Sample mastery report
Illustrativeevidence: a seeded worked example, not your organisation’s data and not a measured or certified result.
Initech: Governance, Risk & Assurance practitioner mastery
Where this seat sits on the skills it owns, which gaps still hold the climb, and the curated next skills that close them. Read in a few minutes; act on one gap.
- Prepared on
- The aisecurityskills personal mastery check
- Basis
- Cloud Security Alliance (CSA) AI Controls Matrix (AICM) controls · Mythos-style four rungs
- Evidence state
- Illustrative · fictional organisation
- Issued
- 18 Jul 2026
Small software firm · fictional organisation · illustrative sample
The verdict
Early-honest GRA practitioner: a few partial floors; most assurance lines still absent.
Initech's Governance, Risk & Assurance practitioner seat reads 0 implemented · 4 partial · 16 absent across 20 prompts across 6 domains. 20 skills still sit below Implemented — including assuring the AI supply chain. A small firm naming AI in policy while evidence packs that travel are still the climb.
Implemented
0
20 prompts · 6 groups
Partial / Absent
4 · 16
Below optimum on the personal bank
Below target
20
Path still visible
The ladder
Four concrete rungs from initial to optimum. Implemented, Partial, and Absent tallies are derived from the same session answers the live mastery check uses.
- 0ImplementedAt the personal optimum for that control
- 4PartialIn progress - not yet claimable as done
- 16AbsentNot practiced or not in place for this seat
This seat's session has no autonomy-gate controls. Climb the open gaps across your function's domains, then prove on the surface below.
Next skills
Prescriptions draw only from the curated core skill set via prescribeMasteryGaps. Each closes a derived gap on this seat's session bank.
- 01Execution
Ai Vendor Privacy Due Diligence Art28
Closes the A&A-02 gap (Commission and steer independent AI assessments): Absent → Partial.
ai-vendor-privacy-due-diligence-art28
- 02Execution
Generating A Gdpr Article 30 Ropa From System Inventories
Closes the A&A-03 gap (Plan AI audits by risk, not by calendar): Absent → Partial.
generating-a-gdpr-article-30-ropa-from-system-inventories
- 03Execution
Vendor Privacy Certification Acceptance
Closes the A&A-04 gap (Verify AI systems against the requirements that bind them): Absent → Partial.
vendor-privacy-certification-acceptance
- 04Execution
Collecting Evidence For A Privacy Compliance Audit
Closes the A&A-05 gap (Run an audit program with AI in scope): Absent → Partial.
collecting-evidence-for-a-privacy-compliance-audit
- 05Execution
Building Vulnerability Aging And Sla Tracking
Closes the A&A-06 gap (Drive audit findings on AI systems to closure): Absent → Partial.
building-vulnerability-aging-and-sla-tracking