AI compliance platform
Compliance, under control.
Alchex continuously checks how your organization actually operates against the ISO standards you follow — policies, controls, and evidence audited clause by clause.
Governance documents
Policies that live, not PDFs that rot
Author policies and procedures in a real collaborative editor. Documents move through draft, review, and approval with genuine sign-off — and every version compares as a readable document, not a wall of red and green.
- Draft → review → publish, with separation of duties
- Version diffs render as the document your auditor will read
- Anchored comments and approvals on the exact paragraph
AI clause audits
Audited the way an auditor reads
Specialist auditor agents work through your documents and evidence clause by clause against the standard. Every verdict cites the exact material it was drawn from — so you can defend it, or fix it.
- Clause-by-clause verdicts against the standard you follow
- Findings cite their evidence — no black-box scores
- Gaps ranked by what actually breaks compliance
Evidence & controls
Evidence that collects itself
Connect the tools you already run. Evidence flows in continuously and lands on the exact clauses it proves, while scheduled controls keep checking that reality still matches the paperwork.
- Connectors pull live evidence from your stack
- Every item is bound to the clauses it proves
- Controls run on schedule — audits are gated on passing tests
How it works
A loop, not a checklist
Compliance isn't a binder you produce once a year. Alchex runs it as a continuous cycle.
Author
Stand up your governance spine. Pull templates from the marketplace or write from scratch in a living editor — policies and procedures move through draft, review, and approval with real sign-off.
Operate
Design controls and put them on schedule. Connect your stack so evidence flows in continuously and lands on the exact clauses it proves.
Audit
Auditor agents check your documents and evidence clause by clause against the standard — verdicts with cited proof, gaps ranked by what actually breaks compliance.
Improve
Findings flow back into your documents and controls, and the loop runs again. When the external auditor arrives, everything is already in order.
Platform
And the rest of the system
Everything around the core — so compliance lives in one place instead of a folder, a spreadsheet, and someone's memory.
Risk management
A minimalist risk record your team will actually keep current — scored, owned, and tied to the controls that treat it.
Marketplace
60+ professional document templates and 80+ specialist auditor agents, ready to deploy and adapt to how you operate.
Ask Alchex
A copilot that knows your documents, controls, and evidence — one keystroke away, anywhere in the app.
Multi-framework
Run several standards side by side on the same documents and evidence — one system, audited many ways.
Roles & permissions
Viewers, authors, and admins with real separation of duties — approvals can never be self-served.
Version history
Every document version kept, compared, and traceable — who changed what, who approved it, and when.
Standards
The standards you answer to
Every standard ships with clause-level structure, specialist auditor agents, and document templates — run one, or several side by side.
ISO 27001:2022
LiveInformation security management
Protect the confidentiality, integrity, and availability of information — the standard enterprise buyers ask about first.
ISO 9001:2015
LiveQuality management
Run consistent, customer-focused processes that improve on evidence instead of anecdote.
ISO 14001:2015
LiveEnvironmental management
Understand and control your environmental impact, obligations, and reporting.
ISO 45001:2018
LiveOccupational health & safety
Keep people safe with systematic hazard identification, controls, and incident learning.
ISO 42001:2023
LiveAI management systems
Govern how you build and use AI responsibly — the newest standard your customers now ask about.
More standards are added continuously — each one arrives with its full clause structure and auditor agents on day one.
Sectors
Built for your sector
Different regulators, different standards, different failure modes. Pick your sector — this is what Alchex runs for you.
Close enterprise deals without the security-review scramble
Every serious buyer now sends the questionnaire: how do you protect data, and how do you govern the AI in your product? Alchex keeps a real ISMS running underneath your roadmap — so the answer is evidence, not improvisation.
What you run in Alchex
- An ISMS your engineers actually follow — access, change, and incident procedures as living documents
- AI governance for the LLM features in your product, structured on ISO 42001
- Evidence pulled from the tools you already run — repos, tickets, HR records
- A continuously audited posture you can show mid-deal, not after the next annual audit
ISO 27001 — Information security · ISO 42001 — AI management · ISO 9001 — Quality
Evidence on demand, for regulators and partner banks
Regulators and counterparties read everything, and they read closely. Alchex keeps information-security and AI-model governance in a state you can hand over the day it is asked for — with the trail to back every statement.
