advanta

HomeModule LibrarySustaining

Module SUS-10 sigil: Sustaining pillar, Strategy layer, maturity bands 1 to 3.Deterministic sigil for Module SUS-10. The Pillar geometry encodes Sustaining (Pillar 8); the top-right marker S encodes the Strategy layer; the baseline meter encodes maturity bands 1 to 3.SSUS-10
P8· L-G· Bands OperationalIntegratedOptimisedDefensible

· SUS-10

Capability Portfolio Architecture

The Capability Portfolio Architecture defines how the firm tracks the operational AI capabilities it owns — not the tools, but the capabilities those tools enable. It distinguishes core capabilities (must own), differentiating capabilities (worth investing in to lead), and commodity capabilities (acquire at market). For each capability the Portfolio records the supporting Module, the deployment maturity, and the strategic posture (build, partner, buy, sunset). Without this view, AI investment fragments into tool-by-tool decisions and the firm cannot articulate its operational capability stack to the Board. Methodology v2026.1.

Operational

·

Quarterly

·

2 hours first run; 30 minutes quarterly refresh

Methodology v2026.1

Executive Summary

The Capability Portfolio is the master register of every AI capability the function operates, classified by its current Lifecycle stage. One row per system: capability name, vendor, Agentic Tier, current stage (Concept / Build / Deploy / Operate / Sunset), next gate evidence status, accountable owner, primary Risk Class, and next review date. The portfolio serves two governance functions. First, stage-balance review: a function with twelve capabilities in Operate and none approaching Sunset is over-extended; one with eight in Concept and two in Operate is not harvesting investment. Second, the portfolio feeds the one-page Defensibility Posture Statement — the capability list, classified by stage, is a required element of the Statement. Refresh at each Governance Cadence review (quarterly). Decommission entries at Sunset with a post-mortem link.

Defensibility Evidence Produced

The Capability Portfolio, when current and accurate, is evidence for Defensibility Element 4 (Governance posture): it demonstrates the Capability Portfolio is classified by Lifecycle stage — the canonical third governance element. It also drives the one-page Defensibility Posture Statement, which is the primary board- and regulator-facing evidence of the overall Defensibility posture.

Elements:

Methodology transparencyGovernance posture

The operational problem

The General Counsel is asked at every Board meeting: what AI does the function operate? The institutional answer should be a one-page list — capability by capability, classified by Lifecycle stage, with named accountable owner and current performance status. In most functions today the answer is reconstructed from procurement records, vendor contracts, and the founder’s memory.

A function that cannot answer that question at any cadence — quarterly to the Audit Committee, annually to the Board, on demand to the regulator — does not have a portfolio view of its AI capability. It has a vendor inventory dressed as governance.

The Capability Portfolio Architecture is the master register that produces the institutional answer. It distinguishes capabilities (what the function operates) from tools (what the function bought). It records the Lifecycle stage per capability (Concept / Build / Deploy / Operate / Sunset) so that the GC can see at a glance whether the portfolio is balanced or over-extended. Without it, AI investment fragments into tool-by-tool decisions and the function cannot articulate its operational stack to anyone outside the practice group that operates each tool.

Legal AI OS Relevance

The Capability Portfolio Architecture sits at the intersection of Pillar P8 (Sustaining, Optimization & Lifecycle) and the Governance Layer (Layer G). It produces evidence for two Defensibility Elements:

  • DE-2 Methodology transparency — the portfolio’s structure and population discipline evidence a documented capability-management methodology
  • DE-4 Governance posture — the capability list classified by Lifecycle stage is a required element of the Defensibility Posture Statement at the institutional level

Anchoring to Bands 2, 3, 4, and 5 (Operational → Integrated → Optimised → Defensible), the Module is the situational-awareness instrument at Band 2 (capability count visible), the strategic posture at Band 3 (capability classified by stage), the optimised portfolio at Band 4 (stage-balance review at quarterly cadence), and the institutional portfolio at Band 5 (integrated with Evidence Register, Delegation-Authority Register, and Materiality Calibration). Methodology v2026.1.

