Before your first document is chunked or embedded, seven questions need answers about every asset you plan to index:
- Is it accurate? Someone with domain authority must be able to attest to its correctness today.
- Is it current? When was it last validated, and does it have an expiry date?
- Who owns it? Not a team. A named person who can certify and update it.
- Does it duplicate something else? Multiple slightly different copies degrade retrieval quality more than a single clean source.
- Who is allowed to see it? Sensitivity classification must precede indexing, not follow it.
- Has a domain expert certified it? No chunking strategy compensates for a document a domain owner would flag as wrong.
- When does it need to be recertified? Without a freshness policy, the knowledge base starts decaying from day one.
These are not pre-processing questions. They are governance questions. And if your organization has a data catalog, you already have most of the answers.
This guide covers seven preparation steps, a prerequisites checklist, and the shortcut most enterprise teams are already sitting on.
Below, we explore: why data prep decides RAG quality, prerequisites before you start, the seven preparation steps, how Atlan accelerates this work, and how to measure readiness.
| Time to complete | 1–3 weeks (audit and classification phase); ongoing thereafter |
| Difficulty | Intermediate |
| Prerequisites | Inventory of candidate sources, data ownership assignments, sensitivity classification policy |
| Tools needed | Data catalog or metadata management platform, document store or vector database, classification framework (Public / Internal / Confidential / Restricted) |
Why data preparation decides RAG quality
Permalink to “Why data preparation decides RAG quality”Every guide for building an LLM knowledge base eventually gets to chunking strategies, embedding models, and vector store selection. Almost none ask the upstream question: can you trust the documents you are about to index?
Research into enterprise RAG failures consistently identifies poor source data quality as the leading cause of retrieval failures in enterprise RAG deployments — ahead of retrieval architecture, model selection, or prompt engineering. The specific culprits: duplicate documents, noisy text, and missing metadata. These are not engineering problems. They are governance problems that happen to surface in an engineering context.
1. The upstream failure mode
Permalink to “1. The upstream failure mode”A retrieval pipeline is only as trustworthy as its source corpus. When source documents are outdated, contradictory, or duplicated, the LLM retrieves confidently and answers incorrectly. Practitioners in RAG engineering communities describe spending weeks tuning embeddings and retrieval parameters before discovering that the root cause was source document quality — stale policies, conflicting definitions, five versions of the same document each slightly different.
2. The governance gap no one fills
Permalink to “2. The governance gap no one fills”Metadata enrichment significantly improves retrieval quality and performance by providing relevance signals and enabling filtered search that pure vector similarity cannot replicate. But enrichment only works if the underlying documents are accurate, owned, and safe to expose. That requires governance decisions — who owns this document, who validated it, and who is allowed to retrieve it — that engineering pipelines cannot make on their own.
The result: data engineers are handed a “build our RAG knowledge base” project with a deadline, and the guides they consult assume clean source data as a given. For enterprise LLM knowledge bases, that assumption is almost never true.
Who this guide is for: The data engineer or architect two weeks into a RAG project who is frustrated that every guide skips the step that actually matters. Also: data governance leads who have not been invited into the AI team’s knowledge base planning — and should be.
Prerequisites before you start
Permalink to “Prerequisites before you start”Data preparation fails when governance is called in to remediate problems after ingestion begins. The checklist below is not optional groundwork; it is the condition under which the seven steps work.
Organizational prerequisites
Permalink to “Organizational prerequisites”- Data source inventory: A working list of every document, database, wiki, and file store you are considering indexing, with ownership assigned to named individuals rather than teams.
- Sensitivity classification policy: A defined taxonomy (Public / Internal / Confidential / Restricted) agreed on before a single document is touched.
- Domain owner participation: At least one domain owner per major content area who can certify accuracy and flag outdated assets.
- Governance team in the room: Data governance must be involved before ingestion begins, not called in after a data leakage incident.
Technical prerequisites
Permalink to “Technical prerequisites”- Metadata platform or catalog: Either an existing data catalog (Atlan, or a comparable platform) or a structured metadata tracking approach. Spreadsheets do not scale past the initial audit.
- Document store access: Read access to all candidate source systems: Confluence, SharePoint, S3, databases, ticketing systems.
- Vector store or knowledge base target: Selected and provisioned, with its access control model understood before classification decisions are made.
