Lifecycle orchestration and shadow-AI audit for higher education.

Why this matters for Higher Education

How does Tenet handle adjuncts and TAs who cycle every semester?

Universities and research institutions manage faculty, staff, adjuncts, grad students, TAs, and contractors on overlapping lifecycles — each with different access to FERPA-protected student data, HIPAA-protected research data, and federally funded research environments. Adjuncts and TAs especially cycle in and out every semester.

SaaS per employee

25–40 apps/employee, with research stack adding 10+ more

Key regulatory pressure

FERPA student-record access controls, HIPAA for research hospitals and grant-funded medical research, NIST SP 800-171 / CMMC for federally funded research, state privacy laws, and Title IX case-file confidentiality.

Shadow-AI angle

Faculty and grad students adopt AI research and AI writing tools for grant applications, papers, and lecture prep — often ingesting student work or research subject data. Tenet surfaces these tools in the per-affiliate trail so the grant-audit question or the Title IX access question is answerable.

Executive summary

What does a FERPA audit expect from former-employee access records?

Higher education at 500-5,000 FTE operates under a uniquely multi-faceted lifecycle model. Faculty cycle on semester and sabbatical schedules. Adjuncts cycle every semester. Graduate students cycle on thesis-completion schedules. Teaching assistants cycle by course. Research staff cycle by grant. Contractors cycle by project. Each population has different access profiles (FERPA-protected student data, HIPAA-protected research data, ITAR / EAR-controlled technical research data, Title IX case files, grant-restricted research environments) and different revocation requirements.

The regulatory stack is dense: FERPA (20 USC 1232g) for student records, HIPAA for research hospitals and grant-funded medical research, NIST SP 800-171 / CMMC 2.0 for federally funded research, state privacy laws (25+ states with applicability), Title IX (34 CFR Part 106) for case-file confidentiality, NSF / NIH grant-specific data-access requirements, and the emerging cluster of state AI laws applicable to higher-education workforce decisions and research AI use. Tenet is built for the multi-affiliate, multi-regulatory reality. The VP of IT + VP of Research + General Counsel + Title IX Coordinator co-buying committee shares one surface, and the FERPA / HIPAA / NIST 800-171 / Title IX / state-privacy audit evidence is produced natively.

Representative stack

How does Tenet support federally funded research environment offboarding?

Tenet plugs into the stack most higher education companies at 500–5,000 employees already run. You don’t switch HRIS. You don’t switch IAM. Tenet becomes the orchestration layer between them and the long tail of SaaS and AI tools where the audit evidence used to disappear.

• Workday / Banner / PeopleSoft (HRIS / SIS)
• Shibboleth / Okta / Microsoft Entra (IAM)
• Canvas / Blackboard / Brightspace
• Office 365 / Google Workspace for Education
• Zoom / Panopto
• Research data platforms (OnCore, REDCap, Open OnDemand)

Use cases

How does Tenet enforce Title IX case-file access controls?

Implementation playbook

What does NIST SP 800-171 / CMMC 2.0 require from higher-education research environments?

Most higher education deployments complete the 4-phase playbook in 28 days. Accelerated deployments (14-21 days) are available for teams with pre-approved service accounts and existing Okta / HRIS investments.

1. Phase 1 · Week 1

   Connect

   Activities

   Service accounts for Workday / Banner / PeopleSoft HRIS / SIS, Shibboleth / Okta / Microsoft Entra IAM, Canvas / Blackboard / Brightspace LMS, Office 365 / Google Workspace for Education, research platforms (OnCore, REDCap, Open OnDemand), federal research environments. VP of IT + VP of Research + General Counsel approve scopes. IRB consulted for research-data-related integration scopes.

   Artifacts produced

   Integration scope matrix · IRB-reviewed scope · FERPA / HIPAA / NIST 800-171 readiness baseline

2. Phase 2 · Week 2

   Baseline

   Activities

   Baseline audit: active faculty and staff, rolled-off adjuncts and TAs, completed-thesis graduate students with residual access, shadow-AI inventory across academic and research populations, Title IX case-file access map. Orphan cleanup in dry-run with VP of IT + General Counsel approval, then committed.

