Toward a Certification Framework for AI Governance in Education: Design Principles for a Sector-Appropriate Standard

Toward a Certification Framework for

AI Governance in Education:

Design Principles for a Sector-Appropriate Standard

AI Governance in Education Series

Memorandum No. 6

Ryan James Purdy

Purdy House Publishing & Consulting

February 2026

Working Paper

Abstract

The education sector lacks a widely recognized AI governance certification pathway. Healthcare has mature HIPAA compliance ecosystems: audits, attestations, and third-party programs that function as widely recognized evidence.¹ Enterprise technology procurement relies on SOC 2 attestation infrastructure. Education has nothing equivalent for AI, despite deploying AI systems that affect millions of students and facing regulatory deadlines beginning in mid-2026.

This memorandum proposes design principles for an education-sector AI governance certification, drawing lessons from three existing models: SOC 2’s trust services criteria and CPA attestation structure, ISO 42001’s comprehensive AI management system controls, and regional education accreditation’s sector-specific peer review approach. Each model offers design elements worth adopting and pitfalls worth avoiding.

The analysis yields seven design principles and identifies ten control domains appropriate for education AI governance. The proposed framework addresses four structural challenges: making certification accessible to institutions of varying size, maintaining rigor sufficient for insurance and procurement stakeholders, incorporating education-specific concerns absent from existing standards, and resisting capture by any single stakeholder group.

This memorandum and Memorandum No. 7 (The Liability Squeeze) address complementary questions. Memorandum 7 documents why governance documentation has become urgent; this memorandum proposes what certification infrastructure should look like.

Key Findings

1. The education sector lacks a widely recognized AI governance certification pathway, despite deploying AI systems affecting consequential decisions in learning, assessment, safety, and data, and facing regulatory deadlines beginning in mid-2026.

2. Three existing models (SOC 2, ISO 42001, education accreditation) offer transferable design lessons, but none addresses education AI governance directly.

3. Certification framework design is path-dependent: early choices about control domains, assessor qualifications, and governance structures will constrain later options.

4. Cost accessibility is the primary structural barrier: ISO 42001 certification costs $30,000 to $108,000, SOC 2 audits cost $20,000 to $100,000, and most educational institutions cannot absorb these costs.

5. The pre-certification window documented in Memoranda 5 and 7 creates an opportunity for balanced framework design before market incumbents or regulatory mandates lock in approaches that may not serve educational purposes.

¹ No official HHS/OCR "HIPAA certification" exists. The reference here is to the mature ecosystem of compliance programs, third-party audits, and attestation services that function as widely recognized evidence of HIPAA governance. The distinction between formal certification and functional compliance infrastructure is itself instructive for education AI framework design.

Series Context

This is the sixth memorandum in a series examining AI governance in education through the lens of assurance, insurance, and institutional accountability. The series trajectory is as follows:

Memorandum 6 responds constructively to the problems documented in Memoranda 1 through 5 and 7. Where those papers identified gaps, forcing functions, and limitations, this paper proposes framework architecture. It is paired with Memorandum 7 as complementary analyses: Memorandum 7 explains why governance documentation has become urgent; this memorandum proposes what certification infrastructure should look like.

Scope, Method, and Limits

This memorandum examines certification framework design principles for education AI governance. It analyzes three existing models (SOC 2 attestation, ISO 42001 certification, and regional education accreditation) to extract transferable design elements and identify pitfalls.

The analysis draws on published standards documentation, governance body materials, industry pricing data, and the findings of Memoranda 1 through 5 and 7 in this series.

Operational implementation would require detailed control specifications, assessment procedures, and governance bylaws beyond the scope of a working paper. The proposals here are design principles intended to inform standards development, not replace it. This memorandum does not constitute legal advice or insurance coverage opinion.

Definitions

Three distinct validation models inform this analysis. The terms are often conflated but carry different implications for framework design:

Attestation is an independent practitioner’s opinion on management’s assertions about controls. SOC 2 reports are attestations: a CPA firm examines whether an organization’s controls meet specified criteria and expresses an opinion. The organization makes claims; the attestor evaluates them.

Certification is a declaration of conformity to a standard, typically issued by an accredited certification body after audit. ISO 42001 certification means an accredited registrar has determined the organization’s AI management system conforms to the standard’s requirements. The certification body, not the organization, makes the conformity determination.

Accreditation (in the education context) is peer-based institutional review against sector-specific criteria. Regional accreditors evaluate whether institutions meet standards for educational quality and institutional effectiveness. The process emphasizes self-study, peer review, and continuous improvement rather than point-in-time conformity assessment.

Each model implies different governance structures, assessor qualifications, and evidence expectations. The framework proposed in this memorandum draws elements from all three.

Contents

Abstract

Key Findings

Series Context

Scope, Method, and Limits

Definitions

1. Introduction

1.1 The Certification Question

1.2 Why Certification Matters Now

1.3 Why Design Matters Now

1.4 Research Questions

2. Lessons from Existing Certification Models

2.1 SOC 2: Trust Services Criteria and CPA Attestation

2.2 ISO 42001: AI Management Systems

2.3 Education Accreditation: Regional Bodies and Peer Review

2.4 Synthesis: Seven Design Principles

3. Proposed Control Domains

3.1 Mapping Exercise: What Must Be Covered

3.2 Ten Control Domains for Education AI Governance

3.3 Education-Specific Additions Not in ISO 42001

3.4 Mapping to Insurance Evidence Requirements

4. Certification Levels and Pathways

4.1 The Tiered Approach

4.2 Pathway for Small Districts vs. Large Districts

4.3 Pathway for EdTech Vendors

4.4 Reciprocity with ISO 42001

5. Governance of the Certifying Body

5.1 Who Should Govern

5.2 Governance Principles

5.3 Funding Models

5.4 Avoiding Capture

5.5 Roles Separation

6. Assessor Credentialing

6.1 The Assessor Quality Problem

6.2 Credentialing Requirements

6.3 Credentialing Pathways

6.4 Connecting Credentialing to the Insurance Path

7. Implementation Timeline

8. Recommendations and Conclusion

8.1 For Education Associations

8.2 For the Insurance Industry

8.3 For Government and Policy Makers

8.4 For Educational Institutions and Vendors

Conclusion

Scope Limitation

Notes

References

About the Author

1. Introduction

1.1 The Certification Question

Every sector that deploys consequential technology eventually develops validation infrastructure to demonstrate that deployment is governed appropriately. Healthcare has mature HIPAA compliance ecosystems: audits, attestations, and third-party programs that function as widely recognized evidence.¹ Enterprise technology procurement relies on SOC 2 attestation, which has become effectively mandatory for vendors serving sophisticated buyers. Information security has ISO 27001. AI management systems now have ISO 42001.

Education has no widely recognized equivalent for AI governance.

This absence is not sustainable. Educational institutions deploy AI systems that affect admissions decisions, learning recommendations, behavioral assessments, and resource allocations for millions of students. Regulatory requirements are arriving: Ohio mandates AI policies by July 2026;² Colorado’s AI Act takes effect June 30, 2026;³ the EU AI Act classifies educational AI as high-risk with obligations phasing in through August 2026 and August 2027.⁴ Insurance underwriters increasingly condition coverage on governance documentation that most schools cannot produce.

The question is not whether education AI certification will emerge, but what it will look like, who will design it, and whose interests it will serve.

1.2 Why Certification Matters Now

Three converging pressures make certification framework design urgent rather than aspirational.

Regulatory convergence. Multiple jurisdictions are simultaneously imposing AI governance requirements on educational institutions. These requirements are not uniform, but they share common elements: transparency obligations, human oversight requirements, bias assessment mandates, and documentation expectations. Certification provides a mechanism for demonstrating compliance across multiple regulatory regimes simultaneously, reducing the burden of jurisdiction-by-jurisdiction evidence production.

Insurance market evolution. Specialty AI coverage programs now condition coverage on demonstrated governance, with carriers using domain experts to evaluate AI risk before extending coverage. As documented in Memorandum 7, this dynamic transforms governance documentation from best practice to coverage prerequisite. Certification provides standardized evidence that satisfies underwriter requirements without institution-by-institution negotiation.

