The course comprehensively teaches the basics, methods and procedures of AI audits. Legal and normative requirements as well as technical audit criteria and the planning, implementation and evaluation of audits are covered in detail. You will learn how to assess AI-specific risks, select and use suitable audit methods and create well-founded audit reports with recommendations for action. In addition, you will be familiarized with basic knowledge of current data protection law and technical and organizational data protection measures. Efficient data protection management systems and the implementation of a successful audit program are also explained.
-
Certificates: Certificate "AI auditor with TÜV Rheinland-certified qualification"
Data protection officer" certificate -
Additional Certificates: Certificate "Data protection officer with TÜV Rheinland-certified qualification"
Certificate "Data protection auditor with TÜV Rheinland certified qualification" -
Examination: Praxisbezogene Projektarbeiten mit Abschlusspräsentationen
KI-Auditor:in mit TÜV Rheinland geprüfter Qualifikation
Datenschutzbeauftragte:r mit TÜV Rheinland geprüfter Qualifikation
Datenschutzauditor:in mit TÜV Rheinland geprüfter Qualifikation -
Teaching Times: Full-timeMonday to Friday from 8:30 a.m. to 3:35 p.m. (in weeks with public holidays from 8:30 a.m. to 5:10 p.m.)
-
Language of Instruction: German
-
Duration: 12 Weeks
Artificial intelligence: AI auditor with TÜV Rheinland-certified qualification
Fundamentals and framework conditions (approx. 4 days)
Classification and differentiation of various auditor roles
Tasks and responsibilities within AI audits
Differentiation from other roles (e.g. AI manager)
Audit principles according to ISO 19011 (objectivity, independence, transparency)
Normative basis: ISO/IEC 42001 - structure, requirements, evidence
EU AI Act - relevant provisions for auditors
National guidelines and industry-specific standards
PDCA cycle in the audit context
Audit types: system, process, product and compliance audits
Stage 1 and Stage 2 at a glance
Documentation requirements and verification
AI-specific risks as audit objects (bias, explainability, robustness, security, data quality)
Prompting in the audit context
Regulatory and technical test criteria (approx. 4 days)
AI-specific compliance requirements
Data protection (GDPR and industry-specific requirements)
Security of AI systems (cybersecurity, access control)
Quality requirements for training and test data
Model validation and verification
Explainability and transparency of AI decisions
Performance metrics (accuracy, precision, recall, robustness)
Ethical principles and fairness
Additional industry-specific standards (e.g. ISO 13485, ISO 26262, BaFin guidelines)
Audit planning and methodology (approx. 3 days)
Definition of audit objects and objectives
Creation of an audit plan (resources, schedule, roles, communication)
Creation of questionnaires and checklists
Risk and relevance assessment of audit points
Selection of suitable audit methods (questioning, document review, technical tests)
Specifics of risk and method assessment for agent-based AI systems
Definition of supporting documents and types of evidence
Audit implementation (approx. 3 days)
Document review (Stage 1) - Requirements for AI documentation
Interview techniques and conducting discussions during the audit
On-site audit (Stage 2) - Use of audit tools
Carrying out technical tests (black box, white box, stress tests)
Use of technical tools (audit software, log analysis, code review)
Collection, validation and structuring of audit documents
Evaluation and report (approx. 2 days)
Creation of an audit report using prompting
Risk-appropriate presentation of weak points
Suggested measures and follow-up strategies
Project work, certification preparation and certification exam "AI auditor with TÜV Rheinland certified qualification" (approx. 3 days)
Data protection officer with TÜV Rheinland-certified qualification
Data protection in the company - basics (approx. 1 day)
History of data protection and objectives
Structure of the European General Data Protection Regulation
The Federal Data Protection Act - subject matter and objectives
GAP analysis between BDSG and GDPR
Material and geographical areas of application
Definitions of terms
Principles (approx. 1 day)
Principles for the processing of personal data
Legitimate interests
Consent
Transparency requirement
Duty to inform
Special categories of personal data
Rights of data subjects (approx. 1 day)
Rights of data subjects
Right to information
Rectification and erasure
Right to object
Right to data portability
Profiling and direct marketing
Right to lodge a complaint
Restrictions
Responsible persons and processors (approx. 2 days)
Risk analysis and TOM
Privacy by design & default
Order processing
Joint controllers
Register of processing activities (VVT)
Security of processing
Entry, access and access controls
Data protection impact assessment (DPIA)
Data protection officer (appointment, position, tasks)
Code of Conduct
Certification: pre-audit, main audit, post-audit
Other bodies with a data protection function (approx. 0.5 days)
The role of the works council (co-determination)
The DPO and the works council
Basics of social data protection
Basics of employee data protection
Personnel file, data access and information rights
Artificial intelligence (AI) and data protection (approx. 0.5 days)
Presentation of specific AI technologies
and possible applications in the professional environment
Risks and opportunities when using AI, especially in connection with pbD
Transfer of personal data (approx. 2 days)
General principles of natural transfers
Data transfers to third countries
Standard contractual clauses
Supervisory authorities
Responsibilities, tasks, powers
Legal remedies, liability and sanctions (approx. 1 day)
Legal remedies
Liability, fines, sanctions
Special processing situations
Final provisions
Federal Data Protection Act (approx. 1 day)
Scope of application, video surveillance of public areas
Exceptions to the rights of data subjects
DPOs of public and non-public bodies
LDAs, fine regulations, sanctions
