI governance evidence to connect with cyber hygiene records, policy attestations, exception tracking, review history, and remediation tasks.<\/p>\n<p>For CPCSC Level 1 readiness, WisdomPrompt can help you structure evidence around AI systems rather than scattered documents. For example, you can maintain owner records, connector inventories, data-flow notes, role matrices, and review artifacts in one reusable layer. Then you can export clearer evidence packs when internal stakeholders ask.<\/p>\n<p>WisdomPrompt does not certify suppliers. It does not replace legal advice, certification advice, or professional assessment. Instead, it helps your team reduce evidence chaos before customers, auditors, or governance committees ask hard questions.<\/p>\n<p>You can explore more governance guidance on the <a href=\"https:\/\/www.wisdomprompt.com\/blog\/\">WisdomPrompt blog<\/a>.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Practical_Next_Steps\"><\/span>Practical Next Steps<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>CPCSC Level 1 is useful for AI governance because it forces a grounded question: can you prove the basics? For AI-enabled systems, that proof now spans identity, access, connectors, endpoints, media handling, data flows, ownership, monitoring, and remediation.<\/p>\n<p>Start by choosing one AI system and mapping it against the 13 control areas above. Then collect the evidence you already have. After that, identify what is missing, assign owners, and set review dates.<\/p>\n<p>The goal is not to create more paperwork. The goal is to build a reusable evidence layer that makes sovereign AI governance easier to explain and easier to maintain. When the next question arrives, your team should not be hunting through inboxes. It should be exporting the facts.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>CPCSC Level 1 readiness increasingly overlaps with AI governance. Learn how Canadian teams can map cyber hygiene controls to reusable AI compliance evidence.<\/p>\n","protected":false},"author":1,"featured_media":27,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-28","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general"],"aioseo_notices":[],"aioseo_head":"\n\t\t<!-- All in One SEO 4.9.8 - aioseo.com -->\n\t<meta name=\"description\" content=\"CPCSC Level 1 readiness increasingly overlaps with AI governance. Learn how Canadian teams can map cyber hygiene controls to reusable AI compliance evidence.\" \/>\n\t<meta name=\"robots\" content=\"max-image-preview:large\" \/>\n\t<meta name=\"author\" content=\"WisdomPrompt Team\"\/>\n\t<link rel=\"canonical\" href=\"https:\/\/www.wisdomprompt.com\/blog\/cpcsc-level-1-ai-governance-evidence-map\/\" \/>\n\t<meta name=\"generator\" content=\"All in One SEO (AIOSEO) 4.9.8\" \/>\n\t\t<meta property=\"og:locale\" content=\"en_US\" \/>\n\t\t<meta property=\"og:site_name\" content=\"WisdomPrompt Blog - AI compliance evidence, governance, and implementation notes.\" \/>\n\t\t<meta property=\"og:type\" content=\"article\" \/>\n\t\t<meta property=\"og:title\" content=\"CPCSC Level 1 and AI Governance: A Practical Evidence Map for Canadian Teams\" \/>\n\t\t<meta property=\"og:description\" content=\"CPCSC Level 1 readiness increasingly overlaps with AI governance. Learn how Canadian teams can map cyber hygiene controls to reusable AI compliance evidence.\" \/>\n\t\t<meta property=\"og:url\" content=\"https:\/\/www.wisdomprompt.com\/blog\/cpcsc-level-1-ai-governance-evidence-map\/\" \/>\n\t\t<meta property=\"article:published_time\" content=\"2026-06-06T21:07:23+00:00\" \/>\n\t\t<meta property=\"article:modified_time\" content=\"2026-06-06T21:08:25+00:00\" \/>\n\t\t<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n\t\t<meta name=\"twitter:title\" content=\"CPCSC Level 1 and AI Governance: A Practical Evidence Map for Canadian Teams\" \/>\n\t\t<meta name=\"twitter:description\" content=\"CPCSC Level 1 readiness increasingly overlaps with AI governance. Learn how Canadian teams can map cyber hygiene controls to reusable AI compliance evidence.