Procurement pressure. High-profile data breaches have accelerated procurement requirements for cybersecurity attestation. Schools now routinely require SOC 2 reports from technology vendors. A similar dynamic will follow AI-related incidents: governance-mature districts will require evidence of AI governance from vendors, and vendors will seek certification to satisfy those requirements. Certification provides that standardization.

Market demand. The pattern is predictable because it has played out before.

² Ohio House Bill 96 (136th General Assembly), requiring school districts to adopt AI policies by July 1, 2026. See Ohio Department of Education & Workforce, "AI in Ohio’s Education," https://education.ohio.gov/Topics/AI-in-Ohio-s-Education; Ohio Department of Education & Workforce, EdConnection, "Ohio updates requirements for artificial intelligence," August 20, 2025, https://education.ohio.gov/Media/Ed-Connection/Aug-20-2025/Ohio-updates-requirements-for-artificial-intellige.

³ Colorado S.B. 24-205, the Colorado AI Consumer Protection Act. Originally signed May 17, 2024, with an initial effective date of February 1, 2026. Implementation was postponed to June 30, 2026, via S.B. 25B-004, signed August 28, 2025, following a special legislative session. Subject to further amendment during the 2026 regular session. See Colorado General Assembly, "SB24-205," https://leg.colorado.gov/bills/sb24-205; Colorado General Assembly, "SB25B-004," https://leg.colorado.gov/bills/sb25b-004.

⁴ EU AI Act (Regulation 2024/1689), Annex III classifying educational AI as high-risk. High-risk system obligations were scheduled to take effect August 2, 2026, with full rollout by August 2, 2027. The European Commission’s proposed Digital Omnibus package (November 2025) would defer high-risk obligations for Annex III systems to no later than December 2, 2027. The proposal remains subject to European Parliament and Council review under ordinary legislative procedure. See European Parliament, "Artificial Intelligence Act," https://www.europarl.europa.eu/topics/en/article/20230601STO93804/eu-ai-act-first-regulation-on-artificial-intelligence. For the Digital Omnibus proposal, see European Commission, "Digital Omnibus on AI Regulation Proposal," https://digital-strategy.ec.europa.eu/en/library/digital-omnibus-ai-regulation-proposal.

1.3 Why Design Matters Now

Certification frameworks are path-dependent. Early design choices constrain later options. The organizations that convene standards development, the stakeholders represented in governance, the control domains selected for assessment, and the credentialing requirements for assessors all shape what certification eventually means and whom it serves.

First movers shape standards. SOC 2’s trust services criteria, developed by the AICPA, reflect accounting profession priorities and CPA competencies. ISO 42001’s controls reflect enterprise AI deployment patterns. Regional accreditation criteria reflect the concerns of established institutions that dominated early accreditation bodies.

Education AI certification will reflect the priorities of whoever designs it. If large technology vendors dominate the process, certification may emphasize controls that vendors can easily document while minimizing controls that reveal vendor limitations. If insurance carriers dominate, certification may emphasize loss prevention at the expense of educational mission. If large districts dominate, certification may impose resource requirements that smaller institutions cannot meet.

The pre-certification window documented in Memoranda 5 and 7 creates an opportunity for balanced design. Stakeholders acting now can advocate for frameworks that serve educational purposes, remain accessible to institutions of varying size, and resist capture by any single interest group. That window will not remain open indefinitely.

1.4 Research Questions

This memorandum addresses four questions:

1. What lessons do existing certification models (SOC 2, ISO 42001, education accreditation) offer for education AI governance certification?

2. What control domains should an education AI certification framework include?

3. How should certification levels be structured to balance rigor with accessibility?

4. What governance structures would enable a certifying body to serve education while resisting capture?

2. Lessons from Existing Certification Models

No existing certification framework addresses education AI governance directly. However, three models offer transferable design lessons: SOC 2’s market-driven attestation, ISO 42001’s comprehensive AI controls, and regional education accreditation’s sector-specific peer review.

2.1 SOC 2: Trust Services Criteria and CPA Attestation

SOC 2 (System and Organization Controls 2) provides attestation for service organizations on controls relevant to security, availability, processing integrity, confidentiality, and privacy. Developed by the American Institute of Certified Public Accountants (AICPA),⁷ SOC 2 has become the dominant assurance framework for technology vendors serving enterprise customers.

What worked:

Common language. SOC 2’s trust services criteria provide shared vocabulary that buyers and sellers both understand. When a vendor presents a SOC 2 Type II report, procurement teams know what it means without needing to parse proprietary frameworks. This common language reduces transaction costs and enables efficient risk communication.

Market-driven adoption. SOC 2 became effectively mandatory not through regulation but through procurement pressure. Enterprise buyers began requiring SOC 2 reports. Vendors that could not produce them lost deals. The requirement spread through market dynamics rather than government mandate, which accelerated adoption faster than regulatory processes typically achieve.

Scalable assessment. The CPA attestation model leverages existing professional infrastructure. Accounting firms already had audit methodologies, quality control processes, and professional liability coverage. SOC 2 extended that infrastructure to technology controls rather than building new assessment capacity from scratch.

Tiered reporting. Type I reports attest to control design at a point in time. Type II reports attest to operating effectiveness over a period (typically 6 to 12 months). This tiered structure allows organizations to demonstrate progress: achieve Type I first, then build toward Type II. The progression provides a maturity pathway rather than binary pass/fail.

What did not work:

Type I/Type II confusion. Many buyers do not understand the distinction between Type I (design) and Type II (operating effectiveness) reports. Some accept Type I reports as equivalent assurance, which undermines the framework’s rigor. Education AI certification should make maturity distinctions clearer and more meaningful to non-expert stakeholders.

Cost barriers. SOC 2 audits typically cost $20,000 to $100,000 or more,⁸ depending on scope and complexity. This cost is manageable for well-funded technology companies but prohibitive for small vendors and most educational institutions. Education AI certification must address cost accessibility explicitly.

Scope variability. Organizations choose which trust services criteria to include in their SOC 2 scope. A report covering only security provides less assurance than one covering security, availability, and privacy, but both are "SOC 2 reports." This variability creates comparison problems that buyers do not always recognize.

Attestation limitations. SOC 2 produces attestation reports rather than certifications. The distinction matters: attestation expresses an opinion on management’s assertions, while certification declares conformity to a standard. The practical difference affects how reports can be used and represented, and creates potential for misunderstanding.

⁷ AICPA, "SOC 2 -- SOC for Service Organizations: Trust Services Criteria." The trust services criteria (security, availability, processing integrity, confidentiality, and privacy) provide the framework against which CPA firms evaluate service organization controls. See https://www.aicpa-cima.com/topic/audit-assurance/audit-and-assurance-greater-than-soc-2.

⁸ SOC 2 audit pricing varies significantly by scope, organization size, and auditor. The $20,000 to $100,000 range reflects market pricing for small to mid-size technology companies as of 2025. Large enterprises with complex environments may exceed this range.

2.2 ISO 42001: AI Management Systems

ISO/IEC 42001:2023 specifies requirements for establishing, implementing, maintaining, and continually improving an AI management system. Published in December 2023, it provides the first international standard specifically addressing AI governance.⁹

What works:

Comprehensive control structure. ISO 42001’s Annex A controls address AI system lifecycle from conception through retirement.¹¹ The controls cover policy, planning, support, operation, performance evaluation, and improvement. This comprehensiveness ensures that certified organizations have addressed governance systematically rather than piecemeal.

International recognition. ISO standards carry weight across jurisdictions. An organization certified to ISO 42001 can demonstrate governance to regulators, insurers, and partners in multiple countries using a single credential. For institutions with international operations or partnerships, this portability matters.

Management system integration. ISO 42001 follows the harmonized structure common to ISO management system standards (ISO 9001, ISO 27001, ISO 14001). Organizations already certified to other ISO standards can integrate AI management without building parallel governance infrastructure.

