Permits and Licenses Registry: how to keep track

Why you need a registry and what problem it solves

When permits, licenses and clearances are scattered across lawyers’ folders, H&S spreadsheets and maintenance emails, a company quickly loses control. At some point you discover a document has already expired, renewal wasn't started, or the document exists but can't be shown quickly to an inspector.

A permits and licenses registry brings three things together: deadlines, responsibility and context. It's important to see not only the expiry date but also where the document is required: a specific site, room, server room, lab, transport, contractor or type of work. Without linking to objects it’s easy to "renew the wrong thing" or miss the place where the license is needed right now.

A separate issue is a "critical expiry." This is not just an expired document but a situation that can halt work, derail a delivery, cause a fine or ban operation. If entry to a site or performing a particular task is impossible without a valid permit, one day of expiry can already be critical.

Usually many roles are involved, and the registry helps them work in sync: legal (licenses, contract requirements, inspections), H&S (permits, trainings, medical checks, logs), maintenance and operations (sites, equipment, contractors), procurement and tenders (supplier requirements and confirmations).

Instead of "searching through messages" you get clear control: what is ending, where it matters, who is responsible and what must be attached as proof.

What to include in the registry: document types

The registry only works if it contains the full set of documents without which the company cannot lawfully operate, participate in tenders or run sites. Start not with a table form but with the question: what might be requested during an inspection and what blocks work if expired.

Typically the registry includes not only “licenses” in the narrow sense but all documents that confirm the right to perform work, operate equipment or use premises as intended. Most often these are:

• licenses and permits (for activities, operation, storage, transport);
• certificates, approvals, expert conclusions and test results (including industrial safety and occupational health);
• personnel certifications and IDs if people cannot be admitted to work without them;
• site documents (buildings, branches, warehouses, medical rooms, labs) linked to address and owner;
• critical contracts and policies if without them you cannot get site access or pass an audit.

It’s important to separate documents by "scope of application." Some apply to the company as a whole (e.g., activity license), others to a specific site (a permit for a medical room at a particular branch), others to equipment or a type of work (lifts, boilers, X‑ray, access control). This prevents confusing deadlines and responsible persons.

Example: a company has a warehouse and an office in different cities. The warehouse requires separate acts and conclusions while the office does not. If you keep everything in one list without site linking, you may miss renewing the warehouse document even though the company‑level view looks fine.

Document card: required fields and statuses

For the registry to be useful, each document must have a clear card so it’s obvious what the permit is, who is responsible, where it applies and when to renew.

Required fields in the card

Start with fields that are essential to control deadlines and responsibility. Don’t overload the database; add other fields as needed.

• Document name and issuing authority (who issued it and where to go for renewal).
• Details: number, issue date, validity period (end date), renewal frequency.
• Scope of application: what it covers (activity type, category, restrictions).
• Responsible parties: owner (who ensures availability) and executor (who prepares renewal).
• Link to place and context: site, address, division, area or specific asset.

It’s also useful to record contact details of the authority/portal and a short renewal scenario: which documents are usually required and which steps are faster. This helps when staff change.

Statuses: how to reflect the document’s real life

Status should reflect the document’s condition and suggest the next action. Use common statuses across the company and don’t let them replace the question "is it about to expire?"

Basic set:

• Active
• Renewal in progress (package being prepared or application submitted)
• Suspended
• Annulled

Example: a license is valid until 2026‑06‑30, the executor started collecting documents on 2026‑05‑15 — the status switches to “renewal in progress.” If the regulator has suspended the license, the status “suspended” should immediately trigger an internal check: where and what cannot be done on the site.

To prevent the card from becoming "a table for the sake of a table," add a "criticality" field (high/medium/low) and a rule for status updates: who must change the status and within what time after each event (submission, request for additional information, receipt of a decision).

Linking to sites and assets: keeping context

The same document often applies to a specific place or asset rather than to the whole company. If this is not recorded, you may miss renewing for a needed site or renew something that’s no longer used.

