Implementing management and control of EnMS information involves two tasks:

• 3.3.1 Define and implement document controls
• 3.3.2 Define and implement controls for records

Documents and records are controlled separately under different sets of requirements in ISO 50001-2011. The best approach to implementing both sets of these requirements is to keep it simple. Document control and records control systems do not need to be complicated to be effective. Keeping the controls simple not only makes implementation easier, but can reduce the amount of resources required to maintain the controls over time.

3.3.1 Define and implement document controls

It is important that personnel have the documents needed to perform their assigned responsibilities appropriately. There are two categories of documents:

• Internal Documents: Internal documents are documents generated by the organization. Some examples of internal documents are:
  • EnMS scope and boundaries statement
  • Energy policy
  • Prioritized energy performance improvement opportunities
  • Energy management action plans
  • Methodology and criteria used to develop the energy review
  • Methodology for determining and updating the EnPIs
  • Internal audit procedure
• External Documents: Often documents that are necessary for the planning and operation of an EnMS are generated outside the organization. These documents are called "external documents." Examples include:
  • Ordinances, laws, regulations
  • Standards such as industry standards or ISO 50001
  • Building codes
  • Equipment manuals

Start by determining how your organization currently manages documents. If there is already a formal process in place, then it makes sense (and is likely necessary) to follow that process, making modifications as needed for the EnMS.

The document control system needs to define:

• How documents are identified (i.e. How can you tell what each document is and what activities relates to?)
• Who is authorized to approve documents? What is the process for approval? What is the record of approval?
• How documents are reviewed periodically and maintained to stay up to date
• How changes and the revision status are identified
• How legibility is maintained
• Where documents are available and how their distribution is controlled
• How obsolete documents are removed or identified to prevent unintended use

The Checklist of Document Control Basics helps you assess whether your existing document control system addresses the ISO 50001 requirements for control of documents. If you do not have an existing system, this checklist can be used to identify the features that will need to be addressed as you develop your processes for controlling EnMS documents.

A useful tool for setting out the controls for EnMS documents is the EnMS Document Control Index. It provides a "one-stop shop" for defining the controls associated with each document type. Let’s take a closer look at the controls that must be defined and implemented to manage EnMS documents:

Assigned Responsibilities: Designating a Documents Coordinator/Manager as a central point of control for EnMS documents is an approach often used to ensure that documents contain the required features. Then, for each document in the EnMS, a document owner and a document approver are assigned. If a Document Coordinator/Manager is not an option, then the document owners are assigned the additional responsibility of ensuring the appropriate controls are applied to the documents. In some cases, it is the management representative who functions as the point of control and assigns document owners and document approvers.

Responsibilities are as follows:

Document Owner – Responsible for the content of the document, including the periodic review and updating. Note: Document owners are assigned for both internal and external documents. The document owner of an external document is responsible for determining the applicability of the document to your organization.

Document Approver – Authorized to approve the content of the document.

Document Coordinator/Manager – Responsible for ensuring the appropriate controls are applied to documents, including the removal/identification of obsolete documents

Identification: Next, decide what specific features will be used to identify the different types of EnMS documents. Not all documents need to be identified in the same way. An example of how one organization chose to identify their documents is below.

In this example, XYZ Company created a table to identify the different types of documents in their EnMS. These included an energy manual, EnMS procedures, work instructions, blank forms, plans and programs, external documents and training videos. Then, for each type of document, the relevant controls were identified. Title and issue/revision date were applied to all document types, while document numbers were only applied to the energy manual and the procedures and work instructions.

Approval: After the controls for document identification are defined, the process for approving documents needs to be developed. Not all documents should be approved by the same positions. Documents should be approved by those positions that are responsible for the policies, decisions, or actions described in the document. Avoid having too many levels of approval. This can complicate the document control system and hamper its efficiency.

Some organizations still use hand signatures as evidence of approval, but many others now manage their documentation electronically. A typical process is to upload an electronic document into a workflow that sends the document to each person responsible for approval. Upon receipt of the document, the person indicates approval or rejection. If rejected, the workflow sends the document back to the owner for resolution of the issue. If approved, the document is electronically distributed to the appropriate locations.

