Compliance, risk, and evidence workflow

Pulsar GRC ISO 9001 / BRCGS / IFS Food / NIS2

Move from requirements to evidence without spreadsheet chaos or last-minute audit work.

Pulsar GRC organizes requirements from standards and procedures, connects them with controls, audits, CAPA and evidence, and keeps owners and deadlines visible. Early access is being prepared; you can request access now.

Request access See the workflow

traceability: Year-round audit readiness

governance.ai: Requirements, ownership, and evidence in one place

delivery.mode: Available soon

ISO 9001 BRCGS IFS Food IATF 16949 NIS2/KSC GDPR EU AI Act

risk-horizon.dashboard early access in progress

Requirement coverage

94%

requirements with owners

Risks

signals for team decisions

Evidence

24h

to audit-ready pack

Pulsar GRC Dashboard - KPI, compliance trend, risk distribution

Recent actions

supplier requirement review queued

AI policy update in progress

auditor evidence pack ready

Work areas

Requirements Audit trail Risks

What creates operational pressure today

Before audits, problems rarely come from missing expertise. They come from fragmented process ownership and scattered evidence.

Risk 1

Scattered compliance evidence

Files, emails, and spreadsheets live in different places, so teams spend time searching instead of closing actions.

Risk 2

Crisis mode before every audit

Risks and gaps surface only under audit pressure. Instead of preventing issues, teams put out fires — at higher operational cost each time.

Risk 3

Corrective actions without effectiveness verifications

Corrective actions are launched, but deadlines, ownership, and effectiveness are not consistently controlled.

Risk 4

No real-time compliance status view

Nobody knows how many requirements have controls, or how many controls have current evidence — until the auditor asks.

Risk 5

Manual evidence pack assembly

Before every audit, teams spend days collecting, formatting, and verifying evidence from multiple sources.

Risk 6

Fragmented compliance ownership

Compliance responsibility is spread across departments — nobody owns the full flow from requirements to evidence.

How Pulsar stabilizes compliance operations

One operational flow from requirements to evidence, without switching tools.

Map requirements

Work on your own source documents and link each requirement to concrete controls.

Monitor risks

Risks are continuously assessed and assigned to owners with plans to reduce their operational impact.

Run audits

Internal and external audits follow one standard with full findings history.

Close CAPA

Non-conformities become trackable actions with deadlines, ownership, and verification.

Maintain evidence

Evidence stays current, so your team remains audit-ready throughout the year.

Platform

A GRC system for daily operational work

Four product areas connect requirements, risks, audits, CAPA, and evidence into one clear workflow.

Compliance & Standards

Map: requirement to control to evidence
Work on your own standards, procedures, and requirements
Visibility into how changes affect controls and actions
Full history of evidence and decisions
Evidence packs for auditors

Audits & CAPA

Full audit cycle in one place
Controlled access for external auditors
Audit finding to CAPA with preserved history
CAPA board with due dates and escalation
5-Why root cause analysis

Risk & Readiness

Risk register with 5x5 matrix
Change handoff to Crewshift for training and acknowledgements
Incident management: classification to post-incident analysis
TTX workshops handled in Crewshift
Supplier register with required evidence

AI and process control

AI Act-aligned support for analysis and drafts
AI use-case register and approval control
One Brillnet compliance engine for Pulsar GRC and Crewshift
Sovereign data areas for your Organization
Document management with full workflow

Explore all features

Regulatory Compliance

Built-in PL/EU compliance, not bolted on

The Brillnet compliance engine supports business logic aligned with current Polish and EU regulations, but it does not provide standard content or ready-made requirement lists. Pulsar GRC works on your Organization’s documents stored in your isolated Data Area.

Formal traceability matrix: requirement to control to evidence to owner for every regulation. 100% of compliance catalog entries have assigned controls.

View the full compliance map

ISO 9001

ISO 9001 — Quality management system (DEMO ONLY, upload your own copy)

BRCGS

BRCGS Packaging Materials / Food (DEMO ONLY)

IFS Food

IFS Food — food safety and quality (DEMO ONLY)

IATF 16949

IATF 16949 — automotive quality (DEMO ONLY)

GDPR

GDPR end-to-end

NIS2/KSC

NIS2 and KSC Act

DORA

DORA (financial sector)

EU AI Act

EU AI Act + AIMS

Security

Security as an architecture trait, not an add-on

Zero compromises at the foundation level — from identity to data encryption.