It’s convenient to create a single directory of sites and choose from the list instead of typing names. That prevents "Almaty office", "Office Almaty" and "Almaty, main" appearing as separate entities.

How to set up linking

Start with a simple hierarchy and use it in all cards. For example: company → region → branch → site → room/zone. In the card store not only the address but also an object code (internal ID) so renames don’t break tracking.

Sometimes a permit applies to several sites. Then you need a one‑to‑many link with a clear note: is this a common document or a separate package per site. Otherwise it’s hard to explain during an inspection why one number "covers" several addresses.

Linking to assets and changes

Some requirements depend on equipment or the type of work. Link the document to an asset (inventory number, model, serial number) or to a work category. This shows what specifically enforces the requirement.

To keep context during changes, set rules for typical events:

• relocation: close the old link with a date and create a new one for the new site;
• change of owner/tenant: check whether the document transfers and record the basis;
• reconstruction: update object parameters (area, purpose, zone) and review required documents;
• decommissioning equipment: remove the link to the asset and note the reason;
• site merge/split: update the object directory and reassign documents in bulk.

Example: a branch network has a shared maintenance contract, but test reports refer to a specific server room and UPS. If the registry links both to site and asset, it’s clear what to change when the server room moves or equipment is replaced.

Renewal notifications: rules, frequency, recipients

Notifications work only if they follow rules. Principle: reminders should arrive early enough, repeat at the right frequency and go to the whole chain of responsibility.

Timing rules: early, working, urgent

Keep three reminder levels. Early gives time to collect documents and pay fees. Working helps the task not get lost. Urgent signals risk of work stop or fine.

Common intervals (adjust by document type):

• 90‑60‑30 days before expiry (licenses, accreditations, lengthy procedures);
• 45‑20‑10 days (contracts with fast reissuance, one‑time permits);
• 14‑7‑1 day (a last‑minute safety net when the date is close).

For example, if a site operation permit expires on June 30, an early notice goes on April 1, a working notice on May 1 and an urgent notice on May 31. Then short reminders at 14, 7 and 1 day follow if the status doesn’t change.

Who to notify and how to record “renewal started”

Set recipients by roles: executor (prepares the package), document owner (division), owner’s manager (for control) and a backup contact (for vacations/turnover). Then a reminder won’t get stuck on one person.

Introduce a rule “renewal started.” This is a status set only with proof: incoming letter number from the authority, payment receipt, scan of the submitted application, appointment ticket, or contractor confirmation. “We’re working on it” without evidence does not count.

Keep a notification log: date and level, who was notified, who confirmed receipt, status at time of sending and where the proof is stored (file or registration number). This shows whether failures are in timing, execution or communication.

Controlling critical expiries and escalation

A normal expiry is unpleasant, but a critical one can stop work, cause fines or put people at risk. Set criticality criteria in advance: does the document affect safety, legality of activity or the right to perform specific work on a site?

Practically, begin with two thresholds. First — “zero days”: document expired means work cannot continue (dangerous work permits, activity licenses, operation permits). Second — an allowable delay, e.g., 7 days, if law and internal rules permit temporary suspension of some operations without endangering people.

To prevent critical expiries from lingering, create an escalation matrix: who gets the alert and what they must do.

• Day 0: notify the responsible person and the process owner, require stopping related work on the site.
• Day 1: notify the unit manager, record reason and recovery plan.
• Day 3: notify H&S or compliance (depending on document), start an internal check.
• Day 7: notify the director of the line, decide on stop, subcontractor replacement or task redistribution.

Also prepare a "stop‑work" list: which sites or processes are blocked when a particular document expires. For instance, if a site’s equipment operation permit expires, the object card should show a “stop” flag and block requests, work orders or shipments related to that equipment.