Team and time commitment
Permalink to “Team and time commitment”- Data governance lead: 20–30% for 2–3 weeks during initial prep
- Domain owners per content area: review and certification sign-off
- Data engineer: pipeline and ingestion work
- Total: 1–3 weeks for the initial audit; ongoing for freshness and recertification
Step 1 — Inventory and classify your source documents
Permalink to “Step 1 — Inventory and classify your source documents”What you will accomplish: A complete, tagged inventory of every candidate source document, typed by content domain, assigned to an owner, and classified by sensitivity level. Without this, every subsequent step operates on unknown inputs.
Time required: 3–5 days for an initial corpus of 500–2,000 documents. Larger corpora require automated classification tooling.
1. Pull a full source list
Permalink to “1. Pull a full source list”List every system contributing documents: wikis, databases, file stores, ticketing systems. For each asset, record: source system, document type, last modified date, and current owner. If ownership is TBD for more than a handful of documents, stop and resolve it before proceeding. An unowned document cannot be certified.
2. Apply a domain taxonomy
Permalink to “2. Apply a domain taxonomy”Assign each document to a content domain: Product, Legal, Finance, HR, Engineering. Domain classification enables two things: domain-specific ownership assignment and retrieval filtering later. A Finance analyst querying the knowledge base should surface Finance-domain documents preferentially; that only works if domain tags exist at prep time.
3. Apply sensitivity labels
Permalink to “3. Apply sensitivity labels”Classify each document as Public, Internal, Confidential, or Restricted. This step must happen before indexing. EDPB guidance (2025) identifies unclassified data reaching RAG inference as the primary enterprise LLM data leakage vector. The blast radius of a misclassified Restricted document is not a configuration error — it is a compliance event.
4. Assign ownership
Permalink to “4. Assign ownership”Every document needs a named owner, a person who can answer: Is this still accurate? Who can see it? When does it expire? Ownership by team is insufficient. Certification in Step 6 requires a named human to attest.
Validation checklist:
- Every candidate document has a domain classification and sensitivity label
- Every document has a named owner (not a team, a person)
- Restricted and Confidential documents are flagged for access control mapping in Step 5
Common mistake: Skipping classification because “we’ll handle security later.” Sensitivity must precede indexing, not follow it. Retrofitting access controls at the vector store layer cannot compensate for classification that did not happen upstream.
For lineage context on document provenance, see training data lineage for LLMs.
Step 2 — Deduplicate: enforce one authoritative version
Permalink to “Step 2 — Deduplicate: enforce one authoritative version”What you will accomplish: A corpus where each concept, policy, or fact exists in one authoritative version, not spread across five slightly different copies that inflate retrieval results and reduce answer quality.
Time required: 1–3 days depending on corpus size and tooling.
Near-duplicate documents in a RAG corpus create redundant chunks that inflate retrieval results. Multiple copies with subtle modifications cause the same content to outrank more relevant, distinct documents. This is not a retrieval problem. It is a source data problem that retrieval makes visible.
1. Run similarity detection
Permalink to “1. Run similarity detection”Use cosine similarity or MinHash LSH to surface near-duplicate document pairs above a defined threshold. A similarity threshold between 0.80 and 0.90 is a practical starting point; the right value depends on how consistent your corpus vocabulary is. Exact-match deduplication alone is insufficient — near-duplicates with rewording or minor edits slip through string matching and only appear as retrieval noise.
2. Designate canonical versions
Permalink to “2. Designate canonical versions”For each duplicate cluster, pick the authoritative version. The decision criteria, in order of preference: most recently updated, owned by the domain owner, sourced from the system of record. Document the rationale — canonical designation is a governance decision, not a technical one.
3. Archive non-canonical versions
Permalink to “3. Archive non-canonical versions”Do not delete non-canonical documents. Archive them with a pointer to the canonical version. Deletion loses provenance and removes the audit trail that explains why the canonical version was chosen.
4. Record the deduplication decision
Permalink to “4. Record the deduplication decision”For each canonical designation: which version was chosen, the owner who confirmed it, and the date. This record is reviewable by governance and auditable by compliance.