Pillar Alignment

Pillar 8 (Sustaining, Optimization & Lifecycle) is the institutional capability that holds AI accountable through its full Lifecycle, not only through procurement and deployment. The Capability Portfolio is the Pillar-8 instrument that makes Lifecycle visible at the institutional level.

The Pillar 8 posture this Module advances: from tool inventory at the practice-group level to capability portfolio classified by Lifecycle stage, refreshed quarterly, signed by GC.

Operating Layer Impact

The Governance Layer (Layer G) is the institutional substrate; the Capability Portfolio is the substrate’s institutional inventory. The Strategy Layer (S) writes Concept-stage capabilities into the portfolio; the Execution Layer (E) advances them through Build to Deploy to Operate; the Optimisation Layer (O) drives Sunset decisions; the Measurement Layer (M) reports performance per capability against the portfolio’s stage classification.

Without the Capability Portfolio, every other Layer operates against a fragmented capability view.

Maturity Band Relevance

The Module strengthens the Sophistication and Defensibility lenses of the Maturity Stack.

From Band

To Band

Sophistication-lens shift

Defensibility-lens shift

2 — Operational

3 — Integrated

Capability count visible → capability classified by Lifecycle stage

Capability list visible → list feeds DPS Element 4

3 — Integrated

4 — Optimised

Stage classification → quarterly stage-balance review with over-extension flags

List feeds DPS → portfolio operated at quarterly cadence with audit-readiness scoring

4 — Optimised

5 — Defensible

Stage-balance review → integrated with Evidence Register and Delegation-Authority Register

Portfolio cadence → portfolio audit-attested annually

5 — Defensible

(sustaining)

Portfolio durable across capability churn; succession-of-ownership documented

Portfolio is the institutional inventory of record

Functions at Band 2 typically operate a flat capability register. Band 3+ functions operate the stage-classified register at quarterly cadence. Band 5 functions integrate the portfolio with GOV-13, GOV-14, GOV-16, and the AI Lifecycle (LIF-01 through LIF-05) Modules.

Operational Outcomes

Operating the Architecture produces five institutional artefacts:

Artefact

Purpose

DPS evidence stream

Capability Portfolio register — current stage per capability

The institutional inventory of operational AI capability

DE-2 + DE-4 (primary)

Stage-balance review summary — over-extension / stagnation flags

The strategic posture indicator

DE-4

DPS capability list by stage

Required element of the Statement at the institutional level

DE-4 (primary)

Trigger list for GOV-14 (Tier 3+ capabilities requiring Delegation-Authority entries)

The accountability gate at the portfolio level

DE-1

Sunset candidate list for Governance Cadence agenda

The Optimisation Layer input

DE-5

Records retain for the regulatory limitation period plus the lifecycle of every capability referenced.

Defensibility and Governance Considerations

The Module produces evidence for DE-2 (Methodology transparency) and DE-4 (Governance posture). The DE-4 production is canonical — the capability list classified by Lifecycle stage is a required element of the Defensibility Posture Statement at the institutional level.

All nine Risk Taxonomy 2026 classes appear at the portfolio level; the portfolio is the institutional view from which class exposure is aggregated across capabilities.

For Tier 3+ capability the portfolio entry requires:

  • The Tier classification (Tier 3 Workflow operator or Tier 4 Autonomous agent)
  • The linkage to the Delegation-Authority Register (GOV-14) entry
  • The linkage to the Materiality Calibration (GOV-16) register
  • The Evidence Register (GOV-13) cross-reference for each Risk Class row
  • The Agentic Governance Charter (GOV-08) where applicable

For Sunset-stage capability:

  • The decommission record with date and rationale
  • The post-mortem linked from the Capability Portfolio entry
  • The Evidence Register archive entry per GOV-13
  • The Delegation-Authority Register archive per GOV-14

The editorial-independence attestation applies — the Module makes no vendor-specific recommendations.