   Artifacts produced

   Baseline multi-affiliate audit · Shadow-AI research registry · Orphan cleanup receipt · Title IX case-file access map

3. Phase 3 · Week 3

   Activate

   Activities

   Adjunct / TA semester cycle automation live. Faculty termination automation live. Graduate student thesis-completion lifecycle live. Title IX case-file access enforcement live. Scheduled access reviews prepared for next FERPA / grant-audit / OCR Title IX cycle.

   Artifacts produced

   Live semester-cycle automation · Faculty termination receipt · Thesis-completion lifecycle · Title IX enforcement

4. Phase 4 · Week 4

   Audit-ready

   Activities

   First FERPA annual compliance review dry-run. First NIST 800-171 / CMMC 2.0 grant-audit dry-run. First Title IX case-file audit dry-run. First state-privacy DSAR on a former affiliate. Leadership team briefing.

   Artifacts produced

   FERPA review artifact · NIST 800-171 grant-audit artifact · Title IX audit · DSAR artifact · Leadership briefing

Regulatory deep dive

How does Tenet handle AI research tool usage on grant-funded projects?

Higher education at 500-5,000 FTE operates under a regulatory stack more diverse than any other Tenet-served vertical. FERPA (Family Educational Rights and Privacy Act, 20 USC 1232g) protects education records and requires institutions to maintain access controls on student records. FERPA violations carry loss of federal funding as the primary enforcement mechanism, which for most institutions is existential. FERPA-protected data includes grades, attendance, disability accommodation records, financial aid data, and more — meaning nearly every academic and administrative application has FERPA scope.

HIPAA applies to academic medical centers, research hospitals, and grant-funded medical research. The overlap between HIPAA (on the medical side) and FERPA (on the education side) is particularly complex for academic medical centers where faculty hold dual academic / clinical appointments.

NIST SP 800-171 (Controlled Unclassified Information handling) applies to federally funded research environments — DoD-, DoE-, NSF-, NIH-, and NASA-funded research frequently includes CUI scope. CMMC 2.0 Level 2 is now flowing down through DoD grants and is expected for many institutions by 2027. The Access Control (AC) family evidence requirements are non-trivial for higher education given the multi-affiliate workforce.

Title IX (34 CFR Part 106) requires institutional procedures for handling sex discrimination and sexual violence complaints, with tight case-file confidentiality expectations. OCR Title IX audits frequently examine access-control evidence on investigation files. The 2024 Title IX regulations tightened some expectations further.

State privacy laws apply to higher education in varying ways. California's Student Online Personal Information Protection Act (SOPIPA) applies to ed-tech vendors serving California students. Virginia CDPA, Colorado privacy law, Connecticut CTDPA, Texas TDPSA, Oregon OCPA each have higher-education scope with 45-day DSAR windows. Texas HB 18 (effective September 2024) creates additional minor-data protection obligations.

Grant-specific requirements layer on top. NSF grants increasingly include data-management-plan expectations. NIH grants include data-sharing and human-subjects-data-handling requirements. DoD grants include NIST 800-171 or CMMC 2.0. IRB oversight on human-subjects research includes access-control expectations for the research-subject-data environment.

On the AI side, Colorado SB 24-205 applies to higher-education workforce decisions using AI. The NYC Bias Audit Law applies to NYC-based institutions. Several higher-education-specific AI use policies have emerged at the state university system level (California State University, State University of New York, University System of Georgia), each requiring faculty AI-tool inventory and grant-compliance attestation.

For international students and faculty, ITAR / EAR export control applies to technical research data access. Non-US-person access to controlled research data requires explicit authorization — Tenet's policy engine enforces the ITAR / EAR boundary at identity level.

Pricing context

What pricing looks like for higher education at buyer scale

At 3,000 FTE (typical regional university or research institution in mid-market), Tenet pricing typically lands $72,000-108,000 annual for the full multi-affiliate, FERPA-compatible, NIST 800-171 + CMMC 2.0 + Title IX + state-privacy stack. Competing enterprise IGA + higher-ed-specific IAM combinations typically run $300,000-700,000 annual at the same scale. VP of IT + VP of Research + General Counsel co-fund in most institutions, often with state-funding or grant-funded indirect-cost-recovery allocation. Institutional risk reduction (FERPA compliance, NIST 800-171 grant-audit readiness, Title IX audit readiness) justifies the ACV in most institutional financial models.

Frequently asked — Higher Education

What higher education buyers ask before signing

Does Tenet handle the Shibboleth and InCommon federation patterns typical in higher ed IAM?