Validation checklist:
- No two documents in the final corpus score above your similarity threshold
- Every canonical designation has an owner and a rationale
- Archived duplicates carry a pointer to the canonical version
Step 3 — Normalize format and structure
Permalink to “Step 3 — Normalize format and structure”What you will accomplish: A corpus where all documents follow consistent formatting conventions that make chunking deterministic and retrieval metadata reliable.
Time required: 1–2 days for conversion tooling setup; ongoing for new documents.
AWS prescriptive guidance identifies consistent heading structure and clear formatting as the primary source document quality lever for RAG performance. Inconsistent formatting — mixed PDF, HTML, and DOCX sources; arbitrary heading hierarchies; embedded images with no alt text — produces uneven chunks that degrade retrieval precision.
1. Convert to a consistent format
Permalink to “1. Convert to a consistent format”Markdown or plain text is the RAG-friendly default. Strip formatting noise: embedded images without descriptions, nested tables, decorative headers. The goal is a document structure where chunk boundaries are predictable, not emergent from whatever the original author’s word processor did.
2. Enforce heading hierarchy
Permalink to “2. Enforce heading hierarchy”H1 is the document title. H2 marks major sections. H3 marks subsections. Consistent hierarchy makes chunk boundaries predictable and enables heading-aware chunking strategies, which outperform fixed-length chunking for structured content.
3. Standardize metadata fields
Permalink to “3. Standardize metadata fields”Every document should carry at minimum: title, owner, domain, sensitivity_label, last_validated_date, source_system. These fields enable filtered retrieval, display provenance to end users, and power the freshness checks in Step 7. Missing fields at prep time mean missing retrieval signals at query time.
4. Validate against a format checklist
Permalink to “4. Validate against a format checklist”Automated linting catches missing required fields before ingestion. A document that reaches the vector store without sensitivity_label or last_validated_date is a governance failure, not a formatting oversight.
Validation checklist:
- All documents in target format (Markdown or plain text)
- All documents carry required metadata fields:
title,owner,domain,sensitivity_label,last_validated_date - Heading hierarchy is consistent across all documents
Normalized, metadata-rich source documents directly reduce LLM hallucination risk. The model retrieves accurate, well-attributed chunks rather than plausible-sounding fragments from poorly structured sources.
Step 4 — Enrich metadata: add business context
Permalink to “Step 4 — Enrich metadata: add business context”What you will accomplish: Source documents enriched with business context — glossary linkage, related assets, lineage pointers, and domain tags — that enables filtered search and surfaces relevance signals pure vector similarity misses.
Time required: 2–4 days for initial enrichment; ongoing via catalog automation for new assets.
Metadata enrichment improves retrieval quality by enabling filtered search, a relevance signal that pure vector similarity cannot replicate on its own. But enrichment is only durable if it is maintained. Applied once at ingestion and left to decay, metadata becomes misleading rather than helpful.
1. Link to the business glossary
Permalink to “1. Link to the business glossary”Tag each document with the canonical business terms it covers: revenue_recognition, churn_rate, data_product. This connects source documents to your organization’s semantic layer. A query about “churn” surfaces documents tagged with churn_rate; without the glossary link, the retrieval system cannot make that connection. Active metadata platforms like Atlan automate this linkage as assets are cataloged, rather than requiring manual tagging at prep time.
2. Add lineage pointers
Permalink to “2. Add lineage pointers”For data assets (reports, dashboards, dataset definitions), record what upstream systems they derive from. Lineage is provenance. It tells the LLM where facts came from, and it tells governance teams what to recertify when an upstream source changes. See training data lineage for LLMs for the role lineage plays as a quality signal, not just an audit trail.
3. Tag related assets
Permalink to “3. Tag related assets”Link documents that cover the same topic or should be retrieved together. Cross-document links improve multi-document reasoning. A knowledge base that knows two documents are related surfaces both when one is retrieved, rather than returning only the closest vector match.
4. Apply domain and audience tags
Permalink to “4. Apply domain and audience tags”Mark who the document is intended for: engineers, finance analysts, executives. Audience tags enable persona-filtered retrieval and prevent a Restricted finance report from surfacing in a general employee-facing knowledge base query.
Validation checklist:
- Every document linked to at least one business glossary term
- Data asset documents carry upstream lineage references
- Domain and audience tags applied to all documents
Common mistake: Treating metadata enrichment as a one-time step. Without active metadata management, enrichment decays as source documents are updated and the catalog falls out of sync.
