Lifecycle orchestration and shadow-AI audit for professional services.

Why this matters for Professional Services

How does Tenet handle per-engagement access when a consultant rolls off a client?

Professional-services firms rotate consultants across clients with different data-handling requirements every quarter. Offboarding is not just about termination — it is about cleanly pulling access when a consultant rolls off one engagement and onto another. Client confidentiality obligations make a ghost account into a contract breach.

SaaS per employee

30–50 apps/employee, including per-client tool access

Key regulatory pressure

Client data-handling contract terms (often SOC 2 Type II required), professional responsibility ethics rules for regulated services, GDPR / CCPA / CPRA.

Shadow-AI angle

Consultants adopt AI research, AI writing, and AI presentation-generation tools to accelerate deliverables — often while handling client data. When a consultant rolls off or departs, the audit trail for which AI tools touched which client data is frequently absent until a client asks.

Executive summary

What does a client's SOC 2 Type II customer-audit question about our former employees look like?

Professional services — consulting firms, engineering services companies, staffing firms, design agencies — at 500-5,000 employees operates under a unique lifecycle model where roughly a third of the workforce changes clients or projects every quarter. The lifecycle surface is not just hire / termination; it is per-engagement access (grant at engagement start, revoke at rolloff), per-client confidentiality obligations, and a contract-level SLA on former-employee access revocation that client procurement increasingly enforces.

Client contract terms — particularly from Fortune 500, regulated-industry, and government clients — now routinely include clauses requiring the firm to evidence former-employee access revocation within specified windows (commonly 24-72 hours). SOC 2 Type II certification is table-stakes for most professional-services firms selling into enterprise. And the AI-tool explosion has added a data-provenance question: which AI tool touched which client's data, during which engagement, with what retention at the vendor. Tenet is built for this multi-tenant mental model: per-engagement access scoping, per-client audit evidence export, per-subject data-provenance trail across AI tools, and continuous SOC 2 CC6.2 / CC6.3 evidence for the whole workforce.

Representative stack

How do we prove to a client that their data didn't leave with a departed consultant?

Tenet plugs into the stack most professional services companies at 500–5,000 employees already run. You don’t switch HRIS. You don’t switch IAM. Tenet becomes the orchestration layer between them and the long tail of SaaS and AI tools where the audit evidence used to disappear.

• Workday / BambooHR (HRIS)
• Okta / Microsoft Entra (IAM)
• Google Workspace / Microsoft 365
• Salesforce
• Client-specific VPN / SSO access
• Internal PSA tool (Kantata, Planview, Projector)

Use cases

How does Tenet preserve privilege during former-attorney access revocation at a law firm?

Implementation playbook

What does outside-counsel-guideline former-attorney access attestation require from our firm?

Most professional services deployments complete the 4-phase playbook in 28 days. Accelerated deployments (14-21 days) are available for teams with pre-approved service accounts and existing Okta / HRIS investments.

1. Phase 1 · Week 1

   Connect

   Activities

   Service accounts for Workday or BambooHR HRIS, Okta or Microsoft Entra IAM, Google Workspace or Microsoft 365, Salesforce, PSA tool (Kantata, Planview, Projector), client-specific SSO federation endpoints. CISO + Compliance + Chief Delivery Officer approve scopes. Confidentiality-sensitive scope (e.g. regulated-services client data) pre-approved with per-client procurement liaison.

   Artifacts produced

   Integration scope matrix · Per-client confidentiality scope · Baseline engagement map

2. Phase 2 · Week 2

   Baseline

   Activities

   Baseline audit: active engagement access, orphan engagement access on rolled-off consultants, shadow-AI tool inventory across delivery teams. Reconciliation with PSA engagement records. Orphan cleanup in dry-run, then committed.

   Artifacts produced

   Baseline engagement-aware audit · Shadow-AI registry · Orphan cleanup receipt

3. Phase 3 · Week 3

   Activate

   Activities

   Consultant rolloff automation live. Attorney matter-level lifecycle (for law firms in scope) live. 1099 / sub-contractor lifecycle live. Scheduled access reviews prepared for next client SOC 2 audit cycle. AI-tool data-provenance monitoring continuous.

