BRCGS Packaging Materials Manufacturing Audit CAPA Crewshift Case study

BRCGS Packaging Materials customer audit without chaos: how Pulsar GRC and Crewshift organize site readiness

A packaging plant case study: Pulsar GRC structures requirements, evidence, risks, and CAPA, while Crewshift closes training, acknowledgements, competencies, and scenario exercises before a customer audit.

Pulsar GRC Team
BRCGS Packaging Materials customer audit without chaos: how Pulsar GRC and Crewshift organize site readiness

Context: six weeks to the audit and too many places with information

A plant producing carton packaging has 180 employees and regular customer audits based on BRCGS Packaging Materials. The Quality/Compliance Manager has six weeks to prepare the team. Documentation exists, processes run, and people know their responsibilities, but knowledge is scattered: some in departmental folders, some in spreadsheets, some in email threads, and some in the heads of people responsible for production, quality, purchasing, and warehouse operations.

In that setup, the largest cost is not the standard itself. The largest cost is reconstructing answers to simple auditor questions:

  • which requirement applies to which process,
  • which control covers the requirement,
  • where the current evidence is,
  • who owns the action,
  • whether the gap has been closed properly,
  • whether the team can show evidence without searching for it at the last moment.

This is where the Brillnet-Pulsar-Crewshift model creates value. Pulsar GRC organizes the compliance, evidence, risk, and corrective-action layer. Crewshift closes the people-side work: training, acknowledgements, role assignments, competencies, and scenario exercises. Both applications use the same Brillnet compliance logic and work on the Organization’s data in an isolated Data Area.

What the Brillnet-Pulsar-Crewshift model changes in practice

In a traditional audit-preparation cycle, the team builds readiness manually: collects documents, updates spreadsheets, asks process owners for status, and prepares an evidence pack shortly before the visit. This model works only when everyone has time and remembers the details. In practice, it often creates crisis-mode work.

The Brillnet model separates responsibilities into functions that can run throughout the full audit cycle:

  • Pulsar GRC builds the Coverage Graph and Gap Analysis on your Organization’s sovereign data. A requirement connects to a control, evidence, owner, risk, CAPA, and decision history.
  • Crewshift handles development actions that result from gaps: training for roles, acknowledgements, reminders, completion status, and scenario exercises, for example a simulated product recall.
  • The Brillnet compliance engine supports the work with process logic and AI designed for human oversight, decision traceability, and controlled use. It does not replace decisions made by the Quality/Compliance Manager or the team.

An important boundary: Pulsar GRC does not sell standards content, normative texts, or ready-made requirement catalogues. The Organization must have the source documents it wants to comply with. The platform structures and maps those documents in the Organization’s isolated Data Area.

Day 1: your own standard and a controlled baseline

The first step is not writing procedures from scratch. The Quality/Compliance Manager imports the Organization’s licensed copy of BRCGS Packaging Materials and related site procedures into the isolated area for the Organization’s Sovereign Data.

Pulsar GRC helps build a baseline, but it does not approve it on its own. The process is simple:

  1. Requirement extraction - AI support proposes a requirement structure, section references, and links to source documents.
  2. Review by the Quality/Compliance Manager - a person accepts, rejects, or corrects the suggestions. This is subject-matter control, not a formality.
  3. Saving to the compliance catalogue - only accepted requirements become work objects with a source, version, status, and operational context.

After the first day, the team no longer has one large PDF and several spreadsheets next to it. It has a structured requirement catalogue that can be assigned to processes, controls, and evidence.

Weeks 1-2: requirement, control, evidence, and owner

In BRCGS Packaging Materials, having a procedure is not enough. During an audit, the Organization must show that requirements work in production: during material intake, semi-finished product checks, print-flow control, final inspection, shipment, and batch traceability.

Pulsar GRC leads the team through mapping:

  • requirement -> process,
  • requirement -> control,
  • control -> evidence,
  • evidence -> owner,
  • gap -> CAPA or a justified decision that the requirement does not apply.

The result is not another spreadsheet. The result is a Coverage Graph that shows where the Organization has complete coverage, where evidence is missing, and where a control still has to be defined. The Quality/Compliance Manager can talk with production, purchasing, and warehouse teams from one shared view instead of rebuilding status from many sources.

Weeks 3-4: Gap Analysis, CAPA, and people-side actions

Gaps found in Pulsar GRC become concrete work. Each gap has an owner, priority, deadline, required evidence, and decision trail. For the team, this means fewer status meetings, because status is not an email declaration. It is the result of work on connected objects: requirement, control, evidence, and CAPA.