Step 5 — Map access controls before indexing
Permalink to “Step 5 — Map access controls before indexing”What you will accomplish: A document corpus where every asset’s access controls are explicitly mapped and enforced at the knowledge base layer, not patched in later at the vector store.
Time required: 1–2 days for access control mapping; dependent on identity provider integration complexity.
Organizations that expose unclassified data to RAG pipelines face “blast radius” expansion at inference time. EDPB guidance (2025) identifies sensitive data retrieved from knowledge bases at query time as the primary LLM data leakage vector. Fine-grained access controls on vector stores are necessary, but they assume classification happened upstream — a condition this step creates.
1. Map sensitivity labels to access roles
Permalink to “1. Map sensitivity labels to access roles”Restricted documents: named individuals only. Confidential: department-level roles. Internal: all employees. Public: no restriction. This mapping must be explicit and documented — not inferred from source system settings that may not transfer to the knowledge base.
2. Inherit from source systems where possible
Permalink to “2. Inherit from source systems where possible”If a document in SharePoint has Department: Finance access, that control should carry through to the knowledge base index. Inheriting controls from source systems reduces the risk of over-permissioning during migration and creates an auditable chain of custody.
3. Audit for over-permissioned assets
Permalink to “3. Audit for over-permissioned assets”Legacy wikis and shared drives commonly contain documents that were over-permissioned at creation and never reviewed. Reclassify before indexing. An over-permissioned Confidential document discovered at inference time — when an employee without clearance receives a retrieval result they should not see — is a compliance event, not a configuration issue.
4. Document access control decisions
Permalink to “4. Document access control decisions”The mapping between sensitivity labels and roles must be reviewable by security and compliance teams. This is not optional documentation; it is the evidence that demonstrates pre-indexing governance due diligence.
Validation checklist:
- Every Restricted and Confidential document has an explicit role mapping
- No documents with missing sensitivity labels are in the ingestion queue
- Inheritance from source systems is documented and verified
Step 6 — Certify: get domain owner sign-off
Permalink to “Step 6 — Certify: get domain owner sign-off”What you will accomplish: A corpus where every document has been reviewed and attested by a domain owner, the equivalent of editorial review for enterprise knowledge.
Time required: 1–2 weeks to complete initial certification across all domains. Ongoing recertification per your freshness policy (Step 7).
No chunking strategy or embedding model compensates for a document that a domain owner would flag as inaccurate, outdated, or superseded. Certification is the governance gate between “we have this document” and “we trust this document enough to put it in a system that answers questions on behalf of the organization.”
1. Assign certification owners
Permalink to “1. Assign certification owners”One domain owner per content area is the reviewer and certifier for documents in their domain. The assignment must be to a named person (not a team) who has the authority to attest to accuracy and the context to identify staleness.
2. Define the certification criteria
Permalink to “2. Define the certification criteria”Three questions every certifier must answer:
- Is this document accurate as of today?
- Is this the authoritative version (no superseding document exists)?
- Is the sensitivity label correct?
All three must be confirmed. A document that passes accuracy but has the wrong sensitivity label is not certifiable until the label is corrected.
3. Record certification with timestamp
Permalink to “3. Record certification with timestamp”certified_by, certified_date, and certification_expiry are required metadata fields. Expiry triggers recertification in Step 7. A document without an expiry date has no freshness guarantee — it will remain in the knowledge base indefinitely, degrading answer quality as the underlying reality it describes changes.
4. Block uncertified documents from ingestion
Permalink to “4. Block uncertified documents from ingestion”Certification status is a hard gate. An uncertified document does not enter the ingestion queue. This is not a strict policy to apply “when time allows.” It is the condition that makes the knowledge base trustworthy. For how LLM knowledge base staleness propagates when this gate is missing, see the companion piece.
Validation checklist:
- Every document in the ingestion queue has
certified_byandcertified_date - Certification expiry dates are set and tracked
- Zero uncertified documents in the final corpus
Step 7 — Establish a freshness and recertification strategy
Permalink to “Step 7 — Establish a freshness and recertification strategy”What you will accomplish: A governance policy that keeps your knowledge base accurate over time, not a snapshot that decays from the moment it goes live.