\" \/>\n\t\t<script type=\"application\/ld+json\" class=\"aioseo-schema\">\n\t\t\t{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"BlogPosting\",\"@id\":\"https:\\\/\\\/www.wisdomprompt.com\\\/blog\\\/cpcsc-level-1-ai-governance-evidence-map\\\/#blogposting\",\"name\":\"CPCSC Level 1 and AI Governance: A Practical Evidence Map for Canadian Teams\",\"headline\":\"CPCSC Level 1 and AI Governance: A Practical Evidence Map for Canadian Teams\",\"author\":{\"@id\":\"https:\\\/\\\/www.wisdomprompt.com\\\/blog\\\/author\\\/user\\\/#author\"},\"publisher\":{\"@id\":\"https:\\\/\\\/www.wisdomprompt.com\\\/blog\\\/#organization\"},\"image\":{\"@type\":\"ImageObject\",\"url\":\"https:\\\/\\\/www.wisdomprompt.com\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/06\\\/58a94c50-e04f-455a-8c54-178703a81968.webp\",\"width\":1600,\"height\":900},\"datePublished\":\"2026-06-06T21:07:23+00:00\",\"dateModified\":\"2026-06-06T21:08:25+00:00\",\"inLanguage\":\"en-US\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.wisdomprompt.com\\\/blog\\\/cpcsc-level-1-ai-governance-evidence-map\\\/#webpage\"},\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.wisdomprompt.com\\\/blog\\\/cpcsc-level-1-ai-governance-evidence-map\\\/#webpage\"},\"articleSection\":\"General\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.wisdomprompt.com\\\/blog\\\/cpcsc-level-1-ai-governance-evidence-map\\\/#breadcrumblist\",\"itemListElement\":[{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/www.wisdomprompt.com\\\/blog#listItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.wisdomprompt.com\\\/blog\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/www.wisdomprompt.com\\\/blog\\\/category\\\/general\\\/#listItem\",\"name\":\"General\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/www.wisdomprompt.com\\\/blog\\\/category\\\/general\\\/#listItem\",\"position\":2,\"name\":\"General\",\"item\":\"https:\\\/\\\/www.wisdomprompt.com\\\/blog\\\/category\\\/general\\\/\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/www.wisdomprompt.com\\\/blog\\\/cpcsc-level-1-ai-governance-evidence-map\\\/#listItem\",\"name\":\"CPCSC Level 1 and AI Governance: A Practical Evidence Map for Canadian Teams\"},\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/www.wisdomprompt.com\\\/blog#listItem\",\"name\":\"Home\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/www.wisdomprompt.com\\\/blog\\\/cpcsc-level-1-ai-governance-evidence-map\\\/#listItem\",\"position\":3,\"name\":\"CPCSC Level 1 and AI Governance: A Practical Evidence Map for Canadian Teams\",\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/www.wisdomprompt.com\\\/blog\\\/category\\\/general\\\/#listItem\",\"name\":\"General\"}}]},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.wisdomprompt.com\\\/blog\\\/#organization\",\"name\":\"WisdomPrompt Blog\",\"description\":\"AI compliance evidence, governance, and implementation notes.\",\"url\":\"https:\\\/\\\/www.wisdomprompt.com\\\/blog\\\/\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.wisdomprompt.com\\\/blog\\\/author\\\/user\\\/#author\",\"url\":\"https:\\\/\\\/www.wisdomprompt.com\\\/blog\\\/author\\\/user\\\/\",\"name\":\"WisdomPrompt Team\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\\\/\\\/www.wisdomprompt.com\\\/blog\\\/cpcsc-level-1-ai-governance-evidence-map\\\/#authorImage\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/67020c911f53752bc9ef56f6ed3b39902a5a44e3114f37c6aabd78a3519903af?s=96&d=mm&r=g\",\"width\":96,\"height\":96,\"caption\":\"WisdomPrompt Team\"}},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.wisdomprompt.com\\\/blog\\\/cpcsc-level-1-ai-governance-evidence-map\\\/#webpage\",\"url\":\"https:\\\/\\\/www.wisdomprompt.com\\\/blog\\\/cpcsc-level-1-ai-governance-evidence-map\\\/\",\"name\":\"CPCSC Level 1 and AI Governance: A Practical Evidence Map for Canadian Teams\",\"description\":\"CPCSC Level 1 readiness increasingly overlaps with AI governance. Learn how Canadian teams can map cyber hygiene controls to reusable AI compliance evidence.