   Artifacts produced

   Live rolloff automation · Per-matter lifecycle receipt · 1099 lifecycle receipt

4. Phase 4 · Week 4

   Audit-ready

   Activities

   First per-client audit extract dry-run (for top-3 enterprise clients). First multi-client CCPA / CPRA DSAR dry-run. First SOC 2 CC6.2 export. Compliance Officer presents audit readiness to Chief Delivery Officer and Managing Partner.

   Artifacts produced

   Per-client audit extracts · Multi-client DSAR artifact · SOC 2 export · Partner briefing

Regulatory deep dive

How does Tenet handle the 1099 / sub-contractor lifecycle alongside the W-2 workforce?

Professional-services firms at 500-5,000 employees operate under a client-contract-driven regulatory stack more than a government-regulator-driven one. The dominant pressure comes from client procurement: Fortune 500 clients in regulated industries (financial services, healthcare, insurance, government) flow down their own regulatory obligations through vendor contract clauses, which means the professional-services firm serving them must meet a de-facto HIPAA, SOX, PCI-DSS, GLBA, or government-contractor standard for the scope of its client engagement.

SOC 2 Type II is table-stakes for most professional-services firms selling into enterprise. The CC6.x logical access controls — particularly CC6.2 (revocation) and CC6.3 (credential lifecycle) — are evidence-intensive and Tenet's continuous event log produces the evidence natively. The SOC 2 report scope typically covers the firm's operations; for consulting firms with specialized engagements, the scope may extend to specific client data environments under the firm's control.

For law firms specifically, the American Bar Association Model Rule 1.6(c) imposes a duty to make reasonable efforts to prevent inadvertent or unauthorized disclosure of client information. State bar ethics opinions have increasingly interpreted this as requiring reasonable information security including access controls on former attorneys. Outside-counsel guidelines from Fortune 500 clients now routinely include specific former-attorney access revocation clauses with SLA and attestation requirements. Tenet's matter-level lifecycle orchestration satisfies both the bar ethics and outside-counsel guideline expectations.

For engineering services firms doing federal contract work, NIST SP 800-171 applies via DFARS 252.204-7012. CMMC 2.0 Level 2 is now flowing down through defense-supply-chain contracts. Tenet's AC family evidence serves both.

State privacy laws — California CCPA / CPRA, Virginia CDPA, Colorado, Connecticut CTDPA, Texas TDPSA, Oregon OCPA — all apply to professional-services firms handling resident data. The 45-day DSAR window includes former employees and, in some interpretations, consultants whose personal data is processed by the firm. Tenet's per-subject export handles the citizen-request format for each state.

GDPR applies to firms serving European clients. GDPR Article 17 (right to erasure) and Article 20 (right to data portability) impose obligations that Tenet's per-subject export supports. The GDPR controller / processor distinction often places the firm as a processor for client data, with Tenet supporting the processor's obligations under Article 28.

On the AI side, the EU AI Act Article 26 applies to professional-services firms whose employees use high-risk AI systems on European-data-adjacent client work. The pending California AB 2930, Colorado SB 24-205, and similar state AI bills may impose impact-assessment obligations on professional-services firms using AI in high-risk workforce decisions.

Pricing context

What pricing looks like for professional services at buyer scale

At 1,200 employees in professional services, Tenet pricing typically lands $42,000-60,000 annual for the full per-engagement lifecycle + shadow-AI + multi-client DSAR stack. Competing enterprise IGA + GRC + SaaS management combinations typically run $250,000-500,000 annual at the same scale. Professional-services firms typically justify the ACV against single-client SOC 2 audit cost reduction and the avoidance of one client-contract-breach incident. Chief Delivery Officer and CISO co-fund in most firms.

Frequently asked — Professional Services

What professional services buyers ask before signing

Can Tenet produce a per-client access history for a former consultant on demand?