Continuous improvement orientation. The standard requires monitoring, measurement, analysis, and improvement processes. Certification is not a one-time achievement but an ongoing commitment. This orientation toward maturity progression aligns with how governance actually develops in organizations.

What does not work:

Cost and timeline barriers. As documented in Memorandum 4, ISO 42001 certification typically costs $30,000 to $108,000¹⁰ and requires 6 to 12 months for implementation and audit. These requirements place certification beyond reach for most educational institutions, particularly smaller districts with limited administrative capacity.

Absence of education-specific guidance. ISO 42001 is sector-agnostic. It does not address education-specific concerns such as student data protection under FERPA, age-appropriate AI interactions, academic integrity, or parental involvement in AI-affected decisions. Certified organizations must interpret how generic controls apply to educational contexts, with no authoritative guidance on correct interpretation.

Limited auditor capacity. Few certification bodies have developed education-specific auditor competencies for ISO 42001. An auditor experienced in enterprise AI deployment may not understand educational operational constraints, regulatory frameworks, or risk profiles. This expertise gap undermines assessment quality for educational organizations.

Enterprise orientation. The standard’s language and examples assume enterprise contexts: AI product development, commercial deployment, corporate governance structures. Educational institutions must translate enterprise concepts to their operational reality, which creates implementation friction and assessment ambiguity.

⁹ ISO/IEC 42001:2023, "Information technology -- Artificial intelligence -- Management system." Published December 18, 2023. See https://www.iso.org/standard/81230.html.

¹⁰ See Memorandum 4 in this series for detailed analysis of ISO 42001 certification costs and implementation timelines in educational contexts. The $30,000 to $108,000 range reflects published estimates from certification bodies and implementation consultancies.

¹¹ ISO/IEC 42001:2023, Annex A. The 38 controls are organized under nine control objectives: A.2 (AI Policy), A.3 (Internal Organization), A.4 (Resources), A.5 (Assessing Impacts), A.6 (Informing Interested Parties), A.7 (Data for AI), A.8 (AI System Lifecycle), A.9 (Use of AI Systems), and A.10 (Third-Party and Customer Relationships).

2.3 Education Accreditation: Regional Bodies and Peer Review

Regional education accreditation provides the closest existing model for sector-specific governance validation in education. Six regional accrediting bodies (now consolidated into fewer organizations) have validated institutional quality for over a century.¹²

What works:

Sector specificity. Accreditation criteria address educational concerns directly: student learning outcomes, faculty qualifications, institutional resources, governance structures appropriate to educational mission. The framework speaks education’s language rather than requiring translation from generic standards.

Peer review. Accreditation site visits include educators from peer institutions who understand operational realities. A community college president evaluating another community college brings contextual knowledge that external auditors lack. This peer element improves assessment validity and acceptance.

Self-study process. Accreditation requires institutions to conduct comprehensive self-assessment before external review. This process builds internal governance capacity regardless of the external evaluation outcome. The self-study is valuable even if the visit never occurred.

Graduated responses. Accreditation decisions include multiple possible outcomes: full accreditation, accreditation with conditions, warning, probation, or denial. This graduation allows accreditors to address concerns without binary pass/fail consequences. Institutions can remediate deficiencies while maintaining accredited status.

What does not work:

Extended cycle times. Accreditation cycles typically span 7 to 10 years.¹³ AI technology and its associated risks evolve far more rapidly. A framework validated in 2025 may be substantially inadequate by 2028. Education AI certification requires assessment cycles responsive to technology evolution, likely annual or biennial rather than decadal.

Inconsistent rigor. The peer review model’s strength (contextual understanding) is also its weakness (inconsistent standards). Some peer reviewers apply rigorous scrutiny; others defer to institutional assertions. This variability undermines reliability.

Limited public transparency. Accreditation reports are typically not public documents. Stakeholders cannot easily compare accreditation findings across institutions or verify specific governance claims. This opacity limits the framework’s utility for external stakeholders such as insurers or procurement authorities.

¹² The six regional accrediting bodies historically were: Middle States Commission on Higher Education, New England Commission of Higher Education, Higher Learning Commission, Northwest Commission on Colleges and Universities, Southern Association of Colleges and Schools, and WASC Senior College and University Commission. Consolidation has reduced the number of functionally independent bodies.

¹³ Accreditation cycle lengths vary by accrediting body and institutional status. The 7-to-10-year figure represents a standard reaffirmation cycle. Institutions on monitoring or probation may face shorter review periods.

2.4 Synthesis: Seven Design Principles for Education AI Certification

The analysis of existing models yields seven design principles for education AI governance certification. Each principle draws on demonstrated strengths of at least one model while addressing identified weaknesses across all three.

Principle 1: Stakeholder Legibility. Establish common language and criteria that enable efficient communication across insurers, regulators, procurement authorities, boards, and parents. Maturity distinctions must be clear and meaningful to non-expert stakeholders, avoiding the Type I/Type II confusion that undermines SOC 2’s utility. (From SOC 2’s common language strength; addressing SOC 2’s maturity confusion weakness.)

Principle 2: Market-Driven Adoption. Design for adoption through procurement pressure and insurance market dynamics rather than relying solely on regulatory mandate. SOC 2 became effectively mandatory through buyer requirements, not government action. Education AI certification should follow a similar path, leveraging existing professional infrastructure where possible rather than building assessment capacity from scratch. (From SOC 2’s market adoption model.)

Principle 3: Sector-Specific Comprehensiveness. Ensure control coverage addresses the full AI governance lifecycle while incorporating education-specific criteria that general-purpose standards omit. ISO 42001 provides comprehensive controls but misses child safety, academic integrity, parental involvement, and developmental appropriateness. Education accreditation demonstrates that sector-specific criteria improve assessment validity and stakeholder acceptance. (From ISO 42001’s comprehensiveness; from accreditation’s sector specificity; addressing ISO’s education gap.)

Principle 4: Tiered Certification with Graduated Responses. Create certification levels that allow organizations to demonstrate maturity progression, with graduated consequences that permit remediation without catastrophic outcomes. Binary pass/fail assessment excludes institutions that have begun governance work but not completed it. Tiered certification provides a pathway rather than a gate. (From SOC 2’s Type I/II progression; from accreditation’s graduated responses.)

Principle 5: Cost and Timeline Accessibility. Address cost and timeline barriers explicitly through tiered requirements, streamlined processes, and right-sized expectations for institutions of varying capacity. Certification that costs $30,000 to $108,000 and takes 6 to 12 months serves enterprises, not schools. A framework that cannot reach a 2,000-student district has failed its design purpose. (Addressing ISO 42001’s and SOC 2’s cost barriers.)

Principle 6: Assessor Competency and Independence. Develop education-specific assessor qualifications that combine domain knowledge with assessment methodology expertise and independence standards. Peer review elements from accreditation bring contextual understanding, but inconsistent rigor undermines reliability. Assessor credentialing must balance sector expertise with assessment discipline. (From accreditation’s peer review; addressing accreditation’s inconsistency weakness.)

Principle 7: Continuous Improvement with Responsive Cycle Times. Embed ongoing monitoring, measurement, and improvement requirements while maintaining assessment cycles responsive to technology evolution. Accreditation’s 7-to-10-year cycles are incompatible with AI’s pace of change. Certification must require continuous improvement while ensuring transparency that serves external stakeholder needs. (From ISO 42001’s improvement orientation; addressing accreditation’s slow cycles; addressing accreditation’s transparency gap.)

These seven principles inform the framework proposed in the following sections. They are not aspirational ideals but design constraints derived from observed successes and failures in existing certification infrastructure.

A certification framework, however, requires qualified assessors to implement. Until formal certification infrastructure exists, independent assessment functions as interim evidence, producing documentation that satisfies the stakeholders identified above while building the institutional governance capacity that future certification will require. The principles proposed here apply equally to interim assessment and to eventual formal certification.

3. Proposed Control Domains

3.1 Mapping Exercise: What Must Be Covered

A certification framework for education AI governance must satisfy multiple stakeholders simultaneously. Regulatory requirements specify what institutions must do. Insurance underwriters specify what institutions must document. Procurement authorities specify what vendors must demonstrate. Boards and parents specify what governance must protect.