\",\"inLanguage\":\"en-US\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.wisdomprompt.com\\\/blog\\\/#website\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.wisdomprompt.com\\\/blog\\\/cpcsc-level-1-ai-governance-evidence-map\\\/#breadcrumblist\"},\"author\":{\"@id\":\"https:\\\/\\\/www.wisdomprompt.com\\\/blog\\\/author\\\/user\\\/#author\"},\"creator\":{\"@id\":\"https:\\\/\\\/www.wisdomprompt.com\\\/blog\\\/author\\\/user\\\/#author\"},\"image\":{\"@type\":\"ImageObject\",\"url\":\"https:\\\/\\\/www.wisdomprompt.com\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/06\\\/58a94c50-e04f-455a-8c54-178703a81968.webp\",\"@id\":\"https:\\\/\\\/www.wisdomprompt.com\\\/blog\\\/cpcsc-level-1-ai-governance-evidence-map\\\/#mainImage\",\"width\":1600,\"height\":900},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.wisdomprompt.com\\\/blog\\\/cpcsc-level-1-ai-governance-evidence-map\\\/#mainImage\"},\"datePublished\":\"2026-06-06T21:07:23+00:00\",\"dateModified\":\"2026-06-06T21:08:25+00:00\"},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.wisdomprompt.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.wisdomprompt.com\\\/blog\\\/\",\"name\":\"WisdomPrompt Blog\",\"description\":\"AI compliance evidence, governance, and implementation notes.\",\"inLanguage\":\"en-US\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.wisdomprompt.com\\\/blog\\\/#organization\"}}]}\n\t\t<\/script>\n\t\t<!-- All in One SEO -->\n\n","aioseo_head_json":{"title":"CPCSC Level 1 and AI Governance: A Practical Evidence Map for Canadian Teams","description":"CPCSC Level 1 readiness increasingly overlaps with AI governance. Learn how Canadian teams can map cyber hygiene controls to reusable AI compliance evidence.","canonical_url":"https:\/\/www.wisdomprompt.com\/blog\/cpcsc-level-1-ai-governance-evidence-map\/","robots":"max-image-preview:large","keywords":"","webmasterTools":{"miscellaneous":""},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"BlogPosting","@id":"https:\/\/www.wisdomprompt.com\/blog\/cpcsc-level-1-ai-governance-evidence-map\/#blogposting","name":"CPCSC Level 1 and AI Governance: A Practical Evidence Map for Canadian Teams","headline":"CPCSC Level 1 and AI Governance: A Practical Evidence Map for Canadian Teams","author":{"@id":"https:\/\/www.wisdomprompt.com\/blog\/author\/user\/#author"},"publisher":{"@id":"https:\/\/www.wisdomprompt.com\/blog\/#organization"},"image":{"@type":"ImageObject","url":"https:\/\/www.wisdomprompt.com\/blog\/wp-content\/uploads\/2026\/06\/58a94c50-e04f-455a-8c54-178703a81968.webp","width":1600,"height":900},"datePublished":"2026-06-06T21:07:23+00:00","dateModified":"2026-06-06T21:08:25+00:00","inLanguage":"en-US","mainEntityOfPage":{"@id":"https:\/\/www.wisdomprompt.com\/blog\/cpcsc-level-1-ai-governance-evidence-map\/#webpage"},"isPartOf":{"@id":"https:\/\/www.wisdomprompt.com\/blog\/cpcsc-level-1-ai-governance-evidence-map\/#webpage"},"articleSection":"General"},{"@type":"BreadcrumbList","@id":"https:\/\/www.wisdomprompt.com\/blog\/cpcsc-level-1-ai-governance-evidence-map\/#breadcrumblist","itemListElement":[{"@type":"ListItem","@id":"https:\/\/www.wisdomprompt.com\/blog#listItem","position":1,"name":"Home","item":"https:\/\/www.wisdomprompt.com\/blog","nextItem":{"@type":"ListItem","@id":"https:\/\/www.wisdomprompt.com\/blog\/category\/general\/#listItem","name":"General"}},{"@type":"ListItem","@id":"https:\/\/www.wisdomprompt.com\/blog\/category\/general\/#listItem","position":2,"name":"General","item":"https:\/\/www.wisdomprompt.com\/blog\/category\/general\/","nextItem":{"@type":"ListItem","@id":"https:\/\/www.wisdomprompt.com\/blog\/cpcsc-level-1-ai-governance-evidence-map\/#listItem","name":"CPCSC