features.matrix
Pulsar GRC Platform Features
A GRC system that connects your Organization’s requirements with controls, evidence, audits, and CAPA.
Compliance & Standards
The compliance graph as the platform core
A formal graph from regulatory requirement to control to evidence to owner with full change history, version comparison, and point-in-time state reconstruction.
Coverage Graph
The platform core is a formal graph: requirement to control to evidence to owner, built on documents supplied by your Organization in its sovereign data area. The coverage dashboard shows requirements without controls and controls without evidence.
Gap Analysis on your Organization’s sovereign data
Pulsar GRC does not provide normative content or ready-made requirement lists. The Brillnet compliance engine analyzes requirements entered by the Quality/Compliance Manager and surfaces coverage gaps.
Automatic impact analysis
When a new version of NIS2 or DORA is released, Pulsar automatically calculates which controls, mappings, and CAPA need updating. Pipeline: update -> impact -> tasks -> evidence -> report.
Full evidence lifecycle
Evidence as core process objects: metadata, owner, cryptographic proof, provenance, and versioning. Expiration dates with reminders and a validation checklist.
On-demand evidence packs
One button generates a complete package for the auditor: events, evidence, approvals, timeline — in a single archive with a deterministic cryptographic manifest.
Document management
Repository with versioning, workflow from draft to review to approved to obsolete. Read acknowledgments with escalation. Access matrix by role and location.
Audits & CAPA
Full audit cycle and non-conformity closure
From audit planning through findings to CAPA with effectiveness verification — one flow without switching tools.
Full audit cycle
Planning with calendar, scope, and auditors. Automated checklists from requirement/control mappings. Findings register with severity, evidence, and owner. PDF reports.
External auditor portal
Restricted access with expiration — the auditor sees only designated packages and exports. Zero risk of browsing the full system. Comment and action log.
One-click finding to CAPA
Create a CAPA from an audit finding with one click. Bidirectional link: finding-CAPA-risk-control-evidence — nothing gets lost in emails.
CAPA board with escalation
CAPA board with deadlines and reminders. Deadline breach triggers automatic escalation. Closure requires effectiveness verification and linked evidence.
5-Why analysis
Structured root cause analysis with cause categorization. No CAPA moves to execution without a completed root cause.
Risk, Training & Readiness
Proactive risk management and competency development
Risk and incidents remain in Pulsar GRC, while training, acknowledgements, and TTX workshops are handled by Crewshift on the same Brillnet compliance engine.
Risk register with 5x5 matrix
Inherent/residual risk with appetite threshold. Risk-control-evidence coverage dashboard. Mitigation tasks with execution evidence.
Training in Crewshift
Crewshift handles training programmes, tests, acknowledgements, and evidence of change rollout. Pulsar GRC provides the requirements, CAPA, and risk context.
Incident management
Full process: classification to post-incident analysis with roles (coordinator, owner, reviewer). Deterministic state machine. One-click incident evidence package.
TTX workshops in Crewshift
TTX scenarios, roles, scenario events, and reports are handled by Crewshift. Findings can return to Pulsar GRC as CAPA, risks, and evidence.
Vendor & ICT supply chain
Supplier register with criticality and required evidence. Criticality change triggers automatic requirement updates. Dedicated DORA and NIS2 packs.
AI & Automation
AI under human oversight
Controlled AI use, an AI use-case registry, and explicit workflows help preserve human oversight, decision traceability, and a clear boundary between AI support and organizational decisions.
AI use-case registry and risk assessment
AI use-case registry with owner, purpose, data, and acceptance status. Operating policies require approval for high-risk use cases and preserve authorized-person oversight.
Shared Brillnet compliance engine
Pulsar GRC and Crewshift use one Brillnet compliance engine that structures business logic aligned with current PL/EU regulations on your Organization’s sovereign data.
Deterministic workflows
CAPA, audits, and incidents run on explicit state machines. Invalid transitions return a controlled error with a reason. No object changes status silently.
Pulsar GRC
Ready to organize risk and compliance?
Let us review the process that still requires too much manual work: requirements, controls, evidence, CAPA, audits, and reporting.
Contact: kontakt@pulsar-grc.pl