IT security and data protection (approx. 3 days)
Network components, storage components (RAID)
Basics of access management
IT security basics
IT baseline protection standards
Risk factors
Improvement options
Further areas of responsibility (approx. 3 days)
Development and operation of a data protection management system and SDM
Deletion concept
Backup concept
The legal framework of outsourcing from a data protection perspective
Data protection in the area of marketing and advertising measures
Telecommunications Digital Services Data Protection Act (approx. 1 day)
Structure and contents of the TDDDG
Project work, certification preparation and certification exam "Data Protection Officer with TÜV Rheinland certified qualification" (approx. 3 days)
Data protection auditor with TÜV Rheinland-certified qualification
Basics (approx. 2 days)
Objectives of data protection audits
Basic knowledge of data protection policy (company objectives, principles of action)
EU-DSGVO
Requirements for internal audits and auditors
Data protection management system (approx. 3 days)
Requirements for setting up a data protection management system
Process models for setting up and introducing a data protection management system
Methods, techniques and tools
As-is recording and analysis, identification of weak points, risk analysis
Artificial intelligence (AI) in the work process
Presentation of specific AI technologies
and possible applications in the professional environment
Standard data protection model (approx. 1 day)
Current status and introduction
SDM implementation and requirements from GDPR
Warranty objectives of the SDM
Generic measures
SDM building blocks
Data protection concept (approx. 2 days)
Relationships to other operational management systems (DIN EN ISO 9000ff., 27001ff.)
Creation of an audit program (approx. 2 days)
Preparation of an audit program
Creation of audit questionnaires
Audit depth
Audit implementation (approx. 4 days)
Interviews as a source of information
Document review on site
Inspection of technical equipment
Examination of the structural and process organization
Examination of technical and organizational security measures
Inspections
Audit evaluation (approx. 3 days)
Evaluation, audit report and follow-up measures
Preparation of an audit report
Tracking of measures
Presentation of possible tools (checklists, questionnaire, audit plans, deviation reports)
Corrective measures
Project work, certification preparation and certification exam "Data protection auditor with TÜV Rheinland certified qualification" (approx. 3 days)
Changes are possible, the course content is updated regularly.
After the course, you will be able to plan AI audits in accordance with standards, coordinate them across departments and successfully integrate them into existing management and audit processes. You will have the skills to systematically assess AI-specific risks, apply suitable audit methods and prepare audit reports in a practical manner, as well as derive improvement measures to ensure the long-term conformity and security of AI systems.
Furthermore, you are familiar with the essential tasks in data protection. You have the necessary knowledge based on the current EU GDPR for legally compliant handling of personal data as well as knowledge in the area of data protection organization and IT security. You also have specialist knowledge of an efficient data protection management system and can successfully plan, carry out and evaluate data protection audits.
The course is aimed at auditors as well as specialists and managers from quality management, compliance, IT security, data protection, risk management and AI governance who want to audit AI systems and AI management systems or prepare for certification in accordance with ISO/IEC 42001.
The growing importance of artificial intelligence and its use in companies across all industries is driving an increasing demand for AI audits, which are used to review the AI systems used in order to minimize risks and guarantee compliance with applicable standards. As an AI auditor, you will find a wide range of jobs across all industries.
With additional knowledge in data protection, you will also qualify for a wide range of applications, e.g. in auditing, quality management, law and organization.
You prove your newly acquired knowledge with a TÜV Rheinland-certified qualification.
Didactic concept
Your lecturers are highly qualified both professionally and didactically and will teach you from the first to the last day (no self-study system).
You will learn in effective small groups. The courses usually consist of 6 to 25 participants. The general lessons are supplemented by numerous practical exercises in all course modules. The practice phase is an important part of the course, as it is during this time that you process what you have just learned and gain confidence and routine in its application. The final section of the course involves a project, a case study or a final exam.
Virtual classroom alfaview®
Lessons take place using modern alfaview® video technology - either from the comfort of your own home or at our premises at Bildungszentrum. The entire course can see each other face-to-face via alfaview®, communicate with each other in lip-sync voice quality and work on joint projects. Of course, you can also see and talk to your connected trainers live at any time and you will be taught by your lecturers in real time for the entire duration of the course. The lessons are not e-learning, but real live face-to-face lessons via video technology.
The courses at alfatraining are funded by Agentur für Arbeit and are certified in accordance with the AZAV approval regulation. When submitting a Bildungsgutscheinor Aktivierungs- und Vermittlungsgutschein, the entire course costs are usually covered by your funding body.
Funding is also possible via Europäischen Sozialfonds (ESF), Deutsche Rentenversicherung (DRV) or regional funding programs. As a regular soldier, you have the option of attending further training courses via Berufsförderungsdienst (BFD). Companies can also have their employees qualified via funding from Agentur für Arbeit (Qualifizierungschancengesetz).