The control domains proposed here emerge from a mapping exercise across four input sources:

Regulatory requirements. Ohio House Bill 96, Colorado S.B. 24-205, the EU AI Act (Annex III high-risk classification for education), FERPA, COPPA, and emerging state AI legislation establish minimum compliance obligations. These obligations cluster around transparency, human oversight, data protection, risk assessment, and accountability.

Insurance evidence expectations. Memorandum 7 (Appendix A) identified ten evidence categories that underwriters increasingly expect: AI system inventory, risk assessment documentation, governance policy, role assignments, vendor governance, human oversight protocols, incident response procedures, training records, stakeholder communication, and monitoring and review records. Memorandum 2 identified eight equivalent categories recurring across underwriting questionnaires. These categories represent the operational infrastructure that carriers examine when evaluating coverage eligibility.

ISO 42001 controls. Annex A of ISO/IEC 42001:2023 provides 38 controls across nine control objectives (A.2 through A.10),¹⁴ addressing the AI management system lifecycle from policy establishment through continual improvement. These controls provide comprehensive coverage but require translation for educational contexts.

Education-specific concerns. Neither regulatory requirements nor insurance expectations nor ISO 42001 adequately address child safety and developmental appropriateness, academic integrity, parental and guardian involvement in AI-affected decisions, or age-gated access controls. These concerns are fundamental to educational AI governance and must be explicitly represented.

The proposed domains incorporate elements from all four sources while maintaining a structure that is comprehensible to non-specialist stakeholders. The goal is a framework that produces documentation simultaneously useful for regulatory compliance, insurance applications, procurement decisions, and board oversight.

¹⁴ ISO/IEC 42001:2023, Annex A, controls A.2 through A.10. The mapping exercise in this memorandum aligns these controls to education-specific requirements not addressed in the standard’s sector-agnostic framework.

3.2 Ten Control Domains for Education AI Governance

The following ten domains constitute the proposed certification framework. Each domain is described with its scope, its alignment to existing standards and evidence requirements, and its education-specific considerations.

Domain 1: Policy and Governance Structure

Board-level or executive-level accountability for AI governance, including named roles with documented authority, reporting relationships, and decision-making boundaries. This domain requires a board-approved AI governance policy addressing scope, permitted and prohibited uses, and oversight mechanisms.

Alignment: ISO 42001 A.2 (AI Policy), A.3 (Internal Organization); Memo 7 evidence categories 3 (Governance Policy) and 4 (Role Assignments); regulatory requirements across all examined jurisdictions.

Education-specific: Governance structures must accommodate elected school boards, superintendent authority, collective bargaining constraints on teacher responsibilities, and the distinction between district-level policy and building-level implementation.

Domain 2: AI Inventory and Classification

Systematic catalog of AI systems in use across the institution, documenting data types processed, decision categories influenced, integration points, and risk classification. The inventory serves as the foundation for all subsequent governance: institutions cannot govern what they have not identified.

Alignment: ISO 42001 A.5 (Assessing AI System Impacts); Memo 7 evidence category 1 (AI System Inventory); insurance evidence category 1 (AI Inventory and Classification).

Education-specific: Inventory must capture both institutionally procured systems and teacher-adopted tools, addressing the "shadow AI" problem where individual educators deploy AI tools without institutional awareness or approval.

Domain 3: Risk Assessment and Management

Formal risk assessment for AI systems, including education-specific risk identification, risk classification methodology, mitigation measures, and periodic review cycles. Risk assessment should address both operational risks (system failures, data breaches) and mission risks (educational harm, equity impacts, developmental inappropriateness).

Alignment: ISO 42001 A.5 (Assessing AI System Impacts); NIST AI RMF Map and Measure functions; Memo 7 evidence category 2 (Risk Assessment Documentation); insurance evidence category 3 (Risk Management Documentation).

Education-specific: Risk frameworks must include child-specific harm categories: developmental inappropriateness, age-inappropriate content exposure, over-reliance reducing learning outcomes, and algorithmic profiling of minors. Standard enterprise risk categories do not capture these concerns.

Domain 4: Data Governance

Policies and procedures governing data quality, privacy, consent, retention, cross-border transfer, and training data provenance. For education, this domain is particularly consequential because student data carries heightened legal protections and ethical obligations.¹⁵

Alignment: ISO 42001 A.7 (Data for AI Systems); FERPA, COPPA, GDPR, and provincial privacy legislation; Memo 7 evidence categories implicitly spanning multiple areas; insurance evidence category 7 (Data Governance).

Education-specific: Must address parental consent mechanisms for minors, student data minimization, the distinction between educational records and AI-generated analytics, de-identification standards for student data used in AI system training, and data portability obligations when students transfer.

¹⁵ Family Educational Rights and Privacy Act (FERPA), 20 U.S.C. § 1232g; Children’s Online Privacy Protection Act (COPPA), 15 U.S.C. §§ 6501-6506. Both statutes impose specific requirements on educational data handling that AI systems processing student information must satisfy.

Domain 5: Human Oversight Protocols

Defined intervention points in AI-assisted processes, override authority and procedures, escalation paths for uncertain cases, and documentation requirements for oversight decisions. Human oversight is the control that transforms AI deployment from automated decision-making to AI-assisted decision-making.¹⁶

Alignment: EU AI Act Article 14 (Human Oversight); ISO 42001 A.9 (Use of AI Systems); Memo 7 evidence category 6 (Human Oversight Protocols); insurance evidence category 6.

Education-specific: Must specify oversight requirements for high-stakes decisions (grading, disciplinary recommendations, placement, admissions) versus lower-stakes applications (tutoring suggestions, content recommendations). The appropriate level of human oversight varies by decision consequence, and education involves a uniquely wide range of consequence levels.

¹⁶ EU AI Act (Regulation 2024/1689), Article 14. High-risk AI system obligations include human oversight capabilities: the ability to understand system outputs, correctly interpret results, and decide not to use or override the system.

Domain 6: Transparency and Explainability

Stakeholder disclosure obligations, plain-language notices about AI use, and documentation explaining how AI systems reach outputs that affect students, educators, or families. Transparency serves both regulatory requirements and trust maintenance.

Alignment: EU AI Act Article 13 (Transparency); ISO 42001 A.6 (Informing Interested Parties); Memo 7 evidence category 9 (Stakeholder Communication); insurance evidence category 5.

Education-specific: Disclosure requirements differ by audience: parents and guardians need accessible explanations of how AI affects their children; students need age-appropriate transparency; educators need sufficient technical understanding to exercise meaningful oversight; boards need governance-level reporting. A single disclosure format cannot serve all four audiences.

Domain 7: Vendor and Third-Party Management

Procurement evaluation criteria, contract requirements, ongoing monitoring procedures, and attestation expectations for AI vendors. Most educational institutions are deployers of third-party AI systems rather than developers, making vendor governance the primary point of control.

Alignment: ISO 42001 A.10 (Third-Party and Customer Relationships); Memo 7 evidence category 5 (Vendor Governance); insurance evidence category 8 (Third-Party Vendor Management).

Education-specific: Must address the reality that many educational AI tools are procured through informal channels (individual teacher adoption, free tier usage, trial periods that become permanent). Vendor governance must capture both formal procurement and informal adoption pathways. Contract requirements should address vendor liability caps, data ownership, audit rights, and governance attestation obligations.

Domain 8: Bias Testing and Fairness

Process documentation for identifying and mitigating algorithmic bias, disparate impact review procedures, and fairness assessment methodology. This domain assesses whether organizations have documented processes rather than prescribing specific statistical methodologies, which remain contested and context-dependent.

Alignment: Colorado CAIA bias testing requirements; ISO 42001 A.5 (impact assessment); Memo 7 evidence categories implicitly addressed through risk assessment and monitoring; insurance evidence category 4 (Bias Testing and Fairness Audits).