Updating: Next, the process for keeping documents up to date needs to be defined. Reasons for revising or updating documents may be a result of:

• Changes to facilities, equipment, systems or processes;
• Internal audits;
• Corrective actions or preventive actions;
• Management review;
• Periodic reviews conducted to ensure that the information is still accurate, adequate and relevant; or
• Revision of an external document.

A document owner is responsible for ensuring that his or her assigned documents are kept up to date. The owner is also responsible for performing a periodic review of each assigned document and ensuring it is revised as needed.

A part of updating documents involves identifying for the user any changes that were made and ensuring that the revision status is updated. Many organizations use a "Revision History Table" at the end of a document to indicate a revision date and summarize the changes made. Other approaches include highlighting or underlining the revisions, or using training to identify and review the modifications.

Legibility: A requirement that appears obvious, but is often misunderstood is that of ensuring documents are legible. You would think that in the electronic world of today where we have very few paper copies that can deteriorate, legibility would be a disappearing issue. However, the reverse is true. In our world of electronics, we are more likely to store documents electronically and in a few years change our software to where we can no longer read the files. It is the document owner’s responsibility to ensure documents are maintained as readable over time.

Availability: Documents must be made available at the locations where they are needed. More and more organizations are using electronic documents, but some are still using paper copies. Current documents must be available at points of use and obsolete ones shall be removed or otherwise identified to prevent unintended use.

For organizations using electronic documents, ensuring that the proper information is located where it is needed is typically a matter of ensuring computer access to the appropriate personnel in those areas. Removal from points of use would mean making the documents unavailable or inaccessible through the computer.

Organizations using print documents will need to identify and control a specific number of copies which are then physically located at the appropriate points of use. Removal from points of use would involve physically removing the documents from the specific areas where they are located. In either case, controls must be in place to ensure that document locations are known.

The Example EnMS Document Control Index illustrates how the controls can be defined for the various documents in the EnMS. After all the controls for documents are defined and the process developed for applying the controls, ensure that they are communicated to the appropriate personnel. If this level of document control is new to the organization, consider providing training to supplement the communication.

3.3.2 Define and implement controls for records

A record is a "snapshot in time", providing information about the past. Records are needed to demonstrate conformance to ISO 50001 and the requirements of your EnMS. Records are needed to determine the effectiveness of the EnMS. They provide evidence of:

• Activities performed, and
• Results achieved, including improvements in energy performance.

Records can take many forms. They may be paper or microfiche stored in filing cabinets, or electronic files stored on networks, individual computers, CDs, or other long term storage media. Regardless of their media, controls are needed to ensure that records:

• Remain identifiable,
• Can be traced to the activity performed,
• Are retained for the necessary timeframe, and
• Are retrievable and legible.

Identifiable and traceable: It must be clear what the record is and to what activities or operations it is related. For example, ensuring that a record is dated and has a clearly stated title or subject that matches with its content is a common way to identify records and have them traceable to the activity involved.

Retained for the necessary timeframe: Records must be retained for specified periods of time. For each type of record, define a minimum retention time. Record retention times may be different for different types of records. Organizational or company record retention policies, legal requirements and business needs should be taken into consideration when defining retention times.

Legible and retrievable: Records must remain readable and be able to be located. If the records are electronic, a process should be in place to maintain the equipment, operating system, and software to ensure the record can be read during its retention period. Paper should be stored such that the text will not fade away or the paper deteriorates to the point that it is unusable.

Some form of an EnMS Records Control Index can be helpful for defining the controls for records and assigning responsibilities. Clearly defined responsibilities are critical to effective record control. An Example EnMS Records Index illustrates how the form can be completed.

These implementation resources can help you define and implement controls for managing EnMS documents and records:

• Checklist of Document Control Basics
• EnMS Document Control Index
• Example EnMS Document Control Index
• EnMS Records Control Index
• Example EnMS Records Control Index

The following implementation resources provide the information needed to understand EnMS documentation and decide what documents and records are needed for your EnMS. Users should review this information prior to starting Step 3.3:

• Understanding EnMS Documentation
• EnMS Documentation Guidance Table
• Energy Manual Guidelines

The following resource is primarily designed for organizations that plan to seek third-party certification to ISO 50001-2011. It helps you understand how to check and use the evidence from your EnMS to demonstrate the implementation of the system (you are doing what you say), and the effectiveness of the system in generating the intended results (what you are doing is working).

• EnMS Records: Check and Use the Evidence