Institutional Use Cases

Use case 1 — A 14-partner firm at Band 2 standing up Portfolio. The firm has 4 AI capabilities (3 vendor tools + 1 in-house workflow). Portfolio v1.0 records 4 entries: 2 in Operate (contract review, research augmentation); 1 in Deploy (eDiscovery); 1 in Concept (transcription). Stage-balance review: appropriate for the firm’s scale; no over-extension; one Concept-stage entry approaching Build gate. The portfolio is the first institutional view of the firm’s AI capability the GC has held.

Use case 2 — A 200-lawyer in-house function at Band 3 operating Portfolio. The function has 9 capabilities. Stage-balance: 6 in Operate, 1 in Deploy, 1 in Build, 1 in Sunset. The Sunset entry triggers a post-mortem at the next Governance Cadence (GOV-15) Sunset session; the post-mortem record is linked from the portfolio entry; the Evidence Register and Delegation-Authority Register archive entries are completed. The portfolio’s quarterly refresh delta is reported to the Audit Committee.

Use case 3 — A global energy GC office at Band 5 operating Portfolio across 18 capabilities. Portfolio entries integrated with GOV-13 (Evidence Register), GOV-14 (Delegation-Authority), GOV-16 (Materiality Calibration), and GOV-08 (Agentic Governance Charter for the 3 Tier-4 capabilities). Annual external attestation samples 3 portfolio entries and verifies each against the integrated artefacts. The Audit Committee reviews the portfolio refresh delta quarterly; the Board sees the portfolio annually.

Recommended Stakeholders

RACI role

Stakeholders

Owner

General Counsel

Approvers

General Counsel · AI Task Force Chair

Contributors

Legal Operations · Finance Partner

Informed

Board · CIO / CISO · Risk and Compliance

The GC signs the quarterly portfolio refresh. The AI Task Force Chair (per STR-07) operates the quarterly stage-balance review at the standing cadence. Finance Partner contributes to the resource-intensity column for each capability.

Implementation Complexity

Dimension

Specification

First run

2 hours

Quarterly refresh

30 minutes

Cross-team dependencies

IT (system list reconciliation) · Procurement (vendor list reconciliation) · Practice Groups (capability ownership)

Self-serve viability

Yes — template-driven

Advisory recommendation

Strategic Retainer for functions operating ≥5 capabilities with Tier 3+ mix

The Module is methodology-versioned (v2026.1); each entry’s last refresh date is the operating telemetry.

Inputs

Input

Source

AI system inventory (current)

IT + Procurement

Lifecycle stage per capability

Last Governance Cadence (GOV-15) review

Agentic Tier classification per capability

STR-07 + GOV-08 where applicable

Accountable owner per capability

RACI

Evidence Register status

GOV-13

Gate evidence from Build approvals and Deploy authorisations

GOV-15 stage-gate sessions

Framework — the Portfolio

Entry structure

The canonical structure is one entry per capability. Each entry holds:

Column

Content

Source

Capability name

Canonical name (not vendor product name)

Standardised

Vendor (or in-house)

The supplier or development source

IT

Tier classification

Tier 1 / 2 / 3 / 4

STR-07

Current stage

Concept / Build / Deploy / Operate / Sunset

Governance Cadence record

Next gate evidence

What is required at the next stage gate

Stage-gate template

Accountable owner

Named individual + role

RACI

Primary Risk Class

The class with highest exposure for this capability

GOV-03 + risk assessment

Last refresh

Date of the most recent portfolio entry review

Operating

Next review

Quarterly cadence date

Operating

GOV-14 cross-reference

Delegation-Authority entry ID (Tier 3+ only)

GOV-14

GOV-13 cross-reference

Evidence Register rows

GOV-13

GOV-16 cross-reference

Materiality Calibration rows

GOV-16

GOV-08 cross-reference

Agentic Governance Charter (Tier 4 only)