Education-specific: Bias in educational AI manifests differently than in other sectors. A grading algorithm that systematically disadvantages students from particular demographics produces different harms than a hiring algorithm with similar bias. Assessment must address educational-context bias categories: grading and assessment fairness, learning recommendation equity, disciplinary prediction disparities, resource allocation effects, and access equity across student populations.

Domain 9: Incident Response

Defined processes for AI-related failures, including detection, escalation, notification, remediation, and post-incident review. Incident response for AI systems extends beyond traditional cybersecurity incident response to include algorithmic failures, unexpected outputs, and governance breakdowns.

Alignment: Cyber insurance requirements; ISO 42001 continual improvement requirements; Memo 7 evidence category 7 (Incident Response Procedures).

Education-specific: Must address incidents involving minors, which carry heightened notification obligations and reputational consequences. Incident categories should include: AI system producing harmful content to students, algorithmic bias discovered in consequential decisions, data breach involving student information processed by AI systems, and AI system failure affecting educational operations.

Domain 10: Training, Competency, and Continuous Improvement

Role-based training requirements, competency verification, refresh cycles, and ongoing governance improvement processes. This domain ensures that governance is maintained as a living system rather than a one-time documentation exercise.

Alignment: EU AI Act Article 4 (AI Literacy); ISO 42001 A.4 (Resources for AI Systems), management system improvement requirements; Memo 7 evidence category 8 (Training Records) and 10 (Monitoring and Review Records).

Education-specific: Training requirements must be realistic for educational staffing models. A district where 77% of peers lack dedicated cybersecurity staff¹⁷ cannot implement the same training architecture as an enterprise technology company. Training must be role-differentiated: board members need governance literacy, administrators need oversight competency, teachers need practical AI integration skills, and IT staff need technical monitoring capability.

¹⁷ See Memorandum 1 in this series, analyzing K-12 Cybersecurity Resource Center data showing that 77% of surveyed districts reported lacking dedicated cybersecurity staff positions.

3.3 Education-Specific Additions Not in ISO 42001

The ten domains above incorporate education-specific concerns within each domain’s scope. Four cross-cutting concerns warrant explicit identification because they are absent from ISO 42001 and from most general-purpose AI governance frameworks:

Child safety and developmental appropriateness. AI systems interacting with minors must be evaluated for age-appropriateness of content, interaction patterns, and data collection practices. This concern cuts across multiple domains (data governance, risk assessment, vendor management) and requires explicit criteria that general-purpose frameworks do not provide.

Academic integrity. AI’s impact on assessment validity, original work standards, and learning outcome measurement requires governance that no other sector faces. The tension between AI as a learning tool and AI as an integrity threat demands domain-specific criteria.

Parental and guardian involvement. Educational AI governance must accommodate parental rights to information about and consent for AI interactions with their children. This obligation has no parallel in enterprise AI governance and requires specific procedural requirements.

Age-gated access controls. Different AI capabilities may be appropriate for different developmental stages. Governance must address whether and how AI access is differentiated by student age, a concern that requires education-specific criteria beyond general data protection age thresholds.

3.4 Mapping to Insurance Evidence Requirements

The following table demonstrates how the ten proposed control domains map to the evidence categories identified in Memorandum 7 and the eight insurance evidence categories from Memorandum 2. This mapping ensures that certification produces documentation that satisfies underwriter expectations.

The mapping is not perfectly one-to-one, and this is by design. Insurance evidence categories were designed for underwriting efficiency, not governance comprehensiveness. Where insurers collapse categories (combining data quality and privacy into a single "Data Governance" bucket, for example), the certification framework preserves governance completeness because operational governance requires finer distinctions than underwriting questionnaires demand. Where insurance evidence categories have no direct certification domain match (incident response mapped "within risk management," for instance), the certification domain generates the specific artifacts underwriters expect as a subset of its broader governance scope. Every insurance evidence requirement is addressed by at least one domain; the framework provides fuller coverage than underwriting alone requires.

4. Certification Levels and Pathways

4.1 The Tiered Approach

Binary certification (pass/fail) creates two problems for education AI governance. First, it establishes a single threshold that either excludes institutions that have begun governance work but not completed it, or sets the bar low enough that certification provides minimal assurance. Second, it provides no mechanism for demonstrating improvement over time.

The proposed framework establishes three certification levels, each requiring progressively more evidence of governance maturity. Organizations can achieve Level 1 and build toward Level 2, demonstrating progress to insurers, regulators, and communities without requiring full maturity from day one.

Level 1: Foundational

Demonstrates that the organization has established governance architecture: policies exist, roles are assigned, inventory is initiated, and foundational processes are documented. Level 1 certification attests to governance design rather than operational effectiveness.

Evidence standard: Documented policies, named roles, initial AI inventory, foundational risk assessment, and evidence of board or executive awareness and approval. The organization can describe what it intends to do.

Analogous to: SOC 2 Type I (design assessment at a point in time);¹⁸ ISO management system initial implementation.

Target timeline: Achievable within 60 to 90 days for an organization beginning from a reasonable baseline.

Intended audience: Insurance underwriters evaluating governance posture at renewal; boards demonstrating initial due diligence; procurement processes requiring evidence of governance commitment.

Level 2: Operational

Demonstrates that governance controls are implemented and operating. Policies have been translated into procedures. Procedures have been executed and documented. Evidence of operational activity exists across all ten domains.

Evidence standard: Documented procedures with evidence of execution; training records demonstrating staff completion; vendor assessments conducted and documented; incident response tested (tabletop or actual); human oversight documented for consequential decisions. The organization can demonstrate what it has done.

Analogous to: SOC 2 Type II (operating effectiveness over a period, typically 6 to 12 months); ISO surveillance audit.

Target timeline: Achievable within 6 to 12 months after Level 1, depending on organizational capacity and starting position.

Intended audience: Insurance underwriters conditioning coverage on demonstrated governance; regulatory compliance (Colorado CAIA, EU AI Act); procurement processes requiring operational evidence; parents and communities seeking accountability.

Level 3: Mature

Demonstrates continuous improvement and governance sophistication. Controls are not merely operating but being monitored, measured, and refined. The organization learns from incidents, incorporates emerging requirements, and can demonstrate governance evolution over time.

Evidence standard: Monitoring and measurement data; corrective action records; evidence of governance adaptation in response to incidents, regulatory changes, or technology evolution; benchmarking against peers; internal audit or self-assessment results with documented follow-through. The organization can demonstrate how it improves.

Analogous to: ISO recertification with demonstrated continual improvement; mature SOC 2 programs with multi-year operating history.

Target timeline: Typically requires 18 to 24 months of operational governance history following Level 2 achievement.

Intended audience: Specialty insurance products requiring governance maturity evidence; regulatory safe harbor provisions; institutional differentiation in competitive enrollment markets; standards body participation and peer leadership.

¹⁸ AICPA, AT-C Section 205: Examination Engagements. Type I reports examine the suitability of design of controls at a specified date. Type II reports examine both design suitability and operating effectiveness over a stated period.

4.2 Pathway for Small Districts vs. Large Districts

Cost and capacity are the primary barriers to certification for educational institutions. The tiered structure addresses this partially, but pathway design must go further.

Small districts (under 5,000 students, limited administrative staff) face fundamentally different resource constraints than large districts with dedicated compliance, IT, and legal departments. The certification framework must accommodate both without diluting rigor.

For small districts, Level 1 certification should be achievable with existing administrative capacity. The framework should provide template documentation, implementation guides, and assessment processes that do not require external consultants for foundational certification. The design objective for Level 1 assessment is affordability comparable to existing compliance costs, achievable through templating and scoped evidence review rather than comprehensive audit.

For large districts, the framework should expect more sophisticated governance architecture: dedicated roles rather than additional responsibilities assigned to existing staff, formal committee structures, vendor management programs with documented assessment cycles, and monitoring systems producing regular governance reporting.

The distinction is not lower standards for smaller institutions but right-sized expectations. A small district with three AI tools and one person responsible for technology governance faces different operational requirements than a large district with forty AI systems and a technology department of twenty staff. Both can demonstrate appropriate governance; the evidence looks different.