Level 1 and AI Governance: A Practical Evidence Map for Canadian Teams"},"previousItem":{"@type":"ListItem","@id":"https:\/\/www.wisdomprompt.com\/blog#listItem","name":"Home"}},{"@type":"ListItem","@id":"https:\/\/www.wisdomprompt.com\/blog\/cpcsc-level-1-ai-governance-evidence-map\/#listItem","position":3,"name":"CPCSC Level 1 and AI Governance: A Practical Evidence Map for Canadian Teams","previousItem":{"@type":"ListItem","@id":"https:\/\/www.wisdomprompt.com\/blog\/category\/general\/#listItem","name":"General"}}]},{"@type":"Organization","@id":"https:\/\/www.wisdomprompt.com\/blog\/#organization","name":"WisdomPrompt Blog","description":"AI compliance evidence, governance, and implementation notes.","url":"https:\/\/www.wisdomprompt.com\/blog\/"},{"@type":"Person","@id":"https:\/\/www.wisdomprompt.com\/blog\/author\/user\/#author","url":"https:\/\/www.wisdomprompt.com\/blog\/author\/user\/","name":"WisdomPrompt Team","image":{"@type":"ImageObject","@id":"https:\/\/www.wisdomprompt.com\/blog\/cpcsc-level-1-ai-governance-evidence-map\/#authorImage","url":"https:\/\/secure.gravatar.com\/avatar\/67020c911f53752bc9ef56f6ed3b39902a5a44e3114f37c6aabd78a3519903af?s=96&d=mm&r=g","width":96,"height":96,"caption":"WisdomPrompt Team"}},{"@type":"WebPage","@id":"https:\/\/www.wisdomprompt.com\/blog\/cpcsc-level-1-ai-governance-evidence-map\/#webpage","url":"https:\/\/www.wisdomprompt.com\/blog\/cpcsc-level-1-ai-governance-evidence-map\/","name":"CPCSC Level 1 and AI Governance: A Practical Evidence Map for Canadian Teams","description":"CPCSC Level 1 readiness increasingly overlaps with AI governance. Learn how Canadian teams can map cyber hygiene controls to reusable AI compliance evidence.","inLanguage":"en-US","isPartOf":{"@id":"https:\/\/www.wisdomprompt.com\/blog\/#website"},"breadcrumb":{"@id":"https:\/\/www.wisdomprompt.com\/blog\/cpcsc-level-1-ai-governance-evidence-map\/#breadcrumblist"},"author":{"@id":"https:\/\/www.wisdomprompt.com\/blog\/author\/user\/#author"},"creator":{"@id":"https:\/\/www.wisdomprompt.com\/blog\/author\/user\/#author"},"image":{"@type":"ImageObject","url":"https:\/\/www.wisdomprompt.com\/blog\/wp-content\/uploads\/2026\/06\/58a94c50-e04f-455a-8c54-178703a81968.webp","@id":"https:\/\/www.wisdomprompt.com\/blog\/cpcsc-level-1-ai-governance-evidence-map\/#mainImage","width":1600,"height":900},"primaryImageOfPage":{"@id":"https:\/\/www.wisdomprompt.com\/blog\/cpcsc-level-1-ai-governance-evidence-map\/#mainImage"},"datePublished":"2026-06-06T21:07:23+00:00","dateModified":"2026-06-06T21:08:25+00:00"},{"@type":"WebSite","@id":"https:\/\/www.wisdomprompt.com\/blog\/#website","url":"https:\/\/www.wisdomprompt.com\/blog\/","name":"WisdomPrompt Blog","description":"AI compliance evidence, governance, and implementation notes.","inLanguage":"en-US","publisher":{"@id":"https:\/\/www.wisdomprompt.com\/blog\/#organization"}}]},"og:locale":"en_US","og:site_name":"WisdomPrompt Blog - AI compliance evidence, governance, and implementation notes.","og:type":"article","og:title":"CPCSC Level 1 and AI Governance: A Practical Evidence Map for Canadian Teams","og:description":"CPCSC Level 1 readiness increasingly overlaps with AI governance. Learn how Canadian teams can map cyber hygiene controls to reusable AI compliance evidence.","og:url":"https:\/\/www.wisdomprompt.com\/blog\/cpcsc-level-1-ai-governance-evidence-map\/","article:published_time":"2026-06-06T21:07:23+00:00","article:modified_time":"2026-06-06T21:08:25+00:00","twitter:card":"summary_large_image","twitter:title":"CPCSC Level 1 and AI Governance: A Practical Evidence Map for Canadian Teams","twitter:description":"CPCSC Level 1 readiness increasingly overlaps with AI governance. Learn how Canadian teams can map cyber hygiene controls to reusable AI compliance evidence."