Identity & Access

Zitadel OIDC — no local password storage
Role-based access with time-limited delegations
Policy engine on every access point
Four-eyes approval workflow

Data Protection

Data classification on all objects
Customer-managed encryption keys per organization
Database least-privilege per product

Audit Trail

Event log with integrity verification
Evidence package with cryptographic verification
Organization data isolation
Access log for evidence packages and exports

Explore the security architecture

User Experience

Complex compliance, simple interface

A platform that Quality/Compliance Managers want to use every day — performant, accessible, and measurably high-quality.

Performance & Responsiveness

Guaranteed loading speed and interface responsiveness
Instant interface feedback with safe rollback
Data consistency — always see the effect of your own changes
One section failure doesn't take down the rest of the app

Accessibility & Onboarding

WCAG 2.2 AA accessibility as a release requirement
Role-tailored onboarding (Admin / Auditor / Contributor)
Global search with full keyboard support
Adaptive navigation mobile ↔ desktop

Quality as a Process

UX traceability: requirement → screen → test → evidence
Automated accessibility tests at every release stage
Quarterly UX audit with an automatic checklist
Accessibility considered during product design

Explore UX approach

Scenarios from daily operations

Real-world situations for Quality Managers and SZJ Officers in packaging plants, food processing, automotive, and chemical manufacturing — where predictability matters for customer and certification audits.

IFS Food v8 audit in a food-processing plant

Quality Manager / HACCP Lead (food processing)

Operational situation: Certification audit against IFS Food v8 in 8 weeks. The plant has the standard document, but the requirements are scattered across HACCP files, CCP records, and non-conformity spreadsheets.
How Pulsar works: Import the licensed IFS Food v8 copy → AI support extracts requirements with section citations → Quality/Compliance Manager review → map to CCPs, HACCP plan, and production processes → Gap Analysis → CAPA with effectiveness verification → mock recall exercise as a TTX handled in Crewshift.
Decision-level outcome: The quality team sees gaps 8 weeks before the audit. Evidence package per IFS section is cryptographically verifiable. The mock recall exercise is documented before a real incident occurs.

IATF 16949 audit at an automotive supplier

Quality Engineer / QMS Officer (automotive supplier)

Operational situation: An OEM customer audits every 12 months against IATF 16949 plus customer-specific requirements. The team must demonstrate the use of core tools (APQP, PPAP, FMEA, MSA, SPC) per project.
How Pulsar works: Import IATF 16949 and customer-specific requirements → AI extracts per-customer requirements → Quality/Compliance Manager review → core quality tools as versioned evidence objects → customer deviation log with expiry dates → layered process audits with calendar and findings.
Decision-level outcome: The IATF auditor receives an evidence pack per clause without hunting through folders. CSRs per customer are never confused. LPAs run systematically rather than in crisis mode.

ISO 9001 quality harmonization across a multi-site organization

Corporate Quality Director / Group Quality Director

Operational situation: Five production sites, each with its own interpretation of ISO 9001 and its own procedure set. Management review shows inconsistent data and different KPIs per site.
How Pulsar works: Import a shared ISO 9001 copy → AI extracts requirements → Quality/Compliance Manager review → map to per-site processes with applicability flags → risk-based thinking (6.1) in the group risk register → cross-site CAPA with effectiveness verification → management review with unified KPIs.
Decision-level outcome: The Group Quality Director has a single ISO 9001 coverage dashboard for 5 sites. CAPAs are visible cross-site, lessons-learned are shared. Management review is data-driven, not spreadsheet-driven.

Continuous readiness for external audits

COO / Operations Director

Operational situation: Every quarter the team goes back to manually collecting evidence and reconstructing action status.
How Pulsar works: Standards → audits → CAPA → documents and the evidence register in one flow.
Decision-level outcome: Fewer pre-audit escalations and a more predictable workload for operations teams.

Implementing new regulations (NIS2, DORA)

CISO / DPO / Quality/Compliance Manager

Operational situation: A new regulation requires reviewing existing controls, mapping gaps, and implementing new processes.
How Pulsar works: Import the regulation pack → automated impact analysis → task list with owners and deadlines.
Decision-level outcome: A clear implementation plan with measurable progress instead of chaotic spreadsheet review.