4.3 Pathway for EdTech Vendors

The framework must address vendors as well as deploying institutions. Most educational AI governance depends on vendor controls: institutions deploy vendor-built systems and have limited visibility into how those systems function internally.

Vendor certification operates under the same ten domains but with criteria shifted from deployment controls to product lifecycle and customer governance support: model development and validation, training data governance, bias testing methodology, transparency documentation, update and change management, incident detection and notification, and support for customer governance compliance.

Vendor certification produces artifacts that deploying institutions can reference in their own governance documentation. A vendor holding Level 2 certification provides evidence that satisfies portions of Domain 7 (Vendor and Third-Party Management) for every institution using that vendor’s products. This creates efficiency: the vendor demonstrates governance once, and multiple institutions benefit.

The vendor pathway also creates market incentives. Vendors seeking to sell into governance-conscious districts or districts subject to regulatory requirements benefit from certification that pre-answers procurement questions. As documented in Memorandum 5, governance-mature vendors differentiate on compliance readiness rather than competing solely on features and price.

4.4 Reciprocity with ISO 42001

Organizations that have achieved ISO 42001 certification have already demonstrated conformity with a comprehensive AI management system standard. The education AI certification framework should recognize this achievement through reciprocity provisions rather than requiring redundant assessment.

An ISO 42001-certified organization seeking education AI certification should receive credit for controls that map to ISO requirements, with supplemental assessment limited to education-specific domains not covered by ISO 42001: child safety, academic integrity, parental involvement, age-gated access, and education-specific regulatory requirements (FERPA, COPPA, state student privacy laws).

Reciprocity operates in one direction. ISO 42001 is a broader, internationally recognized standard; education AI certification is sector-specific and narrower in overall scope but deeper in education-relevant requirements. An organization holding education AI certification should not automatically receive ISO 42001 recognition, though the governance infrastructure built for education certification would substantially reduce the effort required for ISO implementation.

This asymmetric reciprocity reflects the relationship between the frameworks: ISO 42001 provides the management system architecture, and education AI certification provides sector-specific control criteria. They are complementary, not competing.

5. Governance of the Certifying Body

5.1 Who Should Govern

Memorandum 5 identified three paths emerging during the pre-certification period:¹⁹ reputation-based assessors (Path A), voluntary certifying bodies (Path B), and insurance-employed specialists (Path C). This section examines institutional options for Path B, the path most relevant to formal certification framework development, while noting how each option addresses weaknesses in Paths A and C.

Four governance structures merit consideration.

Option A: Existing education association. Organizations such as CoSN (Consortium for School Networking), AASA (American Association of School Administrators), or their international equivalents could host AI governance certification within their existing organizational infrastructure. This approach offers immediate institutional legitimacy, established relationships with educational institutions, and operational capacity for standards development. The risk is mission dilution: education associations serve member interests, which may not align with the independence certification requires. An association whose members are the organizations being certified faces structural conflicts that undermine credibility with external stakeholders, particularly insurers.

Option B: New cross-sector consortium. A purpose-built consortium incorporating education, insurance, vendor, and public interest representation could establish certification infrastructure independent of any single stakeholder group. This approach enables balanced governance by design. The challenge is formation: convening diverse stakeholders, securing initial funding, and building institutional capacity from scratch requires time and coordination that may exceed the pre-certification window.

Option C: Extension of ISO 42006 infrastructure. ISO/IEC 42006:2025 specifies competence requirements for bodies providing audit and certification of AI management systems, building on the general conformity assessment requirements in ISO/IEC 17021-1.²² Education AI certification could operate within this existing infrastructure, with education-specific control criteria supplementing the general AI management system framework. This approach provides immediate international recognition and established quality assurance mechanisms. The limitation is that ISO infrastructure is designed for enterprise certification at enterprise price points. Adapting it for educational contexts risks inheriting the cost and complexity barriers documented in Memorandum 4.

Option D: Government-convened body. National or state-level governments could convene certification bodies. The UK Department for Science, Innovation and Technology published its "Trusted third-party AI assurance roadmap" in September 2025, explicitly aiming to build a world-leading AI assurance market, reporting the sector already worth over £1 billion and establishing an £11 million AI Assurance Innovation Fund to accelerate development.²³ Government convening provides legitimacy and potential funding. The risks include political influence on standards, jurisdictional limitations on recognition, and the pace of government processes relative to market need.

¹⁹ Memorandum 5 in this series, Section 3. Path A: reputation-based independent assessors; Path B: voluntary certifying bodies; Path C: insurance-employed or insurance-contracted specialists.

²² ISO/IEC 42006:2025, "Information technology -- Artificial intelligence -- Requirements for bodies providing audit and certification of artificial intelligence management systems." Published July 2025. The standard builds on ISO/IEC 17021-1 (conformity assessment requirements for audit and certification bodies) and specifies additional competence requirements for AI management system auditors. See https://www.iso.org/standard/86726.html.

²³ UK Department for Science, Innovation and Technology, "Trusted third-party AI assurance roadmap," Policy paper, September 3, 2025. The roadmap reports the UK AI assurance market was worth approximately £1 billion GVA in 2024 and establishes an £11 million AI Assurance Innovation Fund. See https://www.gov.uk/government/publications/trusted-third-party-ai-assurance-roadmap/trusted-third-party-ai-assurance-roadmap.

No single option is clearly superior. The most likely outcome is a hybrid: government-convened initial standards development, consortium-based governance, with recognition pathways that connect to ISO infrastructure for organizations seeking international portability. What matters most is that governance design begins now, during the pre-certification window, rather than after external pressures have already locked in suboptimal arrangements.

5.2 Governance Principles

Regardless of institutional form, the certifying body should observe four governance principles.

Independence from certified organizations. The body setting standards and issuing certifications cannot be controlled by the organizations seeking certification. This is the foundational principle that separates credible certification from industry self-regulation. Board composition should include external stakeholders (insurance, public interest, academic) alongside education representatives.

Balanced stakeholder representation. No single constituency should dominate governance. A framework captured by large districts excludes small schools. A framework captured by vendors prioritizes vendor interests over educational mission. A framework captured by insurers narrows scope to what affects coverage rather than what affects students. Balanced representation requires structural protections: seat allocations, term limits, and voting rules that prevent concentration of influence.

Transparent standards development. Control criteria and decision rules should be developed through open processes with public comment periods. Assessor workpapers, sampling plans, and proprietary assessment procedures are not public; the distinction between shared standards and professional methodology is itself a governance design choice. Transparency in criteria builds legitimacy and enables stakeholders to identify problems before they become embedded in practice.

Appeals and dispute resolution. Organizations that disagree with certification decisions need formal recourse. Without appeals processes, certification becomes arbitrary. Dispute resolution mechanisms should be independent of the assessment team that made the original determination.

5.3 Funding Models

Certification bodies require sustainable funding that does not compromise independence. Four revenue sources, likely used in combination, are available: certification fees paid by assessed organizations, membership dues from participating stakeholders, government grants for standards development and pilot phases, and foundation support for initial capacity building.

The critical constraint is that funding cannot create dependency on any single stakeholder group. A body funded primarily by vendor fees has incentive to set standards vendors can easily meet. A body funded primarily by government grants is vulnerable to political shifts. Diversified funding protects independence.

5.4 Avoiding Capture

Capture risk is the most consequential governance design challenge. Three capture scenarios require structural prevention.

Vendor capture occurs when technology companies dominate standards development, resulting in criteria that validate their products rather than measuring governance quality. Prevention requires limiting vendor representation on governing boards, maintaining independent criteria development, and prohibiting vendor-funded assessment.

Large district dominance occurs when well-resourced institutions shape criteria to their capacity, creating requirements that smaller districts cannot meet. Prevention requires explicit small-district representation and tiered requirements that maintain rigor without assuming enterprise resources.

Insurance industry capture occurs when carriers shape certification to serve underwriting efficiency rather than educational governance quality. As Memorandum 5 noted, Path C (insurance-employed specialists) risks narrowing scope to what affects coverage rather than what affects educational duty-of-care. Prevention requires that certification scope remains anchored to educational mission, with insurance evidence production as a benefit of certification rather than its primary purpose.