Time required: 1 day to define the policy; ongoing automated monitoring thereafter.
Data preparation is not a one-time pre-ingestion sweep. Sources change. Policies update. Products launch and sunset. A knowledge base without a freshness strategy answers questions accurately on day one and increasingly poorly on day 90. Practitioners in RAG engineering communities report discovering staleness problems at inference time — weeks after RAG is in production — because no freshness gate was designed at the source level.
1. Set freshness tiers by content domain
Permalink to “1. Set freshness tiers by content domain”Legal and Compliance documents: 30-day recertification cycle. Product documentation: 60 days. General reference: 90 days. The tier structure reflects how quickly each content domain changes, rather than applying a uniform interval that treats a legal policy the same as an engineering wiki.
2. Monitor source systems for changes
Permalink to “2. Monitor source systems for changes”When a source document is updated, trigger a recertification workflow automatically rather than waiting for the scheduled cycle. Scheduled-only recertification misses in-cycle changes; change-triggered workflows catch them. Active metadata management platforms propagate change signals from source systems to the governance layer automatically.
3. Surface last_validated_date in retrieval responses
Permalink to “3. Surface last_validated_date in retrieval responses” Let the LLM and the user see when a source document was last certified. Transparency about freshness is a trust signal. A retrieval result that includes “last validated: 47 days ago” gives the user context to evaluate the answer; one that omits freshness information invites false confidence.
4. Run quarterly knowledge base audits
Permalink to “4. Run quarterly knowledge base audits”Full review of the corpus for: orphaned documents (owner has left the organization), expired certifications, and sensitivity label drift (a document reclassified at the source but not updated in the knowledge base). Quarterly audits surface the governance debt that automated triggers miss. See LLM knowledge base staleness for a detailed freshness framework.
Validation checklist:
- Freshness policy documented with tier definitions and recertification intervals
- Automated triggers configured for source system changes
last_validated_dateexposed in the knowledge base metadata layer- Quarterly audit cadence scheduled
How Atlan accelerates data preparation
Permalink to “How Atlan accelerates data preparation”Building a data preparation workflow from scratch for an LLM knowledge base means recreating, manually and expensively, the metadata infrastructure most enterprise teams already maintain in their data catalog. Classification scripts, deduplication checks, freshness trackers, and certification spreadsheets are each a bespoke build on top of governance work that already exists elsewhere in the organization.
Atlan’s data catalog for AI performs continuous automated classification (surfacing PII and sensitivity tags across assets before they reach any downstream system), certification workflows (domain owner attestation with timestamps and expiry), active metadata propagation (freshness tracked at the source, not discovered at inference), lineage capture (provenance that no document store can replicate), and business glossary linkage (semantic context that makes retrieval more precise than vector search alone). The Atlan context layer — accessible via MCP or API — exposes these governed, certified, metadata-rich assets directly to LLM workflows. The catalog is not a system you build alongside your knowledge base. It is the knowledge base, already prepared.
Enterprise teams that connect their data catalog to their RAG stack can eliminate the manual pre-ingestion audit phase for catalog-managed assets — classification, sensitivity labeling, and certification are already complete. Retrieval accuracy improves because metadata filters replace broad vector similarity as the primary retrieval signal for governed data domains. And the blast radius problem — sensitive data surfaced at inference — is addressed upstream, not patched at the vector store layer. The result is a data catalog functioning as an LLM knowledge base — not a separate system, but the one enterprise data teams already maintain.
See how Atlan connects your catalog to your AI stack
See Context Studio LiveReal stories from real customers: governing AI at enterprise scale
Permalink to “Real stories from real customers: governing AI at enterprise scale”"AI initiatives require more context than ever. Atlan's metadata lakehouse is configurable, intuitive, and able to scale to hundreds of millions of assets. As we're doing this, we're making life easier for data scientists and speeding up innovation."
— Andrew Reiskind, Chief Data Officer, Mastercard
"We're excited to build the future of AI governance with Atlan. All of the work that we did to get to a shared language at Workday can be leveraged by AI via Atlan's MCP server — as part of Atlan's AI Labs, we're co-building the semantic layer that AI needs with new constructs, like context products."
