The requirement for doing an energy review is one of the key clauses of the ISO 50001:2018 energy management system standard.

To conduct an energy review the organization to understand what energy types are being used, which of these are significant, or which are not that significant; relevant variables parameters that might affect the energy use and allows us to consider and prioritize the opportunities that when implemented can help support the achievement of energy objectives. Conducting an energy review is a process by itself, the requirements are thus broken down into energy review inputs, the energy review itself, and energy review outputs.


The first step of the process is to identify your energy types. These might be the use of electricity, mechanical energies, use of natural gas, use of fuel in your vehicle fleet. The organization might obtain a certain percentage of energy from renewable sources, these should be considered at relevant stages.

Once you have identified your energy types you will need to gather consumption data for each process (relevant) to determine past consumption. How far back should you go…? Ideally, you will have 2 years of reliable data for each energy type if possible, however, 6 to 12 months of historical data will help to get you started.

The next stage is to understand the facilities, equipment, machinery, systems or energy-using processes where this energy is being used. This will help to breakdown the data so you can see where the areas of opportunity for improvement may lie.

Energy Review:

Next, after the organization knows about the energy inputs, types, etc, and when the organization has the data you can analyze it to determine consumption trends. We might do a trend analysis. Once we can see the trends we can start to consider those types and variables that may greatly influence energy use, efficiency, and consumption. This may include variables such as external temperature change, shift patterns, production quantity, volumes, occupancy rates, and the expansion of facilities. We must also consider that personnel (internal as well as external) that can have an impact on energy use. This might include management, maintenance staff, operatives or team leaders, suppliers’ personnel, customers, end-users, etc whose decisions may impact consumption.

The Organization must define significant energy uses (SEU’s) The standard ISO 50001 defines these as “energy use accounting for substantial energy consumption and/or offering considerable potential for energy performance improvement.” Noting that significance is logically defined by the organization and can include facilities, systems, processes, or equipment. Once we have defined such energy uses that are deemed “significant” we can start to consider and prioritize the opportunities for improvement. Activities should be undertaken to determine the benefit of implementing the opportunity.

This may relate to without affecting the output, or quality- shall include (ROI), a saving in consumption (kWh), or cost-saving (£ per annum) and will lead to the prioritization of opportunities and a reasonable assessment of expected kWh savings expected for each opportunity.


Here the organization can now finally draw system conclusions and present these in the energy review. This has to be done by the Management at all levels. The requirement to maintain documented information on energy review normally leads to a report being produced. This includes verifications and various validations on energy use and consumption trends and analysis, an estimate (projection) of future energy use, recommendations for improvement, and identified significant energy uses.

In addition to this, the organization needs to identify and define energy performance indicators, energy baselines and energy objectives, targets, and action plans. Defining EnPI’s and EnB’s correctly, and logically (the organization can frame a program for this) is critical to ensuring you can accurately measure and demonstrate improvements in either consumption and/or efficiency.

Once you know which of the selected opportunities has to be implemented, the identified kWh saving expected will inform the targets and action plans, while the identification of significant energy uses will inform the objectives. All of these must be documented, noting consideration and inclusion of those actions to address risks and opportunities identified (See clauses 4.1, 4.2, 6.1 of the ISO 50001 standard)

Finally, you now know what you want to achieve (objectives, targets, and operational action plans) and you can create an energy data collection plan at all levels and processes. These should primarily include monitoring and measuring those relevant variables for SEUs, energy consumption related to SEUs and to the organization, operational criteria related to SEUs, static factors (e.g. Facility location & size; design of installed equipment; the number of weekly shifts; a range of products) and the data specified in action plans.

This shall lead to the creation of a clear measurement plan matrix showing information such as the energy type, specific meters references, frequency of measurement, and the responsibility for undertaking measurement activities.

Ensuring that the energy review is correctly done and is robust and regularly reviewed will provide the basis for an effective EnMS and with top management support (5.1) and the necessary resources (7.1) can drive continual improvement in energy performance for many years to come.

ISO 50001:2018 (SECTION 6.1) SAYS:

  • In the planning process of the ISO 50001 EnMS, the Organization must assess both internal and external factors affecting the ability to achieve the planned results (Chapter 4.1), as well as the legal and other requirements relating to the identified interested parties (Chapter 4.2). The Organization should identify issues, risks, and opportunities to ensure that:
  • Planned results are achieved (including reduction of energy consumption);
  • undesirable effects are being eliminated or reduced;
  • Continuous improvement in energy performance.
  • The Organization must plan for active prevention and use of opportunities, integrate and implement these actions in EMU and processes, and evaluate their effectiveness.



Identification of the actual Context of the Organization will mean identifying the Context for each Process- which means identification of all Internal and External issues.

Identifying relevant appropriate issues and their related risks and opportunities at the energy management planning stage are part of the strategic decision-making process (see Figure 6). In this way, the Organization can anticipate possible scenarios and consequences and prevent or minimize unwanted effects before they occur. Similarly, favorable conditions can be identified and promoted that can bring potential benefits and positive results.

The Organization, with the involvement of Regulatory Bodies (if necessary), can assess potential risks and opportunities and plan actions. For example, there are at least two risks associated with the comfort of the office environment (indoor temperature and air quality, quality of lighting, etc.) – a decrease in productivity due to insufficient work environment comfort and lack of competence/awareness among responsible employees. Thus, it is possible to both improve employee satisfaction (and productivity) and reduce energy consumption by optimizing indoor temperature.

