| Normalisation Step |
Typical Effort |
Prerequisite For |
| Entity resolution |
2–4 weeks (one-time), ongoing governance |
Cross-system reporting, vendor analytics, conflict checks |
| Taxonomy standardisation |
4–6 weeks (one-time) |
Matter analytics, benchmarking, trend analysis |
| Metadata enrichment |
2–6 months (for legacy corpus) |
CLM analytics, obligation management, AI-powered review |
| Deduplication |
2–4 weeks per system pair |
Reliable dashboards, accurate financial reporting |
| Ongoing governance |
2–4 hours/week (permanent) |
Sustaining all of the above |
## The Three-Layer Data Architecture
### From Silos to Flow
Data normalisation makes individual systems reliable. The middleware layer makes them **interoperable**. Middleware — the integration technology that connects systems — enables data to flow between systems automatically, eliminating manual re-entry, reducing errors, and creating a unified data environment.
### The Legal Data Flow Architecture
A mature legal data architecture has three layers:
**Source systems.** The individual tools where data originates: CLM (contract data), matter management (matter data), e-billing (spend data), document management (work product), and enterprise systems (CRM, ERP, HR).
**Integration layer.** The middleware that moves data between source systems, applying transformation rules (normalisation, format conversion, entity mapping) in transit. This layer ensures that when a contract is executed in the CLM, the relevant data flows automatically to the CRM (deal closed), the ERP (payment terms activated), and the matter management system (matter status updated).
**Analytics layer.** The data warehouse or business intelligence platform where data from all source systems is consolidated for reporting and analysis. This is where financial performance is analysed, where spend trends are tracked, where cycle time metrics are computed, where legal value is measured, and where AI models are trained on high-quality, integrated legal information.
### The Single Source of Truth
The “single source of truth” is a data architecture where every data element has one authoritative source, and all other systems that consume that data receive it from that source. Contract terms are authoritative in the CLM. Spend data is authoritative in the e-billing system. Matter status is authoritative in the matter management system. The analytics layer reads from all authoritative sources, and the middleware ensures that authoritative data propagates to dependent systems.
When someone asks “what is our total contract exposure with Vendor X?”, the answer comes from one authoritative source, eliminating the confusion that arises from multiple spreadsheets maintained by different people showing conflicting numbers.
## Building the Single Source of Truth
A single source of truth is achieved through:
**Clear authoritative source designation.** For each data category, explicitly designate which system is authoritative. Document it. Communicate it to all staff. When someone asks “where is the definitive data on matter status?” or “what is the contract’s payment term?”, there is one agreed answer, not three competing spreadsheets.
**Middleware that enforces flow.** Once authoritative sources are designated, middleware ensures data flows from the authoritative source to dependent systems automatically, rather than through manual processes. Contract execution in the CLM triggers automatic updates to the CRM, matter management, and billing systems. No manual re-entry. No divergence.
**Integrated analytics.** The analytics layer pulls data from all authoritative sources and integrates it into a unified repository. This enables reporting and analysis that spans systems — total spend with a vendor across matters and jurisdictions, contract exposure against revenue, client profitability accounting for matter cost and contract margin.
**Reconciliation processes.** Periodic reconciliations identify divergence between systems (why is this contract showing different values in the CLM and the e-billing system?) and trigger investigation. Reconciliation is not a once-yearly audit — in a mature data architecture, reconciliations are continuous and automated, flagging anomalies in real time.
## Measuring Information Governance Maturity
Information Governance maturity can be assessed through key metrics that reflect the health of your data, the effectiveness of your processes, and your readiness for advanced applications like AI and analytics.
### Key Information Governance Metrics
**Data coverage percentage.** What proportion of your legal information assets are in structured, queryable systems versus unstructured repositories or offline storage? Target: \>85% of active contracts in CLM; \>80% of matter documents in document management system.
**Metadata completeness percentage.** Of the documents in your repository, what proportion have complete, accurate metadata (parties, dates, values, classification)? For contracts, what proportion have extraction of key commercial terms? Target: \>90% of executed contracts have complete standard metadata; \>75% have extracted commercial terms.
**Records classified percentage.** What proportion of documents in your repository have been assigned a retention classification and access classification? Target: \>95%.
**Policy compliance rate.** Are documents being retained and disposed of in accordance with your retention schedules? Are legal holds being managed correctly? Do audit logs show that access controls are being enforced? Target: \>98% of dispositions compliant with schedules; 100% of legal holds tracked and managed.
**Data quality audit results.** Periodic data quality audits check for consistency (entity names, taxonomy application, metadata accuracy). Sample 100 random records and assess for accuracy. Target: \>95% accuracy on entity resolution; \>90% accuracy on taxonomy application.
**System interoperability.** What proportion of data flows between source systems are automated via middleware versus manual re-entry? Target: \>90% of routine data flows automated.