Structural protections against all three capture scenarios include term limits on governing board seats, mandatory representation quotas for underrepresented constituencies (small districts, rural schools, international institutions), supermajority requirements for criteria changes, public comment periods before any standard revision takes effect, and published conflict-of-interest policies for all governance participants.

5.5 Roles Separation

Certification ecosystems distinguish three functional roles that should not be conflated in governance design. The scheme owner (or standard setter) writes control criteria, governs updates, and maintains the framework’s integrity over time. Certification bodies evaluate organizations against those criteria and issue certification decisions. Assessors (or auditors) perform the assessment work under quality assurance rules established by the scheme owner. In mature systems such as ISO certification, these roles are structurally separated: ISO develops standards, accreditation bodies oversee certification bodies, and auditors conduct assessments under oversight. Education AI certification need not replicate ISO’s full architecture immediately, but the roles separation principle should be embedded from the start. Conflating standard-setting with assessment, or assessment with certification decisions, creates the conditions for capture and quality erosion that the governance principles above are designed to prevent.

6. Assessor Credentialing

6.1 The Assessor Quality Problem

Memorandum 5 documented the core tension: independent assessment provides higher evidentiary weight than self-attestation, but only if the assessor is competent and independent. Without quality controls, the market produces assessors of variable capability, and buyers cannot distinguish competent assessment from compliance theatre.

This problem exists regardless of which institutional path develops. Path A assessors need quality signals to differentiate. Path B certification bodies need assessor standards to maintain credibility. Path C insurance-employed specialists need domain expertise to produce meaningful evaluations. Assessor credentialing addresses all three.

6.2 Credentialing Requirements

Competent education AI governance assessment requires four knowledge domains operating simultaneously.

Regulatory knowledge. Assessors must understand the applicable legal framework: FERPA, COPPA, state student privacy laws, EU AI Act high-risk obligations, and emerging state AI legislation. Education AI governance exists within a regulatory stack that differs substantially from enterprise AI compliance.

Insurance and risk knowledge. Assessors must understand what evidence underwriters expect and how governance documentation translates into coverage positioning. This knowledge enables assessors to produce findings that serve insurance purposes without being captured by insurer interests.

Education domain knowledge. Assessors must understand educational operational realities: staffing constraints, governance structures (elected boards, collective bargaining), procurement processes, the distinction between district-level policy and building-level practice, and the stakeholder landscape (parents, students, educators, boards, state departments). Generic IT auditors lack this contextual understanding.

Assessment methodology. Assessors must be trained in evidence evaluation, sampling, independence maintenance, documentation standards, and quality assurance procedures. Domain knowledge without assessment discipline produces opinions, not defensible findings.

Critically, assessors must be able to translate findings into the language that insurers and procurement authorities use without allowing those stakeholders to narrow assessment scope. An assessment that speaks only to underwriting risk misses educational duty-of-care. An assessment that ignores insurance evidence expectations produces documentation that sits unused. The competent assessor bridges both without subordinating either.

Independence requires structural safeguards beyond good intentions. Credentialed assessors must follow conflict rules: no assessing organizations where they have designed, implemented, or operated the controls being assessed. This separation between advisory and assurance functions is standard in financial audit and ISO certification. Its absence in an emerging field invites the quality erosion that credentialing exists to prevent.

No existing credential covers all four domains.²⁰ CISA (Certified Information Systems Auditor) covers methodology and IT governance but not education or insurance. CIA (Certified Internal Auditor) covers methodology but not AI-specific or education-specific requirements. ISO Lead Auditor certifications cover management system assessment but assume enterprise contexts.

²⁰ ISACA, "Certified Information Systems Auditor (CISA)," https://www.isaca.org/credentialing/cisa; Institute of Internal Auditors, "Certified Internal Auditor (CIA)," https://www.theiia.org/en/certifications/cia/; ISO Lead Auditor certification programs under ISO 19011 and ISO/IEC 17021 frameworks. See https://www.iso.org/standard/70017.html (ISO 19011:2018).

6.3 Credentialing Pathways

Two pathways accommodate different entry points.

Experienced practitioners with demonstrated assessment track records in education AI governance should qualify through portfolio review and examination rather than full training programs. This grandfather provision recognizes that the field is new enough that practitioners have built expertise through practice rather than formal credentialing. Grandfather provisions should be time-limited to prevent indefinite bypassing of credentialing requirements.

New entrants should complete structured training covering all four knowledge domains, followed by supervised assessments and examination. Training should be modular, allowing professionals with existing credentials (CISA, CIA, ISO Lead Auditor) to receive credit for relevant prior learning while completing education-specific and AI-specific modules.

Reciprocity with related credentials reduces barriers without diluting requirements. A CISA holder needs education domain training but not assessment methodology training. An ISO 42001 Lead Auditor needs education-specific guidance but not management system audit training. Modular credentialing recognizes existing competencies while ensuring that every assessor commands the full knowledge base.

6.4 Connecting Credentialing to the Insurance Path

Memorandum 5 identified Path C (insurance-employed specialists) as emerging but limited by capacity constraints and potential scope narrowing. Assessor credentialing addresses both limitations.

Carriers seeking to integrate governance assessment into underwriting need assessors with education domain expertise. That expertise does not currently exist within insurer assessment teams. Credentialed assessors provide carriers with a qualified pool they can employ or contract, solving the capacity problem while maintaining domain quality.

Credentialing also addresses scope narrowing. A credentialed assessor trained across all four knowledge domains produces findings that address educational governance comprehensively, not only the subset relevant to underwriting. Carriers benefit from comprehensive assessment because it produces better risk signals. Institutions benefit because a single assessment serves multiple stakeholder needs.

The relationship is symbiotic: credentialing strengthens Path C by supplying qualified assessors, while Path C creates demand for credentialed assessors. This dynamic accelerates both market development and quality assurance.

7. Implementation Timeline

Implementation must account for market urgency and institutional realism simultaneously. Regulatory deadlines arriving in 2026 create pressure,²¹ but certification infrastructure cannot be responsibly built overnight. The following phased timeline balances speed with quality.

Phase 1: Standards Development (Year 1). Convene a working group representing education institutions, vendors, insurers, and public interest stakeholders. Draft control domain specifications and assessment criteria through an open process with public comment. Develop initial assessor credentialing requirements.

During this phase, interim independent assessment continues under Path A, producing evidence and operational learning that informs standards development. Anonymized findings from interim assessments, including recurring evidence gaps and common governance weaknesses, serve as empirical grounding for formal criteria rather than allowing standards to be developed from theory alone.

Phase 2: Pilot Program (Year 2). Recruit a cohort of pilot organizations spanning district sizes, vendor types, and jurisdictions. Train an initial assessor cohort against draft credentialing requirements. Conduct pilot assessments using draft criteria and document findings. Refine control specifications, assessment procedures, and credentialing requirements based on pilot experience. Pilot findings should be published (with organizational consent) to build market confidence and inform stakeholder feedback.

Phase 3: Launch (Year 3). Open certification to the broader market. Publish a registry of certified organizations. Begin assessor credentialing at scale. Establish ongoing governance processes including criteria updates, appeals procedures, and quality assurance for assessors.

Phase 4: Maturation (Years 4 through 5). Conduct first recertification cycles, testing whether Level 2 and Level 3 organizations maintain governance quality. Update criteria in response to regulatory changes, technology evolution, and lessons from the assessment cycle. Pursue international reciprocity discussions, particularly with ISO 42006-aligned certification bodies.

This timeline is aspirational. Real-world coordination challenges, funding constraints, and political dynamics may accelerate or delay specific phases. The critical point is that Phase 1 should begin now. Every month of delay during the pre-certification window is a month of uncoordinated market development where standards fragment rather than converge.

²¹ Ohio House Bill 96 (July 2026), Colorado S.B. 24-205 (effective June 30, 2026, following postponement via S.B. 25B-004), and EU AI Act high-risk obligations (August 2026, subject to proposed Digital Omnibus deferrals). See notes 2, 3, and 4.