Yes — Tenet integrates with Shibboleth and InCommon federated identity alongside Okta and Microsoft Entra deployments common at higher-ed institutions, and tracks former-affiliate access through federation boundaries so the FERPA audit or NIST SP 800-171 audit has a queryable record of when faculty, staff, adjunct, and student-worker access ceased across federated services.

How does Tenet handle the semester cycle for adjuncts and TAs?

Per-appointment lifecycle — grant at semester start, enforce per-course scope in Canvas / Blackboard / Brightspace, revoke at semester end. The FERPA-protected student-record access revokes cleanly. Per-semester audit trail supports annual FERPA compliance review and end-of-semester IRB review for TA-handled research data.

Does Tenet integrate with Banner, PeopleSoft, and Workday Student?

Yes. Tenet integrates with Banner (via Banner API or the institution's enterprise data bus), PeopleSoft Campus Solutions, and Workday Student. Faculty and staff lifecycle events flow from the HRIS; student-affiliation events flow from the SIS. The combined per-affiliate audit trail handles the faculty / staff / adjunct / TA / graduate-student / contractor population uniformly.

Can Tenet support NIST SP 800-171 / CMMC 2.0 grant-audit evidence?

Yes. Tenet's per-subject continuous event log produces evidence for AC.L2-3.1.1 through AC.L2-3.1.22 (the full AC family) natively. For federally funded research environments in CMMC 2.0 Level 2 certification cycles, Tenet's export is primary or supporting evidence depending on assessment-organization preference.

How does Tenet enforce Title IX case-file confidentiality?

Tenet's policy engine enforces case-file access boundaries — investigators have scope on their assigned cases, access revokes at investigator departure or case closure, and the per-case audit trail shows confidentiality preservation. The Title IX Coordinator has queryable evidence for OCR Title IX audit.

Does Tenet handle AI-research-tool usage for grant compliance?

Yes. Tenet's shadow-AI registry covers Elicit, Consensus, ResearchRabbit, general-purpose LLMs, and AI code assistants used on research. For each tool, usage metadata and grant-policy-violation flags are captured for the grant PI and VP of Research. Federal-grant data-handling compliance is tractable rather than reactive.

How is Tenet different from Stitchflow?

Tenet is built for the 500-5,000 employee mid-market with shadow-AI discovery and state-privacy audit trails as first-class capabilities, priced for dept-head purchase ($500-2,000/mo entry), while Stitchflow is moving upmarket with an IT-first UX and enterprise pricing. Both orchestrate SaaS lifecycle across HRIS and IAM, but Tenet's spine is the audit line — every provision, revocation, and shadow-AI tool detection produces a record a state-privacy regulator can read, and VP People + CISO share one view instead of Stitchflow's IT-centric console.

What is the smallest company that actually needs Tenet?

Roughly 100 employees with more than 20 SaaS apps per person, or any company where an employee departure triggers a manual checklist across more than 5 systems. Below that threshold, spreadsheets still scale. Above it, the probability of a 90-day-old ghost account rises sharply, and that single ghost account is the fact pattern every state-privacy and EU AI Act audit begins with.

Does Tenet work with my HRIS — Rippling, BambooHR, Workday, or Gusto?

Yes, Tenet reads lifecycle events from Rippling, BambooHR, Workday, and Gusto at launch, with ADP, Deel, Justworks, and UKG on the 2026 roadmap. Tenet is designed as the unbundled orchestration layer that sits above your HRIS — you do not switch HRIS to adopt Tenet, and Tenet never tries to replace payroll, benefits, or time tracking. HRIS stays your system of record for people; Tenet becomes your system of record for what those people can access.

How does Tenet's shadow-AI audit trail satisfy EU AI Act and state privacy law requirements?

Tenet records every shadow-AI tool discovered in employee workflows, every provisioning and revocation event, and every policy decision as an immutable audit entry in a format that exports to the evidence templates expected under EU AI Act (effective August 2026), ISO 42001, NIST AI RMF, and state privacy laws including CCPA-CT and CPRA. The audit format is citizen-request-ready — when a former employee exercises access or deletion rights, Tenet produces the per-subject trail in minutes instead of the week most orgs currently budget. Regulated customers can also export to their existing GRC tooling (Vanta, Drata, Secureframe) via webhook.