Disconnected documents and inboxes becoming a governed knowledge layer for a controlled AI assistant

AI needs context about the business it is helping. If that context is duplicated, obsolete, inaccessible or sensitive, the system will be difficult to trust. Preparing information is not a one-off cleanup; it is an ownership and maintenance practice.

Practical takeaway

Begin with one workflow and a source-of-truth register. Do not copy every file into a new repository and call it clean data.

Why AI needs business context

A general model can write fluent text, but it does not automatically know current prices, policies, inventory, customer commitments or operating rules. A business system must retrieve approved context and keep access within the user’s permissions.

The output should link back to sources where accuracy matters. If sources disagree or no answer exists, the system should surface uncertainty rather than inventing a resolution.

Structured data and documents

Structured data lives in defined fields such as customer, job, product or date. Documents contain narrative information such as procedures, manuals, contracts and notes. Both can be useful, but they require different extraction, validation and permission approaches.

Do not flatten everything into unstructured text. Preserve identifiers, dates, ownership and relationships that help the system retrieve the right context.

Find authoritative sources

Inventory the CRM, shared drives, spreadsheets, email, manuals, line-of-business systems and knowledge held by staff. For each subject, name the authoritative source and an owner who can approve changes.

A source-of-truth register should record purpose, location, owner, sensitivity, update frequency, quality concerns and permitted users. It turns “our data is messy” into a manageable list.

Remove duplication and obsolete material

Sample real searches and trace conflicting answers. Archive superseded policies, merge obvious duplicates and mark effective dates. Use consistent file names and versioning so a person can understand which document applies.

Avoid deleting history needed for legal, financial or operational reasons. Information governance should include retention requirements and an auditable change process.

Permissions and sensitive information

Classify personal, confidential, commercially sensitive and security-related information. Apply least-privilege access in both the source and AI layer. Test whether users can retrieve information they should not see, including through indirect questions.

Review provider terms, storage, training use, data location, logging and deletion. Never place credentials or secrets in a knowledge base.

Capture staff knowledge responsibly

Interview people who handle exceptions and ask them to demonstrate recent examples. Convert stable knowledge into maintained guidance with an owner and review date. Preserve room for judgement rather than pretending every exception is a rule.

Give staff a correction path. Useful systems improve when users can flag a wrong answer and the owner repairs the source rather than merely editing one response.

A four-week preparation plan

Week 1: choose the workflow and inventory sources. Week 2: assign authority, sensitivity and ownership. Week 3: clean a limited set and test retrieval with real questions. Week 4: define permissions, review, corrections and ongoing maintenance.

The output is a controlled information foundation and a decision about pilot readiness—not a promise that all company knowledge has been cleaned.

Data-readiness inventory

SourceAccurate?Sensitive?Owner named?Accessible?
CRM
Shared drive
Spreadsheets
Email
Manuals and procedures
Staff knowledge

Print or copy the table and add notes. A sensitive source can still be useful, but it needs stronger access and handling controls.

Frequently asked questions

Does preparing data mean putting everything in one database?

No. Different systems may remain authoritative for different subjects. A governed knowledge layer can retrieve from them while preserving identifiers, permissions and ownership. Centralising copies without maintenance rules can create another stale source rather than solving the problem.

How should email be used as an AI source?

Email contains valuable context but also personal, confidential and informal material. Avoid broad ingestion by default. Define a narrow business purpose, legal basis, permissions, retention and exclusions. Maintained documents or structured records are usually better long-term sources than an uncontrolled mailbox.

What is retrieval-augmented generation?

It is an approach where a system retrieves relevant source material and supplies it as context when generating an answer. This can improve relevance and allow citations, but retrieval can still choose the wrong source. Permissions, indexing, evaluation and human review remain necessary.

Who should own a knowledge source?

The owner should understand the subject and have authority to approve corrections and retirement. Technical teams can maintain infrastructure, but they cannot determine whether a policy or operational instruction is current. Record an owner and review frequency for each important source.

How can staff knowledge be captured without losing nuance?

Use interviews and real examples, distinguish stable rules from judgement, and record when escalation is required. Ask experienced staff to review the resulting guidance. The goal is not to eliminate expertise but to make repeatable knowledge available while preserving human handling of exceptions.

How is an AI knowledge base maintained?

Assign source owners, review dates and correction workflows. Monitor unanswered and low-confidence questions, trace errors to their source, and test permissions after changes. Retire obsolete material rather than continually adding more. Maintenance is part of the operating cost from the first pilot.

A sensible next step

Tin Shed can help identify authoritative sources, permission boundaries, retrieval needs and the smallest governed information set for a practical pilot.

Map the information behind your first AI system

Prepared by Tin Shed Software as practical general information. Any AI-assisted workflow should be reviewed for accuracy, privacy, security and suitability before it affects customers or business decisions.

Related pages