Enterprise Governance & Risk

Building a Tiered AI Literacy Program

A single training course cannot serve the accountant who uses an AI drafting tool twice a week and the engineer who maintains the prompt pipeline behind it. Tier the program, or it serves neither.

Claude 3P 101 · Updated July 2026 · Unofficial guide

AI literacy is becoming a standing expectation for organizations that deploy AI — from regulators, from customers, and from auditors reviewing your governance program. The workable structure, as recommended practice, is three tiers: awareness for everyone, proficiency for power users, and practitioner depth for the teams who build and operate AI systems. Each tier has a different audience, a different depth, and a different refresh cadence. This article describes what belongs in each.

Tier 1 — Awareness: every employee

The base tier is short (an hour or less), mandatory, and repeated at onboarding. It covers exactly four things: what a language model is and its characteristic failure mode (confident, plausible, wrong); which tools are approved and for which data; the never-send list tied to your data classification; and the escalation triggers and channel. We cover this tier in detail in training employees on AI risk — the goal is a small, accurate mental model, not technical depth.

Measure completion, keep the records, and refresh when something material changes rather than on a fixed anniversary. A five-minute update after a real (anonymized) internal incident teaches more than an annual hour.

Tier 2 — Proficiency: power users

Power users are staff whose output substantially runs through AI: support teams using assisted responses, analysts summarizing documents, marketers drafting content, HR and legal staff using approved review tools. They need everything in Tier 1 plus the skills to use the tools well and to act as the first line of quality control:

This tier is best delivered per-function, with examples from the team's actual tools, and refreshed whenever a tool or underlying model changes materially.

Tier 3 — Practitioner: builders and operators

The deepest tier is for engineers, data teams, and product owners who build and maintain Claude-powered systems. This curriculum is technical and platform-specific. A reasonable syllabus:

ModuleWhat it covers
Platform fluencyWhich surface you run on (first-party API, Claude Platform on AWS, Bedrock, Vertex AI, Foundry), what differs — feature availability, who acts as data processor, how billing and quotas work.
Model lifecycleModel IDs are pinned snapshots; migrations between versions can carry breaking changes and re-baselined token counts; deprecation dates are published and must be tracked.
Data handlingRetention defaults and exceptions, zero-data-retention arrangements and which stateful features fall outside them, residency controls — grounded in the official data-retention documentation.
Safety engineeringPrompt injection and mitigations, output validation, refusal handling, content-policy enforcement layers, human-in-the-loop design.
Evaluation & monitoringBuilding evals for their use case, regression testing across model changes, usage and cost monitoring, incident response.

Practitioner training should be assessed by doing — a reviewed eval suite or a completed pre-production checklist — not by a quiz. And it must be maintained: this layer goes stale fastest, because platforms ship features and models continuously.

Running the program

Three recommendations from practice. First, give the program an owner — typically whoever owns AI governance — and let department leads own Tier 2 content, since they know the workflows. Second, define tier membership by access, not job title: anyone granted a power-user tool takes Tier 2 first; anyone with production API access takes Tier 3. Your identity system already knows who these people are. Third, keep records of who completed what and when — training records are among the categories of documentation examiners commonly request (see records your regulators may ask for).

Where to go next

Start with the base tier in training employees on AI risk, then anchor the program in your governance structure via program foundations and the governance maturity model.

Sources