What you run in Alchex
- Information-security policies and controls with unbroken evidence trails
- Governance for AI models used in decisions — documented, reviewed, auditable
- Third-party and vendor documentation kept current, not re-collected annually
- Clause-level audit reports ready before the examiner asks
ISO 27001 — Information security · ISO 42001 — AI management
Governance that holds up under the strictest reading
Patient data and clinical AI leave no room for improvisation. Alchex structures the policies, training records, and incident procedures your obligations demand — and checks them continuously against the standard.
What you run in Alchex
- Security and privacy procedures for patient data, kept in review cycles
- Governance for clinical and operational AI systems on ISO 42001
- Training and competence records bound to the clauses that require them
- Incident response procedures with the evidence that they are exercised
ISO 42001 — AI management · ISO 27001 — Information security
Quality, environment, and safety in one operating picture
The certified triad — quality, environment, occupational safety — usually lives in three binders owned by three people. Alchex runs them as one integrated system with shared documents, shared evidence, and one audit rhythm.
What you run in Alchex
- The quality manual and procedures as living documents, not shelf-ware
- Environmental aspects, obligations, and monitoring on ISO 14001
- Hazard identification, OH&S risk, and incident learning on ISO 45001
- Integrated internal audits across all three standards at once
ISO 9001 — Quality · ISO 14001 — Environment · ISO 45001 — Health & safety
A safety system that keeps up with the site
Sites change daily; paper systems change yearly. Alchex keeps safety and environmental procedures live, subcontractor records current, and the evidence trail growing as work happens — not reconstructed before the audit.
What you run in Alchex
- Site safety procedures and method statements under real version control
- Subcontractor onboarding and competence evidence in one place
- Toolbox talks and training records bound to the clauses they satisfy
- Environmental controls and obligations tracked per ISO 14001
ISO 45001 — Health & safety · ISO 14001 — Environment
Critical infrastructure runs on discipline
When you operate infrastructure people depend on, the management system is not paperwork — it is the operation. Alchex gives environmental and safety management the same rigor as the grid itself.
What you run in Alchex
- Environmental management and regulatory obligations on ISO 14001
- OH&S procedures and permits-to-work with living sign-off
- Operational documents under controlled review and approval
- Audit trails ready for the regulator, continuously maintained
ISO 14001 — Environment · ISO 45001 — Health & safety
FAQ
Questions, answered plainly
The things every compliance owner asks before switching how they work.
Does Alchex certify my company?
No — certification is issued by accredited certification bodies. Alchex is the system underneath: it keeps your processes, documents, and evidence continuously compliant with the standard, so when the certification audit comes, you pass it on substance.
Which standards does Alchex support?
ISO 27001 (information security), ISO 9001 (quality), ISO 14001 (environment), ISO 45001 (health & safety), and ISO 42001 (AI management) — each with full clause structure, document templates, and specialist auditor agents. You can run several standards side by side on the same documents and evidence.
How do the AI audits actually work?
Auditor agents read your governance documents and evidence clause by clause against the standard, the way a senior human auditor would. Every verdict cites the exact documents and evidence it was drawn from — there is no black-box score. Findings are ranked by what would actually break your compliance.
Where does the evidence come from?
Two ways: connectors that pull live evidence from tools you already run (repos, ticketing, drives, HR systems), and direct uploads. Either way, each piece of evidence is bound to the specific clauses it proves, so nothing sits in an unlabeled folder.
We already have policies in Word and SharePoint. Do we start over?
No. Import what you have, or start from the marketplace’s 60+ professional templates and adapt them. The point is not new paperwork — it is making the documents you operate by reviewable, approvable, and continuously auditable.
How long until we’re audit-ready?
That depends on where you start — but the model is different from the yearly scramble. Alchex runs compliance as a continuous loop, so readiness is a state you maintain, not an event you prepare for. You can see your clause-level position from the first audit run, usually on day one.
What does it cost?
There is a free tier to start — author documents and run your first clause audit. Paid plans are per-seat with metered AI usage. See the pricing page for details.
Bring compliance under control
Author your first policy, run your first clause audit, and see exactly where you stand against the standard. Free to start.