},"aioseo_meta_data":{"post_id":"28","title":null,"description":null,"keywords":null,"keyphrases":null,"primary_term":null,"canonical_url":null,"og_title":null,"og_description":null,"og_object_type":"default","og_image_type":"default","og_image_custom_url":null,"og_image_custom_fields":null,"og_image_url":null,"og_image_width":null,"og_image_height":null,"og_video":null,"og_custom_url":null,"og_article_section":null,"og_article_tags":null,"twitter_use_og":false,"twitter_card":"default","twitter_image_type":"default","twitter_image_custom_url":null,"twitter_image_custom_fields":null,"twitter_image_url":null,"twitter_title":null,"twitter_description":null,"schema_type":"default","schema_type_options":null,"schema":{"blockGraphs":[],"customGraphs":[],"default":{"data":{"Article":[],"Course":[],"Dataset":[],"FAQPage":[],"Movie":[],"Person":[],"Product":[],"ProductReview":[],"Car":[],"Recipe":[],"Service":[],"SoftwareApplication":[],"WebPage":[]},"graphName":"","isEnabled":true},"graphs":[]},"pillar_content":false,"robots_default":true,"robots_noindex":false,"robots_noarchive":false,"robots_nosnippet":false,"robots_nofollow":false,"robots_noimageindex":false,"robots_noodp":false,"robots_notranslate":false,"robots_max_snippet":null,"robots_max_videopreview":null,"robots_max_imagepreview":"large","priority":null,"frequency":null,"local_seo":null,"limit_modified_date":false,"ai":null,"breadcrumb_settings":null,"seo_analyzer_scan_date":null,"created":"2026-06-06 21:13:23","updated":"2026-06-06 21:13:23"},"aioseo_breadcrumb":"<div class=\"aioseo-breadcrumbs\"><span class=\"aioseo-breadcrumb\">\n\t\t\t<a href=\"https:\/\/www.wisdomprompt.com\/blog\" title=\"Home\">Home<\/a>\n\t\t<\/span><span class=\"aioseo-breadcrumb-separator\">&raquo;<\/span><span class=\"aioseo-breadcrumb\">\n\t\t\t<a href=\"https:\/\/www.wisdomprompt.com\/blog\/category\/general\/\" title=\"General\">General<\/a>\n\t\t<\/span><span class=\"aioseo-breadcrumb-separator\">&raquo;<\/span><span class=\"aioseo-breadcrumb\">\n\t\t\tCPCSC Level 1 and AI Governance: A Practical Evidence Map for Canadian Teams\n\t\t<\/span><\/div>","aioseo_breadcrumb_json":[{"label":"Home","link":"https:\/\/www.wisdomprompt.com\/blog"},{"label":"General","link":"https:\/\/www.wisdomprompt.com\/blog\/category\/general\/"},{"label":"CPCSC Level 1 and AI Governance: A Practical Evidence Map for Canadian Teams","link":"https:\/\/www.wisdomprompt.com\/blog\/cpcsc-level-1-ai-governance-evidence-map\/"}],"_links":{"self":[{"href":"https:\/\/www.wisdomprompt.com\/blog\/wp-json\/wp\/v2\/posts\/28","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.wisdomprompt.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.wisdomprompt.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.wisdomprompt.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.wisdomprompt.com\/blog\/wp-json\/wp\/v2\/comments?post=28"}],"version-history":[{"count":1,"href":"https:\/\/www.wisdomprompt.com\/blog\/wp-json\/wp\/v2\/posts\/28\/revisions"}],"predecessor-version":[{"id":29,"href":"https:\/\/www.wisdomprompt.com\/blog\/wp-json\/wp\/v2\/posts\/28\/revisions\/29"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.wisdomprompt.com\/blog\/wp-json\/wp\/v2\/media\/27"}],"wp:attachment":[{"href":"https:\/\/www.wisdomprompt.com\/blog\/wp-json\/wp\/v2\/media?parent=28"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.wisdomprompt.com\/blog\/wp-json\/wp\/v2\/categories?post=28"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.wisdomprompt.com\/blog\/wp-json\/wp\/v2\/tags?post=28"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}