GOV-08

Stage taxonomy

Stage

Definition

Typical duration

Concept

Capability proposed; Concept-stage gate decision pending

2–8 weeks

Build

Capability authorised for build; Build-stage gate pending

4–16 weeks

Deploy

Capability authorised for deployment; Deploy-stage gate pending

2–8 weeks

Operate

Capability in operational use; quarterly review cadence

18 months – 5 years typical

Sunset

Capability flagged for decommission; Sunset closure pending

1–6 months

Stage-balance review

The quarterly portfolio review flags two patterns:

Pattern

Definition

Action

Over-extension

More capabilities in Build + Deploy than the function’s operational capacity to bring through to Operate

Pause Concept-stage gate decisions until backlog clears

Stagnation

Capabilities in Concept or Build > 6 months without gate decision

Force a Concept / Build gate decision at next Cadence

Excessive Operate-stage age

Capability in Operate > 5 years without Sunset review

Trigger Sunset review at next Cadence

Tier-mix imbalance

Tier 4 capability count > Tier 3 count without proportionate Agentic Governance

Trigger AI Task Force review of Agentic posture

Quarterly refresh discipline

Activity

Output

Per-entry stage validation

Stage advanced since last quarter? Stage gate decision recorded?

Per-entry accountable-owner validation

Owner in role? Transition documented?

New-capability entries added (Concept stage)

New entries with Concept-stage gate scheduled

Stage-advanced entries updated

Stage moved; gate evidence recorded; next gate listed

Sunset entries closed

Decommission record completed; cross-references archived

Stage-balance summary compiled

Over-extension / stagnation / age flags for Cadence agenda

Portfolio published to AI Task Force + Audit Committee

Quarterly summary distribution

Worked Example

A 200-lawyer in-house function at Band 3 stands up the portfolio in the canonical 2-hour first run.

Activity

Output

Step 1 — IT + Procurement reconcile system list against the AI BoM

Reconciled inventory: 9 capabilities

Step 2 — Per-capability entry: name, vendor, Tier, current stage, accountable owner

9 portfolio entries v0.1

Step 3 — Per-capability Risk Class assessment; primary Risk Class column populated

Risk Class per entry

Step 4 — Cross-references populated (GOV-13, GOV-14, GOV-16 for Tier 3+ entries)

Integrated portfolio v1.0

Step 5 — Stage-balance review at first Governance Cadence: 6 Operate, 1 Deploy, 1 Build, 1 Concept, 0 Sunset

Stage-balance summary v1.0

Step 6 — Portfolio signed by GC; distributed to AI Task Force and Audit Committee

Portfolio v1.0 ratified

Quarterly refresh at quarter +1: 7 Operate (Deploy capability moved through Deploy gate); 1 Build (Concept entry passed Concept gate); 1 Sunset (one Operate capability flagged for decommission after 4 years). Stage-balance: appropriate; one Sunset to close at next quarter.

Common Failure Modes

Failure mode

Detection signal

Recovery

Capability deployed without portfolio entry

AI BoM has system n+1; portfolio has n entries

Bind portfolio update to AI BoM cadence

Stage classification stale

Entry shows “Build” but capability has been operational for two quarters

Bind stage advancement to GOV-15 stage-gate session

Accountable owner named but not in role

Role turnover loses owner trace

Bind portfolio updates to HR change-notice cadence

Cross-references absent for Tier 3+ entries

Entry shows Tier 3+ but no GOV-14 / GOV-16 cross-ref

Treat as deployment block until populated

Stage-balance review skipped

Quarterly refresh logged but no balance summary produced

Standing Cadence agenda item; produce or document non-production

Sunset entries lingering

Capability flagged Sunset > 6 months ago; no closure

Bind to next Sunset session per GOV-15

Portfolio not published to Audit Committee

Quarterly refresh complete; no distribution

Standing distribution list; quarterly publication verified

Tier-mix imbalance unaddressed

Tier 4 count grows without Agentic Governance proportionate response

Trigger AI Task Force review at next quarterly

Edge Cases

The Module does not apply when:

  • The function operates no AI capability — no portfolio to maintain; the portfolio activates with the first capability
  • The function operates under a parent organisation’s enterprise-wide capability portfolio — the Module produces sub-entries that roll up to the parent’s portfolio
  • The function is at Band 1 — establish GOV-01 + STR-07 first; the portfolio activates at Band 2
  • The function operates a federated structure with sub-portfolios per entity — the Module operates at the entity level with a federated quarterly roll-up
  • The function uses a vendor-provided portfolio register that does not honour the five-stage Lifecycle — adapt the vendor register to the canonical structure or maintain the portfolio in parallel until the vendor catches up

Operational Signals

sus-10.portfolio-currency

Defensibility Posture Statement

Proportion of capabilities with current posture review — DE-2 Methodology transparency record.

Quarterly

sus-10.posture-shift-rate

Annual Legal AI OS Index

Rate of capability posture transitions (build/buy/partner/sunset) feeds the Annual Legal AI OS Index strategic-evolution signal.

Quarterly

sus-10.capability-coverage

Console

Module coverage against canonical capability list for Console intelligence substrate.

On change

Recommended Stakeholders

Owner

  • General Counsel

Approvers

  • General Counsel
  • AI Task Force Chair

Contributors

  • Head of Legal Operations
  • Finance Partner

Informed

  • Board
  • CIO / CISO
  • Risk & Compliance

Inputs · Outputs

Inputs

  • · AI system inventory (current)
  • · Lifecycle stage per capability (from last Governance Cadence review)
  • · Agentic Tier classification per capability
  • · Accountable owner per capability
  • · Evidence Register status (GOV-13)
  • · Gate evidence from Build approvals and Deploy authorizations

Outputs

  • · Capability Portfolio register — current stage per capability
  • · Stage-balance review summary (over-extension / stagnation flags)
  • · DPS input: capability list by stage (required element)
  • · Trigger list for GOV-14 (Tier 3+ capabilities requiring Delegation-Authority entries)
  • · Sunset candidate list for Governance Cadence agenda

Diagnostic Relevance

Maintaining the Capability Portfolio Architecture strengthens the Sophistication lens — expected Band progression: Integrated → Optimised.

Confidence: medium

Key Takeaways

  • Register every AI capability the function operates — one row per system

  • Record current Lifecycle stage and next gate evidence status per capability

  • Run stage-balance review: flag over-extension and stagnation patterns

  • Feed the capability list — classified by stage — to the Defensibility Posture Statement

  • Refresh at every Governance Cadence review (quarterly minimum)

  • Decommission entries at Sunset with post-mortem record linked

  • Use Agentic Tier column to identify which capabilities require GOV-14 and GOV-16

Run this Module via advisory

This Module is operated within Advanta advisory engagements. Methodology v2026.1.

View Engagement Models

Targeting

Audience

GC / CLOLegal OperationsRisk & Compliance

Strengthens

Sophistication lensDefensibility lens

Module Details

Format
Module
Difficulty
Operational
Pillar
P8
Owner
General Counsel
Access
Practitioner Membership
Certification
Practitioner

Maturity Bands

OperationalIntegratedOptimisedDefensible

Where this Module lives

The Capability Portfolio is the strategic frame above tool-level decisions. It consumes signals from every Operational Module deployment and feeds Board AI Reporting (MAT-06), the Annual Legal AI OS Index, and Technology Sunsetting decisions (SUS-06). The Module produces DE-2 (Methodology transparency) and DE-4 (Governance posture) records into the DPS. Without it, the firm cannot describe what it actually does versus what tools it owns.

Advisory

When this Module sits inside a Programme.

Modules are operated in-house by GC and Legal Operations teams. When the capability transformation is multi-Pillar — or when the regulator timeline tightens — Advanta operates the canonical Module sequence as a Programme.