— Joe DosSantos, VP of Enterprise Data & Analytics, Workday
Data preparation principles for a governed LLM knowledge base
Permalink to “Data preparation principles for a governed LLM knowledge base”- Source data quality — not retrieval architecture — is the primary failure mode in enterprise RAG deployments.
- Sensitivity classification must happen before indexing; fixing access controls at the vector store layer is too late.
- A data catalog already performs classification, certification, and freshness tracking — the steps every guide calls “data prep.”
- Certification coverage, freshness compliance, and retrieval precision are the three metrics that define knowledge base readiness.
Next steps after data preparation
Permalink to “Next steps after data preparation”The seven steps above are governance steps that happen to produce a knowledge-base-ready corpus. Measure success not by document count but by:
- Certification coverage: What percentage of indexed documents are certified by a domain owner?
- Freshness compliance: What percentage are within their recertification window?
- Retrieval precision: Are metadata filters reducing the hallucination rate compared to unfiltered vector search?
Data preparation is not complete when the first ingestion runs. It is complete when a governance loop is in place. The next step is connecting the prepared corpus to the knowledge base build workflow and establishing the quarterly audit cadence that prevents the corpus from decaying into the same ungoverned state you started from.
FAQs about data preparation for LLM knowledge bases
Permalink to “FAQs about data preparation for LLM knowledge bases”1. What data do you need to build an LLM knowledge base?
Permalink to “1. What data do you need to build an LLM knowledge base?”An inventory of structured and unstructured sources (wikis, databases, file stores, ticketing systems) with ownership assigned, domain classifications applied, and a sensitivity policy agreed on before ingestion begins. Quality matters more than volume. A smaller corpus of certified, deduplicated, metadata-rich documents outperforms a larger unvetted dump in retrieval precision.
2. How do you clean data for RAG?
Permalink to “2. How do you clean data for RAG?”Deduplication (near-duplicate detection, not just exact-match string comparison), format normalization (consistent heading structure, standardized metadata fields), and sensitivity classification are the core cleaning steps. Cleaning is necessary but not sufficient. Certification and freshness review are the steps most teams skip — and the ones that determine whether the knowledge base degrades over time.
3. What metadata should I add to documents before embedding?
Permalink to “3. What metadata should I add to documents before embedding?”At minimum: title, owner, domain, sensitivity_label, last_validated_date, source_system. For data assets, add lineage references and business glossary term links. These fields enable filtered retrieval, display provenance to end users, and support the freshness governance loop that keeps the knowledge base accurate past day one.
4. How do you handle sensitive data in an LLM knowledge base?
Permalink to “4. How do you handle sensitive data in an LLM knowledge base?”Classify every document as Public, Internal, Confidential, or Restricted before indexing. Map sensitivity labels to access roles. Inherit controls from source systems where possible. Run quarterly audits for sensitivity label drift. Attempting to manage sensitive data at the vector store layer after indexing is too late — the blast radius of an incorrectly classified document expands at inference time, not at ingestion.
5. Who should own the data preparation process for enterprise RAG?
Permalink to “5. Who should own the data preparation process for enterprise RAG?”Data governance, not the AI team. Domain owners certify accuracy within their content areas. The data governance lead sets the classification policy and freshness tiers. Data engineers build the ingestion pipeline. The most common failure mode is AI teams building knowledge bases over raw document dumps without involving governance — resulting in a corpus that is technically indexed but not trustworthy.
6. How do you keep an LLM knowledge base up to date?
Permalink to “6. How do you keep an LLM knowledge base up to date?”Define freshness tiers by content domain (Legal: 30 days, Product: 60 days, General: 90 days). Monitor source systems for changes and trigger recertification automatically rather than waiting for the scheduled cycle. Surface last_validated_date in retrieval responses so users see how current their answers are. Run a full corpus audit quarterly to catch orphaned documents and expired certifications.
7. Can a data catalog replace a separate data preparation workflow for RAG?
Permalink to “7. Can a data catalog replace a separate data preparation workflow for RAG?”For assets already managed in a data catalog: yes. Classification, deduplication detection, certification, freshness tracking, lineage, and business glossary linkage are core catalog functions. Connecting the catalog’s context layer to your RAG stack via API or MCP eliminates the manual pre-ingestion audit phase for governed assets. The catalog is not a system adjacent to the knowledge base. It is the knowledge base, already prepared.
Share this article
