11+ regulations

Regulatory Compliance Map

Pulsar GRC maps standard, normative, and regulatory requirements supplied by your Organization. The Brillnet compliance engine supports business logic aligned with current PL/EU regulations, but does not provide normative content or ready-made requirement lists.

ISO 9001 — Quality Management System

Quality fundamentals + risk-based thinking (clause 6.1, 10.1 CAPA)

  • Import your licensed ISO 9001 copy — AI support helps extract each requirement with clause citation, with Quality/Compliance Manager review before adding it to the baseline
  • Risk-based thinking (clause 6.1) integrated with the 5×5 risk register and requirement→control→evidence matrix
  • CAPA (clause 10.1) with effectiveness verification — closure requires confirmed effectiveness
  • Internal audit program with calendar, scope, auditor assignment, and checklists generated from mappings
  • Management review as a process flow — inputs, outputs, decisions, evidence pack per review
  • Evidence package per clause — deterministic cryptographic manifest, cryptographically verified by the certification auditor

BRCGS Packaging Materials

Fundamental requirements + Global Standard for Packaging Materials

  • Import your BRCGS PM copy — AI support helps extract requirements with standard-section citation, and the Quality/Compliance Manager decides what enters the baseline
  • HACCP and packaging-material control plan mapped to production processes with applicability flags
  • Supplier approval with registry, criticality, and review cycle — a vendor without evidence does not reach active status
  • Traceability per batch and material with an evidence chain from raw-material receipt to shipment
  • Unannounced audit readiness — the dashboard surfaces gaps 6 weeks before a customer audit, not 6 days after
  • Evidence pack per BRCGS requirement — one click, complete audit-ready bundle for the external auditor

IFS Food v8

Food safety + quality management + food defense

  • Import your IFS Food v8 copy — AI support helps extract requirements with section citations, with Quality/Compliance Manager review before commit to the requirement baseline
  • HACCP and CCP monitoring integrated with the audit module and the non-conformity register
  • Traceability from raw material → process → finished product with evidence chain and versioning
  • Recall exercises as TTX workshops handled in Crewshift with timeline, roles, and evidence requirements
  • Food defense and food-fraud assessment with a threat register and risk-reduction plans mapped to controls
  • Audit-readiness dashboard — status per IFS section, Gap Analysis, CAPA with effectiveness verification

IATF 16949 — Automotive

Automotive quality management + customer-specific requirements

  • Import your IATF 16949 copy and customer-specific requirements — AI support helps extract per-customer requirements, followed by Quality/Compliance Manager review
  • Core tools evidence — APQP, PPAP, FMEA, MSA, SPC as evidence objects with versioning and sign-off
  • Customer-specific deviations log with a registry of customer waivers, TTL, and automatic expiry notification
  • Supplier quality management with review cycle, criticality, and evidence requirements per supplier
  • Layered process audits (LPA) with calendar, findings, and CAPA mapped to process controls
  • Audit readiness for an IATF auditor — evidence package per clause with cryptographic verification

GDPR end-to-end

Art. 12-22, 30, 32, 33-34

  • DSAR workflow with full evidence trail (Art. 15, 20)
  • Record of Processing Activities — ROPA (Art. 30)
  • Per-organization retention with dry-run retention jobs and exception logs
  • 72h breach notification (Art. 33) as an incident workflow
  • ePrivacy/PKE consent registry with communication separation

NIS2/KSC and DORA

Art. 21/23 NIS2 + DORA financial sector

  • Reporting modes: 24h / 72h / 1 month per NIS2
  • Mapping NIS2/KSC and DORA requirements supplied by the Organization to controls, owners, and evidence
  • Conditional DORA obligations for financial-sector clients
  • Mapping of NIS2, DORA, and applicable national obligations after the Organization's legal status and responsibility scope are confirmed
  • Incident exercises with complete contractual report packs

EU AI Act

Implementation deadline: August 2, 2026

  • AI competency evidence per role
  • Art. 50 transparency built into the UI
  • High-risk use-case classification with mandatory authorized-person oversight
  • AI use-case assessment checklist built for the Organization context, with space for classification review, human oversight, and decision rationale
  • AI use-case registry and approval trail in the workflow

EU Data Act

Exit by design

  • Customer data export and migration procedures
  • Exit SLA and interoperability tests
  • Clean exit without lock-in while preserving data integrity

DPA, Sub-processors, SCC/DPF

Transfer registries and monitoring

  • Sub-processor registry with transfer documents
  • Standard DPA/SCC C2P and DPF status monitoring
  • Automatic notification on vendor changes

SOC 2 / ISO 27001 readiness

Control mapping and evidence collection

  • SOC 2/ISO control mapping to Pulsar processes
  • Effectiveness monitoring and quarterly gap report with CAPA
  • Audit-ready evidence material for certification auditors

Polish national law

KSC + Whistleblower Protection Act

  • Applicable national rules identified after the current legal state and the Organization's obligation scope are confirmed
  • Whistleblower Protection Act (PL)
  • Mapping national-law requirements based on the Organization documents and obligations

Coverage Graph and compliance traceability matrix

Formal traceability matrix: requirement to control to evidence to owner for the compliance catalog adopted by the Organization. Coverage Graph and Gap Analysis are created from your Organization’s sovereign data, Quality/Compliance Manager decisions, and AI-supported logic.

  • Quarterly regulatory change monitoring with automatic change backlog
  • Cross-product evidence sharing without data duplication
  • Deterministic state machines as a compliance guarantee

How it works

1

Import your own requirements

The Organization imports its own standards, procedures, and legal requirements into its sovereign data area.

2

Build the Coverage Graph

Pulsar GRC maps approved requirements to controls, evidence, and process owners.

3

Monitor Gap Analysis

The coverage dashboard shows gaps, expired evidence, and scheduled reviews for the Organization compliance catalog.

Pulsar GRC

Ready to organize risk and compliance?

Let us review the process that still requires too much manual work: requirements, controls, evidence, CAPA, audits, and reporting.

Book a demo Contact us

Contact: kontakt@pulsar-grc.pl