### Information Governance Maturity Scorecard
| Capability |
Immature (0–25) |
Developing (25–50) |
Managed (50–75) |
Optimised (75–100) |
| **Classification** |
No formal classification; inconsistent naming |
Classification policy defined; partial rollout |
Classified \>75% of documents; consistent application |
\>95% of documents classified; automated enforcement |
| **Retention** |
Retention schedules vague or absent |
Retention schedules defined for major categories |
Schedules documented and \>80% applied |
Automated disposition workflows; \>98% compliance |
| **Legal Hold** |
Holds managed informally; inconsistent |
Processes documented; holds tracked in spreadsheet |
Centralised holds tracking; some automation |
Integrated holds management; automated notifications |
| **Data Quality** |
Multiple entity names for same counterparty; inconsistent metadata |
Entity resolution underway; taxonomy project initiated |
Entity resolution \>80% complete; metadata \>75% structured |
\>95% entity resolution; metadata \>90% complete |
| **Access Control** |
Access based on role only; minimal audit |
Classification linked to access; access logs maintained |
Access controls enforced by system; audit trail complete |
Real-time access monitoring; anomaly detection active |
| **Analytics** |
No integrated reporting; multiple separate reports |
Data warehouse planned; pilot BI tool |
Warehouse with major source systems; dashboards for key metrics |
Integrated analytics across all systems; AI models operational |
Use this scorecard to identify priority improvement areas. If your organisation is at “immature” on Classification, that is a priority — you cannot confidently restrict access to privileged material if documents are not classified. If you are “immature” on Data Quality, that is your blocking issue for AI deployment — clean the data first.
## In the Trenches
**The Data Clean-Up That Unlocked AI**
An Australian financial services firm spent \$180,000 on an AI-powered contract analysis tool. The vendor demo was impressive: the tool could extract 47 different data points from a contract, identify risk clauses, and score overall contract risk. The firm’s General Counsel approved the investment based on the compelling demo.
Four weeks into deployment, the results were unusable. The tool was extracting entity names inconsistently (the same counterparty appeared under seven different name variations), misclassifying contract types (because the firm’s naming conventions differed substantially from the tool’s training taxonomy), and misidentifying standard internal clauses as “high risk” due to lack of context about the firm’s approved positions.
The Head of Legal Operations paused the AI deployment and redirected the team to a three-month data normalisation sprint. They resolved entity names across the contract repository (consolidating 2,800 unique entity strings into 940 canonical entities). They standardised contract type classifications. They tagged 200 approved clause variants as “standard” so the AI could distinguish them from genuinely non-standard language.
When the AI tool was reactivated against the normalised data, extraction accuracy jumped from 62% to 94%. Risk scoring became reliable enough to use in production workflows. Contract review was accelerated from an average of 6 hours to 90 minutes per contract. The tool that had been a \$180,000 write-off candidate became the foundation of the firm’s contract analytics capability and directly contributed to a 30% improvement in contract cycle time.
The lesson is universal: the AI worked as designed. The investment only delivered value once the data foundation was cleaned and normalised. Establishing information governance and data quality as foundational capabilities, ahead of advanced technologies, unlocks the full potential of every downstream investment.
## Checklist
- **Run an entity resolution check.** Pick your top 10 counterparties by contract volume or spend. Search for each across every system the legal department uses (CLM, matter management, e-billing, DMS, CRM). Count the name variations. If any entity has more than two variations, entity resolution is an immediate priority.
- **Define your authoritative sources.** For each major data category (contracts, matters, spend, work product), designate one system as the authoritative source. Document it. Communicate it. When someone asks “where is the definitive data on X?”, there should be one answer, not three.
- **Audit your retention schedules.** Review your current document retention policy. Does it cover all document types the legal department manages? Are the retention periods documented and justified (compliant with laws, regulatory requirements, business needs)? Are retention classifications actually being applied?
- **Estimate your metadata enrichment backlog.** How many contracts in your repository have structured metadata (party, value, dates, key terms) versus unstructured storage (a PDF with a filename)? The ratio of structured to unstructured is your metadata enrichment gap — and your AI-readiness indicator.
- **Map one end-to-end data flow.** Select a process (e.g., contract execution to revenue recognition) and trace the data from origin to destination. Note every point where data is manually transferred, reformatted, or re-entered. Each manual step is an error risk and a middleware automation candidate.
- **Classify a small sample of documents.** Take 20 documents at random from your repository and assign them a classification (public, internal, confidential, privileged). What fraction of the team would agree with your classifications? If consensus is unclear, your classification criteria need tightening and your team needs training.
## Suggested Reading
- [ARMA - Generally Accepted Recordkeeping Principles](https://www.arma.org/page/principles)
- [ISO 15489-1: Information and Documentation - Records Management](https://www.iso.org/standard/62542.html)
- [NIST Privacy Framework](https://www.nist.gov/privacy-framework)
- [NIST Cybersecurity Framework 2.0](https://www.nist.gov/cyberframework)
- [IAPP - Data Governance Resources](https://iapp.org/resources/topics/data-governance/)