For leadership, a short weekly report works best: how many critical expiries, which sites, how many at zero days, main reasons (forgot renewal, payment delay, inspection wait) and who owns the fix. This reveals systemic problems, not just single incidents.

Storing supporting documents: order and access

The registry is useful only if each record can open its supporting file quickly. Agree that a document in the registry is considered "live" only when a file is attached that can be shown to inspectors or managers without long searches.

Store not only the license or permit but also everything that proves legality and currency. A typical package includes: scanned/electronic original (PDF) with annexes and change pages, payment receipts, correspondence about renewal, inspection protocols and orders, powers of attorney and internal orders if they affect document validity.

Set scan quality rules: readable stamps and signatures, complete page set, one file per package (main document + annexes), avoid tilted phone photos.

A simple filename template helps: site or division, document type, number, issue date, end date, version. Example: "Warehouse‑3_License_№123_2024‑02‑10_until2026‑02‑10_v2.pdf".

To keep the archive auditable, record in the card who uploaded the file, when, from which source and which version it replaced. If the registry is in a shared system, forbid quiet file replacement without a comment and history entry.

Limit access by roles. Mark documents with personal data or trade secrets separately: view on a need‑to‑know basis, download allowed only to responsible persons, activity log enabled.

Final protection layer: backups and integrity checks — regular scheduled backups and restore tests, storing a copy separate from the production system, version history, periodic inventory (no broken or empty files), deletion only by a responsible person with a reason.

Step by step: how to implement the registry

The registry’s goal is not "keep a table" but to make deadlines, responsibilities and proofs visible and verifiable at any time.

Steps 1–2: collect documents and clean up site data

Ask all units for a list of permits and licenses they use: what the document is, who owns the process, where the original is and when it expires. Assign a responsible person for each record (a specific person, not just a department) and a backup.

At the same time build a single directory of sites and assets: branches, buildings, sites, activity types, equipment. If sites have different names across departments the registry will fall apart, so agree on a unified naming format.

Steps 3–4: card template, statuses, notifications and criticality

Create the document card template and fix status rules. Minimal statuses: “Draft”, “Active”, “Renewal in progress”, “Suspended”, “Expired”, “Annulled”. Add fields: number, issuing authority, start and end dates, linked site/asset, responsible person, renewal submission deadline, list of supporting files.

Then configure notifications: e.g., 90/30/7 days before expiry and on the expiry day. Define criticality: what counts as critical (expired or less than 7 days left without “renewal in progress”) and who receives escalation.

Steps 5–6: transfer data, reconcile and regular control

Move data into the registry, attach scans and verify dates against primary sources. It’s useful to spot‑check 10–20% of records by another employee.

After launch set a rhythm: weekly review of the “red zone” (approaching expiry and expired) and a monthly report to managers on critical risks, renewals and missing confirmations.

Common mistakes and how to avoid them

The most common cause of chaos is no single process owner. When "everyone is somewhat responsible" no one decides who requests renewal, collects signatures or closes the task. Appoint a registry owner (compliance, legal or admin) and define backups for vacations and sick leave.

Second problem: deadlines kept "in someone’s head" or personal calendars. A calendar reminds but doesn’t show what’s done, paused or why a date moved. In the registry the important things are not only the end date but a clear status and reason: "awaiting fee payment", "documents submitted", "refusal received, preparing corrections".

Frequent issues and fixes:

• Responsible recorded as a department, not a person. Fix: record the full name, backup executor and the manager for control.
• There is a date but no status or history. Fix: add statuses and a short action log (who submitted, who received, what was requested).
• Site link typed as free text ("warehouse on Abay") so filtering becomes impossible. Fix: use a unified directory of sites/assets and select from the list.
• Confirmations stored in email or on a USB stick. Fix: store files in a shared location with access rights and clear file names.
• Reminders exist but the task "hangs". Fix: introduce escalation and closure control — if no confirmed action, raise the notification level.

