About ruledoc

We built ruledoc because compliance reporting for firewalls is broken.

The problem

Every audit window looks the same. Someone hands the IT team a spreadsheet of controls. Someone else exports a firewall config. A junior engineer spends a week cross-referencing rule numbers against framework clauses. Half the answers are guesses. The auditor gets a PDF, signs it, and the file goes into a drawer until next year.

This was tolerable when NIS2 and SOC 2 were nice-to-haves. It is not tolerable now that NIS2 is law in the EU and customers refuse to sign without a SOC 2 report.

What we built

ruledoc reads the firewall config, parses it into a vendor-neutral model, and runs that model against six compliance frameworks at once. The output is an audit-grade report with line-level citations and plain-English remediation paragraphs — the kind of report an auditor signs off on.

We support eleven firewall platforms. The same config that goes in for NIS2 gets you a SOC 2 view, a PCI-DSS view, an ISO 27001 view, a CIS Controls view, and a NIST CSF view. No extra work.

Who it is for

• IT managers facing an audit and tired of building the same spreadsheet by hand.
• MSPs running multiple client estates who need consistent reporting across vendors.
• Compliance teams who want evidence on demand, not once a year.

How we work

Single-tenant data isolation per customer. Configs encrypted at rest. Retention windows tied to your tier (90 days on Single Report, 1 year on Pro). DPA on request. We are based in Sweden and operate under EU data protection law — configs stay in EU regions.

Questions? Get in touch.