Faster closure of non-conformities

Quality Manager / Compliance Lead

Operational situation: Non-conformities live in many spreadsheets, and ownership and deadlines drift between departments.
How Pulsar works: An audit finding automatically becomes a CAPA with owner, deadline, and status tracking.
Decision-level outcome: Shorter path from finding to implemented fix and lower risk of repeat non-conformities.

Operational risk prioritization

COO / Risk Owner

Operational situation: Risks are scored but without a clear link to controls and evidence of executed actions.
How Pulsar works: The 5×5 risk matrix connects risks to controls, audit trail, and mitigation status.
Decision-level outcome: Faster prioritization decisions, because you have a single view of risks and their real operational impact.

Training in Crewshift after procedure changes

HR / Quality Manager

Operational situation: A procedure change requires training many people, but there is no time to build materials from scratch.
How Pulsar works: Pulsar GRC analyzes the document change and identifies the rollout scope → Crewshift generates training, a knowledge check, and acknowledgements → completion evidence returns to Pulsar GRC.
Decision-level outcome: Training is prepared in Crewshift, while Pulsar GRC keeps the full audit evidence trail.

Explore the full process walkthrough

Modules that connect standards to evidence

Audits

Planning with calendar and scope, automated checklists from mappings, findings register with evidence. PDF reports with evidence package.

CAPA

Kanban CAPA with deadlines and escalation. Closure requires effectiveness verification plus evidence. Linked to risks and controls.

Documents

Repository with versioning, workflow draft to review to approved to obsolete. Read acknowledgments with escalation.

Risks

5x5 inherent/residual risk matrix with risk appetite threshold. Risk-control-evidence coverage dashboard from the compliance graph.

Crewshift: training and acknowledgements

Training, knowledge checks, and acknowledgements are handled by Crewshift, a separate app that cooperates with Pulsar GRC and runs on the same Brillnet compliance engine.

Standards & Compliance

Upload your licensed copy of a standard (ISO 9001, BRCGS, IFS Food, IATF 16949, GDPR). AI extracts each requirement, your Team approves it before it enters the baseline, and the requirement base flows into the graph: requirement → control → evidence → owner. Built-in demo packs are marked DEMO ONLY.

Crewshift: TTX workshops

TTX scenarios, roles, injects, and exercise reports are handled by Crewshift. Pulsar GRC provides the context of requirements, risks, CAPA, and evidence.

AI Act-aligned AI support

AI supports document analysis, drafting, and AI risk assessment, while final quality and compliance decisions remain with your Team.

Controlled AI support for compliance workflows

ai-act://controlled-support AI Act-aligned AI support

Build a Coverage Graph and Gap Analysis on your Organization’s sovereign data

AI supports source-document analysis, audits, and CAPA within human-approved boundaries
Training, tests, and acknowledgements are handled by Crewshift, a separate app based on the same Brillnet compliance engine
AI use-case registry, operating policies, and risk assessment support AI Act alignment
The Brillnet compliance engine structures PL/EU regulatory logic without providing the content of standards

human.override.required

AI is controlled process support. Standards, normative content, and requirements for your Sovereign Data Area are supplied by your Organization, and final operational, quality, and compliance decisions remain with your Team.

See the AI Act-aligned workflow

AI support workflow Workflow ready to review in your process

AI support workflow

AI Act-aligned AI support

See how Pulsar GRC builds a Coverage Graph and Gap Analysis on your Organization’s sovereign data, then hands training work to Crewshift.

Scenario

The Quality/Compliance Manager imports the organization’s own standards, procedures, and legal requirements into an isolated area for your Organization’s Sovereign Data.

Sources: customerIsolation: activeOversight: human

Pulsar GRC does not provide or sell the content of standards or normative documents.
AI supports reading and structuring source data, but the result requires review by a Quality/Compliance Manager.
Polish/EU legal context informs the business logic of the Brillnet compliance engine.

SOC 2 Ready

GDPR Compliant

EU-region data

Customer-managed encryption

WCAG 2.2 AA

Organization data isolation

mission.launch

Request access to Pulsar GRC

Request access See how it works

What happens after you click?

You describe your current audit, CAPA, risk, and evidence workflow
We confirm whether Pulsar GRC fits an early pilot in your organization
You receive availability updates and a recommended starting scope

Need an operational consultation? Email us: kontakt@pulsar-grc.pl