Example: a branch’s medical license expires in 45 days. Without status and owner the problem is noticed a week before expiry. With status "under review", next step date and escalation to the manager after 3 days without progress, the risk of expiry drops significantly.

Short checklist for regular control

Regular control must be simple and repeatable. Choose one week day for a quick review and one day per month for a deeper check. Record results briefly: what you found, who does it and by what date.

Weekly check (10–15 minutes)

Look at documents expiring soon. Rule of thumb: everything under 60 days should already have an assigned executor and a next step.

• Are there documents with less than 60 days and is an executor assigned?
• Are there expiries without reason and recovery plan?

Send one short message to responsible people: "You have 2 documents in the 60‑day zone, plan needed by Friday."

Monthly check (30–60 minutes)

Once a month review process resilience: "what happens if someone goes on vacation" and "are all confirmations attached?"

• Are there critical documents without a backup responsible?
• Do all sites have the mandatory set of documents for their type?
• Are supporting files attached to documents marked “active"?

Example: a branch has an activity license and an equipment operation permit. If one is marked “active” but no scan is attached, the file is likely "in email" or "in chat" and may be lost. Assign the task to find and upload the confirmation with number, issue date and expiry.

If there are many sites, use a rule: while a site lacks the full set of mandatory documents it is considered a risk. This reduces disputes when deadlines start to burn.

Example: running a registry for a network of sites

Imagine a company with 6 sites: head office, warehouse, 2 production sites and 2 branches. Each has different work types: lifting equipment, chemical storage, a medical room, fire alarm. Some documents are company‑wide, others are strictly site‑specific.

Divide the registry into two blocks. First — common documents: activity licenses, contracts with accredited labs, permits that apply to the whole organization. Second — site documents: each address has its own set, deadlines and responsible persons.

To prevent notifications becoming noise, keep rules uniform and clear. Example notification escalation:

• 90 days: executor and document owner;
• 60 days: add unit manager;
• 30 days: add site manager (branch director, site supervisor);
• 0 days: status “expired”, task to stop work or apply temporary measures;
• 7 days expired: notify leadership with reason and recovery plan.

Confirmations are stored in the document card or a common folder, but the package is the same everywhere: application/letter to the authority, receipts and payments, inspection protocol (if any) and the issued document. This proves timely submission even if the authority delays issuance.

If a critical expiry occurs, treat it as an incident: what expired and where, why it wasn’t done (timeline error, missing data, contractor delay), who approved temporary suspension and until when they commit to restore validity. Record the review in a comment and a separate decision to avoid responsibility gray areas.

Next steps: lock the process and choose a tool

First appoint the process owner — not the person who “fills the table” but the one responsible for rules, deadlines, escalation and data quality. Also agree criticality criteria: which documents must never reach expiry under any circumstances.

Then decide where the registry will live. If the number of documents is small and relationships are simple, a spreadsheet is enough. If there are dozens of sites, many units and frequent inspections, you need a database or corporate system with access controls and change history.

How to pick the right format

Evaluate using five questions:

• How many documents and how fast is the number growing?
• Do you need links to sites, equipment and contracts?
• Are change logs and access roles required?
• Who and how will receive renewal notifications?
• How often do auditors request supporting files and originals?

Run a pilot on 1–2 sites: create typical documents, statuses ("active", "renewal in progress", "suspended", "annulled"), configure notifications and test the critical expiry scenario — who gets the signal, when the manager joins and what happens if the responsible is absent.

Integrations and access rights

Plan how the registry will exist in your IT environment: user accounts, access segregation by divisions, backups, storage for scans and signed files. For example, legal may see everything while a site manager sees only their site documents.

If you want the registry to be an enduring process, not a one‑off spreadsheet, consider discussing a project with GSE.kz (gse.kz). The company provides system integration and infrastructure (including workstations and servers) and can help set up storage, access and support so the registry doesn’t fall apart after the first staffing or organizational changes.