A contract review SOP (Standard Operating Procedure) is the documented, repeatable process Legal Ops uses to triage and review every contract that hits the queue — what gets self-served, what gets a paralegal, what gets an attorney, and what gets escalated to outside counsel. Without an SOP, every contract is treated the same, which means routine NDAs absorb senior-attorney time and complex MSAs get rushed.
The four-tier triage model
Most mature in-house teams sort contracts into four tiers by risk and complexity:
| Tier | Definition | Reviewer | SLA |
|---|---|---|---|
| 1 | Standard NDA, standard order form, mutual standard MSA | Self-serve via Spellbook / LawGeex auto-approve | Same day |
| 2 | Vendor MSA under $50K, standard DPA, employment offer | Paralegal or contract manager | 2 business days |
| 3 | Vendor MSA $50K-$500K, partnership agreement, custom MSA | In-house attorney | 5 business days |
| 4 | Strategic deal, M&A, regulatory matter, litigation | Senior in-house + outside counsel | Per matter |
Thresholds vary by industry. Healthcare and financial services tend to push more contracts up-tier because of compliance overlay; SaaS companies push more down-tier as AI handles the routine end.
What goes in the SOP document
A working contract review SOP runs 5-15 pages and covers:
- Triage rules. What goes in each tier, who decides, what overrides exist.
- Intake forms by contract type. Different fields for NDA vs MSA vs vendor agreement; minimum information required before legal touches the request.
- Playbook positions per contract type. Acceptable, fallback, and walk-away positions on each material clause (liability cap, indemnification, IP ownership, governing law, term, auto-renewal).
- Approval matrix. Who signs off at what dollar threshold, what risk threshold, what term length.
- Escalation paths. When to escalate to GC, when to engage outside counsel, what triggers a deal review.
- AI policy. What contract types AI is authorized to review autonomously, what review AI assists but does not decide, what stays fully human.
How to operationalize
- Encode in the CLM. The intake form, the routing rules, and the approval matrix all live in Ironclad, Agiloft, or whichever CLM the team runs. Paper SOP without system enforcement is theater.
- Train the AI tools on the playbook. Whether you’re using Spellbook, LawGeex, or BlackBoiler, the AI’s redline output should reflect the SOP’s playbook positions. Update both together when positions change.
- Audit weekly. Sample 10-20 closed contracts each week and verify the right tier, the right reviewer, the right approval. Surface drift in the staff meeting.
- Version the SOP. Treat it like product code: version, changelog, owner. When a position changes (new liability cap, new walk-away position), bump the version and re-train the AI tools.
Common pitfalls
- No tier 1. Teams that don’t define what counts as truly routine end up reviewing every contract by an attorney. Aggressive tier 1 definitions are the single biggest cycle-time win.
- Playbook positions that don’t match outside counsel’s positions. When a contract escalates, outside counsel pushes for terms different from the playbook, undermining the in-house team’s negotiating position. Sync playbooks with outside counsel quarterly.
- AI tools and SOP drift apart. The CLM’s AI suggests positions A, B, C; the playbook says A, B, D. Lawyers learn to ignore the AI. Treat AI configuration as part of the SOP itself.
- No escalation triggers. Without explicit “escalate to GC if X” rules, escalations happen by lawyer comfort level, which is inconsistent.
Related
- NDA playbook — the most common Tier 1 SOP
- MSA redlining rubric — Tier 2-3 contract review depth
- Contract lifecycle management — the system that enforces the SOP
- What is Legal Ops? — the function that owns SOP design