Yes — Tenet's audit trail supports per-subject (employee) and per-context (client engagement) filtering, so when a client requests evidence that a specific former consultant's access to their data was revoked within the contractual SLA, the firm exports a signed per-client history in minutes rather than the days most firms currently budget for a manual reconstruction.

How does Tenet handle consultant rolloff without a full termination event in HRIS?

Tenet reads engagement metadata from the PSA tool (Kantata, Planview, Projector) or directly from Salesforce / Rippling project records, triggering per-client access revocation on engagement end even when the consultant remains a firm employee. The client-specific SSO access, VPN, document repository access, and AI-tool project access all revoke at rolloff while firm-internal access persists.

Does Tenet integrate with iManage and NetDocuments for law-firm matter-level lifecycle?

Yes. Tenet reads matter-level metadata from iManage and NetDocuments and revokes former-attorney access at the matter boundary rather than the DMS boundary, preserving privilege-relevant distinctions. The per-matter audit trail is queryable for client outside-counsel-guideline attestation on demand.

How does Tenet handle the 1099 / sub-contractor workforce alongside W-2 employees?

Tenet's lifecycle model treats W-2 and 1099 populations in parallel with shared audit surface but distinct policy basis. The 1099 revocation trail supports client contract compliance, insurance carrier diligence, and state-specific 1099 / W-2 classification audit where relevant.

Can Tenet produce multi-client DSAR responses when a former consultant exercises CCPA rights?

Yes. The per-subject export is client-aware — it filters to each client's data scope so the DSAR response is accurate without cross-client confidentiality leakage. One Tenet instance supports DSARs for all firm clients without bespoke per-client export tooling.

How does Tenet handle AI-tool usage for GDPR processor obligations when we serve European clients?

Tenet's shadow-AI registry captures the AI tool usage pattern per consultant per engagement, supporting GDPR Article 28 processor obligations (documented processing, sub-processor inventory, data-transfer posture). European-client engagements often require the AI-tool inventory as part of the vendor security questionnaire; Tenet produces it natively.

How is Tenet different from Stitchflow?

Tenet is built for the 500-5,000 employee mid-market with shadow-AI discovery and state-privacy audit trails as first-class capabilities, priced for dept-head purchase ($500-2,000/mo entry), while Stitchflow is moving upmarket with an IT-first UX and enterprise pricing. Both orchestrate SaaS lifecycle across HRIS and IAM, but Tenet's spine is the audit line — every provision, revocation, and shadow-AI tool detection produces a record a state-privacy regulator can read, and VP People + CISO share one view instead of Stitchflow's IT-centric console.

What is the smallest company that actually needs Tenet?

Roughly 100 employees with more than 20 SaaS apps per person, or any company where an employee departure triggers a manual checklist across more than 5 systems. Below that threshold, spreadsheets still scale. Above it, the probability of a 90-day-old ghost account rises sharply, and that single ghost account is the fact pattern every state-privacy and EU AI Act audit begins with.

Does Tenet work with my HRIS — Rippling, BambooHR, Workday, or Gusto?

Yes, Tenet reads lifecycle events from Rippling, BambooHR, Workday, and Gusto at launch, with ADP, Deel, Justworks, and UKG on the 2026 roadmap. Tenet is designed as the unbundled orchestration layer that sits above your HRIS — you do not switch HRIS to adopt Tenet, and Tenet never tries to replace payroll, benefits, or time tracking. HRIS stays your system of record for people; Tenet becomes your system of record for what those people can access.

How does Tenet's shadow-AI audit trail satisfy EU AI Act and state privacy law requirements?

Tenet records every shadow-AI tool discovered in employee workflows, every provisioning and revocation event, and every policy decision as an immutable audit entry in a format that exports to the evidence templates expected under EU AI Act (effective August 2026), ISO 42001, NIST AI RMF, and state privacy laws including CCPA-CT and CPRA. The audit format is citizen-request-ready — when a former employee exercises access or deletion rights, Tenet produces the per-subject trail in minutes instead of the week most orgs currently budget. Regulated customers can also export to their existing GRC tooling (Vanta, Drata, Secureframe) via webhook.