Example actions:

  • Rotation of suppliers for a critical raw material - Pulsar GRC shows missing evidence of supplier review and runs CAPA with an owner in purchasing. The evidence is the current register and a decision on the re-evaluation frequency.
  • Product recall exercise - Pulsar GRC shows a gap in the audit requirement, while Crewshift runs the scenario exercise with assigned participants, participation acknowledgement, and recorded conclusions after the exercise.
  • Approval of a new ink supplier - Pulsar GRC connects the requirement, risk, supplier documentation, and missing evidence. The process owner sees what must be completed before the audit.

The difference is practical. CAPA does not end with a “closed” status. The team sees whether the action has evidence, whether the result was checked, and whether conclusions reached the right people. If a gap requires training or a competency acknowledgement, the task does not remain in Pulsar GRC as a loose note. It moves to Crewshift, where the program, role, deadline, and completion acknowledgement can be assigned.

Week 5: suppliers, documents, and operational readiness

Three weeks before an audit, supplier-related areas often carry the most risk: new materials, specification changes, missing certificates, incomplete assessment records. In a traditional model, the team collects these manually and only then sees that some documents are outdated.

In Pulsar GRC, the supplier register, evidence requirements, risks, and CAPA are linked to the same compliance catalogue. As a result, the question “do we have the complete set for supplier X?” does not require searching several places. The system shows missing evidence, owners, and dependencies with standard requirements.

If the gap concerns employee knowledge or action, Crewshift structures the execution layer: it assigns training, collects acknowledgements, monitors completion status, and helps show that the team did not only receive information, but actually went through the required process.

Week 6: evidence package and audit rehearsal

The final week should not be spent searching for files in panic. In Pulsar GRC, the team builds an evidence package for BRCGS sections: requirements, controls, evidence, CAPA statuses, decisions, owners, and change history. The evidence package has cryptographic verification, making it easier to show that the auditor and the team are looking at the same set of materials.

The audit rehearsal then changes character. It is no longer about asking “where is it?”. It is about checking whether process owners can walk through their part of the story:

  • the requirement and its context,
  • the control that covers it,
  • the evidence and whether it is current,
  • the decisions or CAPA that were needed,
  • training or an exercise run in Crewshift if the gap involved people and roles.

Conclusions from the rehearsal do not disappear into notes. They become actions, and their closure is visible before the audit.

Audit day: less presentation, more evidence

On audit day, the customer receives a coherent view, not a folder of files without context. The team can show:

  • the Coverage Graph for BRCGS Packaging Materials requirements,
  • Gap Analysis and closure status,
  • the CAPA register with owners and evidence that actions worked,
  • the risk register linked to processes and suppliers,
  • the evidence package with cryptographic verification,
  • training, competency, and exercise acknowledgements handled in Crewshift.

The auditor sees not only documents, but also the management method: who made a decision, why, when, on what data, and with what evidence. That shortens the discussion, reduces misunderstanding, and lowers the risk that a good operational practice is assessed poorly only because it could not be proven quickly.

What this process teaches the Organization

The main change is not that the Organization has an “audit tool”. The change is moving from reconstructing history to maintaining readiness.

After such a cycle, teams usually see several concrete benefits:

  1. Requirements stop being text in a document. They become work objects connected with processes, controls, evidence, and owners.
  2. CAPA stops being a task list. Every action has a cause, evidence, responsibility, and confirmation that the action worked.
  3. Training follows real gaps. Crewshift is not an add-on to Pulsar GRC. It is the place where the Organization closes competencies, acknowledgements, and exercises needed to maintain compliance.
  4. The evidence package is ready earlier. The team does not create documentation at the last moment. It uses materials accumulated during normal work.
  5. Knowledge stays in the Organization. The next audit starts from a better point, because previous requirements, evidence, decisions, gaps, and conclusions do not disappear after the customer visit is closed.

Why this matters for the business

A BRCGS Packaging Materials customer audit is a formal event, but its cost is created much earlier. It includes expert hours, delayed decisions, pressure on the quality team, and the risk of losing customer trust if evidence is incomplete or difficult to access.

Pulsar GRC and Crewshift reduce that cost by structuring the workflow:

  • Pulsar GRC answers the question: “are we covered by requirements and evidence?”,
  • Crewshift answers the question: “do people have assigned actions, competencies, and acknowledgements?”,
  • the Brillnet compliance engine connects both areas with shared logic and controlled AI support,
  • the Organization’s isolated Data Area helps build value on its own documents, evidence, and decisions.

The result is less chaos before the audit and more predictability in day-to-day compliance management.

Want to see how this flow would work in your Organization? Ask for Pulsar GRC access and describe your audit scenario.