8. Recommendations and Conclusion

8.1 For Education Associations

Convene the standards conversation. No single organization can or should design this framework alone, but someone must initiate the process. Education associations are positioned to convene working groups, provide institutional infrastructure, and ensure that the education community’s voice is represented. The risk of inaction is that certification criteria will be developed by adjacent sectors (insurance, enterprise technology) and applied to education without adaptation.

8.2 For the Insurance Industry

Publish evidence expectations in specific, consistent formats. The ambiguity documented in Memorandum 3 (where the same governance requirement produces different evidence demands depending on who is asking) slows institutional response. When carriers make expectations legible, institutions can build documentation infrastructure to meet them. Recognize certification in underwriting criteria as it emerges.

Governance-linked premium structures reward documented controls and improve risk stratification for carriers and institutions alike.

8.3 For Government and Policy Makers

Support standards development without mandating specific frameworks prematurely. Government can fund convening, pilot programs, and research. Government can establish recognition pathways that give certification market value. What government should avoid is locking in a specific framework before pilot evidence demonstrates what works. The UK DSIT AI assurance roadmap provides a constructive model:²⁴ government investment in market development without prescriptive standards.

²⁴ See DSIT (2025) roadmap, note 23. The DSIT roadmap explicitly aims to build institutional capacity for AI assurance as a professional market, providing a model for government investment in certification infrastructure without prescriptive technical standards.

8.4 For Educational Institutions and Vendors

Act during the pre-certification window. Build governance infrastructure proactively rather than waiting for external requirements to dictate terms. The seven design principles proposed in this memorandum apply to institutional governance regardless of whether formal certification arrives on any particular timeline. Organizations that build governance now choose their approach. Organizations that wait will implement frameworks others designed.

Conclusion

The education sector will eventually develop certification infrastructure for AI governance. The question this memorandum addresses is not whether, but what, how, and governed by whom.

The design principles proposed here are not final specifications. They are a starting point for a conversation that must involve education institutions, vendors, insurers, regulators, families, and the assessors who will ultimately implement whatever framework emerges. The control domains are proposed, not prescribed. The tiered certification levels are designed, not decreed. The governance structures are options, not mandates.

What this memorandum does establish is that design choices made now will constrain options later. Certification frameworks are path-dependent. The organizations and individuals who participate in standards development shape the framework that all others inherit. The pre-certification window documented across this memorandum series is the opportunity to participate in that design. It will not remain open indefinitely.

Scope Limitation

This memorandum proposes design principles for certification framework architecture. It does not publish assessment criteria, scoring methodology, evidence sufficiency thresholds, sampling rules, or assessor procedures. Operational assessment methodology remains proprietary to the author’s practice. The distinction between framework design (published) and assessment methodology (proprietary) is itself a design principle: public standards create shared expectations, while professional methodology ensures assessment quality.

References

American Institute of Certified Public Accountants (AICPA). "SOC 2 -- SOC for Service Organizations: Trust Services Criteria." https://www.aicpa-cima.com/topic/audit-assurance/audit-and-assurance-greater-than-soc-2.

Colorado General Assembly. "SB24-205: Concerning Consumer Protections in Interactions with Artificial Intelligence Systems." Signed May 17, 2024. Effective date postponed to June 30, 2026, via SB 25B-004 (signed August 28, 2025). https://leg.colorado.gov/bills/sb24-205. See also "SB25B-004," https://leg.colorado.gov/bills/sb25b-004.

European Commission. "Digital Omnibus on AI Regulation Proposal." November 2025. https://digital-strategy.ec.europa.eu/en/library/digital-omnibus-ai-regulation-proposal.

European Parliament. "EU AI Act: First Regulation on Artificial Intelligence." Regulation 2024/1689. https://www.europarl.europa.eu/topics/en/article/20230601STO93804/eu-ai-act-first-regulation-on-artificial-intelligence.

International Organization for Standardization. "ISO/IEC 42001:2023 -- Information technology -- Artificial intelligence -- Management system." December 2023. https://www.iso.org/standard/81230.html.

International Organization for Standardization. "ISO/IEC 42006:2025 -- Information technology -- Artificial intelligence -- Requirements for bodies providing audit and certification of artificial intelligence management systems." July 2025. https://www.iso.org/standard/86726.html.

International Organization for Standardization. "ISO/IEC 17021-1:2015 -- Conformity assessment -- Requirements for bodies providing audit and certification of management systems." https://www.iso.org/standard/61651.html.

International Organization for Standardization. "ISO 19011:2018 -- Guidelines for auditing management systems." https://www.iso.org/standard/70017.html.

National Institute of Standards and Technology (NIST). "Artificial Intelligence Risk Management Framework (AI RMF 1.0)." January 2023. https://www.nist.gov/artificial-intelligence/risk-management-framework.

Ohio Department of Education & Workforce. "AI in Ohio’s Education." https://education.ohio.gov/Topics/AI-in-Ohio-s-Education.

ISACA. "Certified Information Systems Auditor (CISA)." https://www.isaca.org/credentialing/cisa.

Institute of Internal Auditors. "Certified Internal Auditor (CIA)." https://www.theiia.org/en/certifications/cia/.

Purdy, Ryan James. "The Operational Gap: How Insurance Requirements Reveal What AI Policy Frameworks Miss." Memorandum No. 1, AI Governance in Education Series. Purdy House Publishing & Consulting. December 2025.

Purdy, Ryan James. "The Forcing Function: Insurance, Regulation, and Loss Signals in Education AI Governance." Memorandum No. 2, AI Governance in Education Series. Purdy House Publishing & Consulting. December 2025.

Purdy, Ryan James. "The Translation Problem: How the Same Governance Requirement Becomes Different Evidence Demands." Memorandum No. 3, AI Governance in Education Series. Purdy House Publishing & Consulting. January 2026.

Purdy, Ryan James. "ISO 42001 in Education: Assessing the International Standard Against Sector Reality." Memorandum No. 4, AI Governance in Education Series. Purdy House Publishing & Consulting. January 2026.

Purdy, Ryan James. "Beyond Self-Attestation: The Case for Independent AI Governance Assessment in Education." Memorandum No. 5, AI Governance in Education Series. Purdy House Publishing & Consulting. January 2026.

Purdy, Ryan James. "The Liability Squeeze and the Governance Response: How Documentation Becomes Leverage." Memorandum No. 7, AI Governance in Education Series. Purdy House Publishing & Consulting. January 2026.

UK Department for Science, Innovation and Technology (DSIT). "Trusted third-party AI assurance roadmap." Policy paper, September 3, 2025. https://www.gov.uk/government/publications/trusted-third-party-ai-assurance-roadmap/trusted-third-party-ai-assurance-roadmap.

UK Government. "New £11 million fund to boost AI assurance." Press release, September 3, 2025. https://www.gov.uk/government/news/new-11-million-fund-to-boost-ai-assurance.

About the Author

Ryan James Purdy is the founder of Purdy House Publishing & Consulting, specializing in AI governance for the education sector. With nearly 30 years of experience in education, including ESL, international education, and institutional leadership, he brings operational understanding of educational institutions to governance design.

His research focuses on the intersection of AI governance, insurance market dynamics, and regulatory compliance in education. He has published three books on AI policy and compliance in education and is recognized for frameworks that have anticipated recommendations later issued by UNESCO and UNICEF. He participates in Pakistan’s 100 Minds AI policy initiative, contributing to international efforts to develop governance capacity in education systems across diverse contexts.

In addition to his research and publishing work, Purdy is actively engaged in educational AI assurance practice, conducting independent governance assessments of school boards and EdTech vendors using the methodology and frameworks described across this memorandum series. This applied work informs the design principles proposed here and provides the empirical grounding that distinguishes operational governance architecture from aspirational policy.

About Purdy House Publishing & Consulting

Purdy House Publishing & Consulting provides AI governance assessment, research, and advisory services for educational institutions and EdTech vendors. The firm’s work bridges the gap between aspirational AI policy frameworks and the operational governance documentation that regulators, insurers, and procurement authorities require.