Sentinel Layer SRT · For Bullhorn Agencies

Runtime Assurance
Proof Kit

Evidence of vendor data governance capability for staffing agencies operating on Bullhorn ATS.

Prepared By Sentinel Layer SRT
Version 1.0 — February 2026
Sentinel Layer, Inc. — A Kokomo Technologies Company
Patent pending · sentinel-srt.com
Section 01

Runtime Assurance Statement

Sentinel Layer SRT provides runtime vendor data governance for staffing agencies. The system enforces contract-defined access boundaries on every vendor API call — before data is exposed, not after.

The following assurances are architecturally enforced. They are not policies. They are not contractual promises. They are structural properties of the system that cannot be overridden by configuration, vendor request, or human error.

Governance Assurances

  • Zero-knowledge credential isolation. Vendors never receive real Bullhorn credentials. Each vendor receives a unique proxy token scoped to their agreement. Credential compromise at the vendor level has zero enterprise impact.
  • Contract-enforced access control. SOWs, MSAs, and vendor agreements are translated into runtime policy. Entity access, field-level permissions, CRUD operations, rate limits, and time windows are enforced automatically and continuously.
  • Per-vendor instant revocation. Any vendor's access can be terminated immediately — without rotating Bullhorn credentials, without disrupting other integrations, without ATS configuration changes.
  • Field-level write restrictions. A vendor authorized to update one field cannot touch another. Enforcement occurs at the governance layer before the request reaches Bullhorn. Not by convention. Not by trust. By architecture.
  • Time-bounded execution windows. Vendor operations are restricted to defined time periods. Historical data outside the authorized range is structurally inaccessible — enforced by policy, not by trust.
  • Governance-grade audit trail. Every vendor API call is logged: who accessed what entity, which fields, when, under which policy, with what result. No credentials appear in the audit record. Full provenance. Full accountability.
Section 02

The Problem: Uncontrolled Vendor Access

Staffing agencies operating on Bullhorn integrate with 7–10 vendors on average: job boards, background screening, telephony, payroll, data enrichment, assessment tools, and more. Each vendor receives API credentials to access the agency's Bullhorn instance.

Bullhorn does not enforce contract-scoped access. Every vendor key receives access to substantially all data entities — regardless of the vendor's function, contractual scope, or business need.

Sample Audit Evidence — Actual Bullhorn API Key

From a live Vendor Access Report audit against production Bullhorn credentials:

20
Entities accessible
2
Entities authorized by genome
18
Overscoped entities
90%
Access exceeds contract

Data enrichment vendor key. Genome authorizes Candidate + JobOrder. Actual access includes Placement, Commission, Billing, PII, Notes, and System Config.

The gap: Your background screening vendor can read your entire placement revenue history. Your telephony vendor can access candidate PII, work history, and internal notes. No one is monitoring this. No audit trail exists.
Section 03

How It Works: Runtime Governance Proxy

Sentinel Layer operates as a governance proxy between your vendors and your ATS. Vendor API calls route through the Sentinel Layer before reaching Bullhorn. Every call is evaluated against the vendor's runtime policy — derived from their contract — before execution.

Vendor
ZoomInfo, Checkr, etc.
Sentinel Layer
Policy enforcement
Bullhorn ATS
Agency data
Proxy token (scoped) Real credential (isolated)

The vendor never sees the real Bullhorn credential. Sentinel Layer holds the real key and issues each vendor a unique proxy token. If a vendor is compromised, the proxy token is revoked. The Bullhorn credential — and every other vendor integration — is unaffected.

Capability What It Enforces
Entity-level access control Vendor can only access Bullhorn entities authorized by their genome (e.g., Candidate, JobOrder — not Placement, Commission)
Field-level restrictions Within an authorized entity, vendor can only read/write specific fields (e.g., name and email — not SSN or salary)
CRUD scoping Separate enforcement for Create, Read, Update, and Delete operations per entity per vendor
Rate limiting Per-vendor API call limits enforced at the proxy layer, preventing data exfiltration patterns
Time-window enforcement Vendor access restricted to defined periods (e.g., only 2024 placements, not historical records)
Instant revocation Kill any vendor's access in seconds without touching Bullhorn or other vendor integrations
Full audit trail Every API call logged: vendor, entity, field, operation, timestamp, policy applied, result
Section 04

Before and After: What Changes

Dimension Without Sentinel Layer With Sentinel Layer
Credential model Every vendor shares the same Bullhorn API key scope Each vendor gets a unique proxy token scoped to their contract
Access scope All entities accessible regardless of vendor function Only genome-authorized entities and fields accessible
Vendor compromise Full database exposure; requires credential rotation for all vendors Revoke one proxy token; all other vendors unaffected
Audit capability No vendor-level API access logging Complete per-vendor, per-entity, per-field audit trail
Contract enforcement Contractual only — no technical enforcement Contract terms translated to runtime policy — automatically enforced
Vendor offboarding Manual credential rotation; disrupts all vendors One-click revocation; zero disruption
Compliance posture Cannot prove what vendors accessed or when Exportable audit records for any compliance framework
Section 05

Proof Points

The following evidence supports the claims in this document:

Evidence Status What It Proves
Vendor Access Report Live Real-time audit showing actual vs. authorized vendor access on production Bullhorn credentials
Bullhorn API Probe Live Read-only entity-by-entity scan confirming overscoped access patterns across 24 Bullhorn entities
Governance Proxy (AWS) Deployed Working proxy infrastructure mediating API calls with policy evaluation and audit logging
Vendor Genome Library In Progress Predefined access templates for 6 vendor categories (enrichment, screening, telephony, job boards, payroll, assessment)
Pilot Agency Audits In Progress End-to-end governance deployment with production agencies on Bullhorn

Core architecture is patent pending. Technical details available under NDA.

Section 06

Next Steps

To evaluate Sentinel Layer SRT for your agency:

  • Run a Vendor Access Report. We audit your Bullhorn instance against your vendor contracts. Takes 10 minutes. No data is stored, modified, or extracted. You receive a full gap analysis.
  • Review your exposure. We walk through the heatmap, identify which vendors have access to which data, and quantify the gap between contract and reality.
  • Schedule a governance pilot. We deploy the proxy on one vendor integration, demonstrate enforcement, and deliver the audit trail. No ATS changes required.

customersuccess@sentinel-srt.com · sentinel-srt.com

Sentinel Layer, Inc.

A Kokomo Technologies company · Patent pending · © 2025–2026