Case Study · HealthTech & MedTech
The Power of Unification: How Alto Health Built One Integrated Management System.
Dawn Horizon & Alto Health: building a trustworthy AI foundation for compliant market entry.
Client
Marita Kenrick
CEO and Co-founder, Alto Health
Introduction
Unified governance for a regulated launch.
For innovative companies in regulated sectors, integrating new AI requirements with existing, often siloed, compliance systems is a critical and complex challenge. Dawn Horizon partners with these businesses to build the unified governance frameworks their technology requires. This engagement with Alto Health, a European HealthTech company, focused on unifying their governance to navigate the European regulatory landscape and ensure compliant market entry for their AI-driven platform.
The Challenge
Strong components, not yet a single system.
Like many businesses, Alto Health's governance for quality, security and privacy had grown up separately, creating inefficiencies, conflicting processes and compliance gaps. They wanted to break that pattern. Their specific request was how best to use their existing quality management system, ISO 13485, as the regulatory backbone for their new AI platform, integrated to hold the EU AI Act, GDPR and ISO 27001 together.
Our analysis confirmed their governance components were strong but disparate, not yet aligned into the single, cohesive approach needed to manage the overlapping demands of the EU's digital regulatory landscape. With a clinical launch and seed funding round approaching, they needed a clear path to unite these regulations into one compliance roadmap, and a defensible, always-audit-ready platform.
"We understood our technology's potential, but also the complexity of the regulatory landscape. We were looking at the EU AI Act, GDPR, and the Medical Device Regulation. We needed a strategic partner with deep expertise in cyber, privacy and AI compliance to provide a clear path forward."
Marita Kenrick, Co-founder, Alto Health
Our Solution
Three phases, each ending in concrete deliverables.
The engagement ran in three phases, each ending in concrete deliverables, all aimed at the core request: how best to leverage and integrate their existing QMS.
Phase · 01
Kick-off and Mapping
Workshops established a regulatory trigger map and delivered the classification of their platform as a high-risk AI system under the EU AI Act, a foundational input for the whole strategy.
Phase · 02
Midpoint Assessment
A detailed compliance gap analysis against GDPR, ISO 27001 and the AI Act, followed by a draft risk register and a clear outline for extending their QMS to manage the new requirements holistically, confirming the integrated approach was viable.
Phase · 03
Final Roadmap
The cornerstone recommendation: an Integrated Management System (IMS) that validated their existing QMS and provided the clear path they sought, with strategic guidance connecting the IMS to their broader corporate risk framework and a tactical, actionable delivery roadmap.
"The recommendation to build an Integrated Management System was a key moment for us. Instead of separate, siloed compliance programmes, Dawn Horizon provided a unified framework. The guidance was always practical and focused on actionable steps, and the collaborative workshops built our internal capabilities so the new processes were embedded in our organisation."
Marita Kenrick, Co-founder, Alto Health
The Results
A unified foundation for growth and governance.
The engagement gave Alto Health a unified foundation for growth and governance. It replaced ambiguity and process conflict with a single, actionable roadmap, validated their decision to build on their existing QMS, and delivered both strategic clarity and operational efficiency.
The resulting Integrated Management System and tactical roadmap underpin a safe, compliant market launch and their always-audit-ready objective. Internally, risk management is integrated within a single system covering AI, security and privacy together. Externally, a demonstrable, unified compliance posture has become a business enabler, giving investors, partners and future healthcare clients real assurance of trustworthy AI.
The Team
Lee Bristow
Founder & Lead Advisor
Specialist input on AI governance, cyber governance, ISO/IEC 27001, ISO/IEC 42001, risk management and data protection. Responsible for overall project delivery and all workshops.
Eoghan Kenny
Strategic Collaborator
Specialist input on GDPR, data protection and medical data governance, with contingency and quality oversight across the engagement.
"Working with Dawn Horizon has been an important strategic step for Alto Health. We now have a clear roadmap that gives our stakeholders a high degree of confidence in our governance. They listened to our specific challenge and provided a path to unification, not just more complexity."
Marita Kenrick, Co-founder, Alto Health
How this connects
Governance by Design, at full scale.
Alto Health is Integrated Management Systems & Risk Frameworks in action: one control set, mapped across ISO 13485, ISO 27001, GDPR and the EU AI Act, evidenced once and defensible to every regulator and auditor. This is Dawn Horizon's Governance by Design approach at full scale.