The platform
What NUL does
NUL Systems is a policy enforcement platform that operates at the level of the decision, not the document. The product has three integrated layers.
The architecture
NUL ingests your policy documents across SOX, GDPR, SOC 2, HIPAA, and ISO 27001, extracts the operational rules, and compiles them into a structured policy graph. The graph maintains the relationships between regulations, internal policies, controls, and the conditions under which each one applies.
Every regulated event (a payment release, a data export, an access grant, a privileged action, a vendor onboarding) is evaluated against the policy graph in real time. The output is a decision, approve, block, or escalate, plus the specific rules and source policies that drove the outcome.
Every decision produces a tamper-evident record linking the event to the rule, the rule to the source policy, and the source policy to the regulation. This is the evidence chain auditors and regulators ask for, generated automatically as part of the operating system, not reconstructed after the fact.
Why this matters
Most platforms in the GRC category were designed for the documentation phase of compliance. They manage policies, track controls, and prepare for audits. NUL operates one layer deeper. It enforces the policy at the moment the decision is made, and it produces the evidence as a byproduct of normal operations.
That is the only architecture that holds up when an external party asks you to prove enforcement, not just describe it.
In comparison
| Documentation-era GRC tools | NUL Systems | |
|---|---|---|
| Primary job | Manage policies and track controls | Enforce policy at the moment of the decision |
| Evidence | Reconstructed at audit time | Generated automatically as decisions happen |
| Timing | Periodic review cycles | Real time, every regulated event |
| Proves | What should have happened | What actually happened, and why |