The activities could include, for example, educating employees/improvement of knowledge about thermostat use and efficient space ventilation, checking and/or providing the qualifications of personnel responsible for operating the equipment, the energy efficiency service agreement, conducting energy audits, etc.

The ISO 50001 standard does not specify any specific method for risk and opportunity assessment. There is a possibility to carry out both qualitative or quantitative or mixture risk assessment, eg based on SWOT analysis, Issue Management Matrix, historical data analysis, and discussions with stakeholders, as well as quantitative analysis of the most significant risks, eg in terms of cost. It is important that the identified risks and opportunities are consistent with the municipal energy policy.



The EnMS manual and documents should document and describe the risks and opportunities identified by the Organization as important to its EPS and what will be done to prevent/mitigate the risks and take advantage of the opportunities.

It is advisable to establish a process and procedure that defines in more detail the procedure and responsibilities for conducting this assessment and planning for further action.



  • Evaluate the internal and external issues and context that affect the Organization’s energy performance and the interests of the parties involved. Note the results of an assessment of the current situation to identify existing / potential risks and opportunities.
  • The next step in assessing the current situation is the analysis and prioritization of risks and opportunities into High/Medium/Moderate/Low etc. In the framework of the ISO 50001 EnMS (involving other experts or external experts if necessary), develop a method that will help to assess the significance of each risk. The Organization can either do it through Issue Management Matrix. Describe this process in the procedure. This can be done by defining the effects of each risk/opportunity and assessing through likelihood and severity (eg on a 4-point or 5-point scale). In this way, evaluating the probability and potential impact for each risk (multiplication/joining of two elements) ultimately shows which of the risks should be prioritized and acted upon critically. The higher the score, the more significant and likely the risk factor. Check on each identified risk and / or opportunity to consider actions that will help prevent or reduce the risk. Start with the most critical risks/opportunities.


Areas, where risk appears in the new standard requirements, include:

  • Organizational context: When establishing the context of the organization, issues, etc, ISO 50001 requires companies to identify issues, risks, and opportunities that could impact EnMS objectives. They also need to evaluate the risk of producing nonconforming products, which can vary depending on the type of goods manufactured.
  • Leadership: Organization management must take accountabilities and commit to addressing risks and opportunities that could affect product quality.
  • Planning: This section of the standard requires you to not just identify risks and opportunities from the issues identified earlier, but also create plans for how to address them.
  • Operation: ISO requires you to implement and control the actions (Operational Controls are segregated into Mitigation actions, Contingency Actions, and Strategic Controls) identified during planning steps.
  • Performance evaluation: Here’s where you track, monitor, measure, and analyze the risks and opportunities identified.
  • Improvement: Organizations must make improvements based on any changes in risk.

The new high-level structure for ISO standards is based on the Plan-Do-Check-Act (PDCA) cycle for process improvement, corresponding with proven risk management approaches.


Risk-Based Thinking and Risk Management:

Risk-based thinking aligns so well with risk management, the standard ISO 50001 doesn’t require any sort of risk assessment, nor does it require you to maintain a Risk Register. ISO’s risk-based thinking requirements center on incorporating risk into decision-making, without formalizing exactly how to do it- maybe through a SWOT analysis or through an Issue Management Matrix, etc.

Presumably, it’s because the organization wants to provide more flexibility in how companies across varying industries satisfy the standard requirements. Others will say it was just too big a leap to make risk management approaches a formal requirement for certification. Either way, companies need a way to make a risk part of their ISO 50001 EnMS, and there are several tech tools that can help them get there.


Using Technology to Mitigate Risk:

One of the most important parts of applying risk-based thinking to your Energy management process is to actually make it part of your process rather than a siloed activity. From a tech perspective, this means having risk tools built into your EnMS rather than using a separate point solution or time-consuming manual processes. Key capabilities of risk-enabled Matrix include:

  • Risk Register: You need a centralized place to record and monitor individual issues
    and risk items. Although ISO the ISO 50001 standard does not formally require the
    creation and maintaining of a Risk Register, if the organization maintains, something of this matrix/log/record/evidence, it surely will help the organization to identify and implement several requirements. This Risk register will mean the identification of risks and opportunities also. All the core and support processes need to be included and covered when you are developing a system as per ISO 50001.
  • Flexible risk tools: You should be able to activate risk assessment tools such as a risk matrix or decision tree within any EnMS, from audits to deviations to regulatory compliance tracking.
  • Risk-based Verification and Validation: Identification of Operational Controls (in any form- either be it mitigation actions, contingency actions, or strategic actions, in case of opportunities) and conducting re-Risk Assessment (sometimes also called as finding the Residual Risk). If the Organization, also, includes a risk-based final verification/validation/check step for stages like Identification and implementation of corrective actions greatly help during the overall system’s Energy Management performance assessment/evaluation and improvement modules.

In conclusion, the most important way you can use technology to do ISO 50001 Energy Management risk management is through adopting automation modules. Creating automated risk management processes ensure nothing is non-conforming and breaks through the cracks, giving you a documented historical information and data to turn to, when required- Organizational knowledge.


Read Latest Blogs

How to find the best ISO Consultant for ISO Certification?

How can my company grow with an ISO Certification?

How to get ISO Certification in new Mumbai, Thane, Pune

close slider

* Required