---
title: "Archiving Legionella records for long-term access"
source_url: https://legionella.io/articles/archiving-legionella-records-for-long-term-access/
canonical_url: https://legionella.io/articles/archiving-legionella-records-for-long-term-access/
pillar: "Digital Logbooks & Record Keeping"
summary: "Digital logbooks make today's records easy and tomorrow's records vanish. A checklist for archiving Legionella evidence so it stays readable for years."
primary_keyword: "digital record archiving"
date_published: 2025-12-25
date_reviewed: 2026-06-26
author: "Legionella.io editorial team (REMOTE TECH LTD)"
reviewed_against: "HSE L8 and HSG274 guidance"
region: "United Kingdom"
license: "(c) REMOTE TECH LTD. Quote freely with attribution and a link to source_url."
---

# Archiving Legionella records for long-term access

The Legionella record you will most want to produce is almost never this week's. It is the temperature log from three summers ago, the risk assessment that was current when an outlet was capped, the cleaning certificate from a contractor who has since stopped trading. Those are the records that settle an audit, smooth a building handover, or stand up during an investigation. They are also the first ones a digital system quietly loses.

Modern logbook software is good at the live job: flag a missed flush, nudge the responsible person, show a green dashboard at month end. Long-term retrieval tends to be an afterthought. Platforms get replaced, contracts lapse, accounts are deactivated the day someone leaves, and an export that opened cleanly last year becomes a file nobody can read. So it is worth treating digital record archiving as a discipline in its own right, separate from day-to-day logging.

## When the old records actually get pulled

Three moments turn a dusty archive into the thing your whole compliance position rests on.

An **audit or HSE inspection** asks to see control over time, not a single snapshot. L8 expects duty holders to keep records of the risk assessment, the precautions and the monitoring, and to retain them so they can be produced [1]. A green dashboard today proves nothing about the eighteen months before you arrived.

A **handover** moves the duty to someone new — a change of managing agent, a new estates lead, a sale. The incoming responsible person inherits the building's water history along with the building, and they can only inherit what was actually kept and is actually readable.

An **incident or outbreak investigation** is the unforgiving one. UKHSA investigations of cases, clusters and outbreaks reconstruct what happened from records that may reach back years [3]. If the relevant log is missing, locked in a dead account, or in a format nobody can open, that gap becomes part of the story.

How long to keep things is a question for current guidance, not your software's default. Common practice, reflected in HSE guidance, is to retain monitoring records for a period of years — five years is a figure many schemes apply — while the risk assessment stays live for as long as it remains current, with superseded versions kept rather than deleted [1][2]. Confirm the exact period against HSE guidance and your own written scheme; do not let a vendor's retention slider decide it for you.

## A checklist for records that outlive the people who made them

Run this against whatever system holds your evidence today. It is grouped so you can hand a section to whoever owns that piece.

**Retention and scope**

- Confirm a written retention period for each record type (risk assessments, monitoring logs, cleaning and disinfection certificates, sampling reports, remedial actions).
- List every record source — the main logbook, contractor portals, spreadsheets, email attachments, IoT sensor feeds — so nothing lives only in a place nobody checks.
- Mark superseded risk assessments and control schemes as superseded, with dates, instead of overwriting them.

**Format and portability**

- Export a full copy in an open format such as CSV or PDF, and open it on a device that has never touched the vendor's platform.
- Check the export carries context, not just numbers: asset, date, reading, who did it, in or out of range, and what action followed.
- Confirm photos, signatures and certificates come out attached to their records, not as broken links pointing back at the live system.

**Access and continuity**

- Name who can retrieve the archive if the current administrator leaves tomorrow, and make sure that access does not die with one login.
- Hold an independent backup — somewhere you control — not only the live cloud tenancy.
- Record the vendor, the contract end date, and the data-return clause that governs what happens when you switch or stop paying.

**Integrity and audit trail**

- Confirm entries are time-stamped and tamper-evident, so a record made on the day can be told apart from one edited later.
- Keep the audit trail itself in the export, not just the headline values, so edits and close-outs remain visible.

**Retrieval**

- Test that you can find one specific record — a single outlet on a single date — in minutes, not days.
- Check the archive is searchable by asset and by date range, so long-term access does not depend on remembering where a file was filed.

## Putting the checklist to work

Pin it to something you already do. The natural moment is the risk assessment review: when you revisit the assessment, run this archiving pass alongside it and write down what you found, not just that you looked. Give one named person ownership of the archive, the same way you name a responsible person for the controls themselves.

The most useful version of this is a live retrieval drill. Once a year, pick a real record at random and try to produce it cold — no help from the person who entered it. If you can, the archive works. If you cannot, you have found the failure while it is still cheap to fix. Where sensors and automated logging feed the record, the same test applies: an automated stream is only an archive if you can still read it after the contract ends, which is exactly the kind of dependency [Automation in record keeping](https://legionella.io/articles/automation-in-record-keeping-iot-enabled-logging/) is worth weighing up before you commit.

## The bits people skip

A few failures show up again and again, and none of them appear on a normal monthly report.

Vendor lock-in is the big one. Teams assume that because the data is "in the cloud" it is theirs and always retrievable. It is theirs until the contract ends or the supplier changes its terms. Test a real data export now, while you still have full access, rather than discovering the limits mid-switch.

Overwriting is the quiet one. A live system that always shows the current risk assessment is convenient, but if updating it erases the previous version you have destroyed the history an investigator would want. Version, do not replace.

Backups nobody has restored are the third. An untested backup is a hope, not a record. And attachments orphaned from their entries — a photo or certificate that exports as a dead link — turn a complete-looking log into one that proves nothing.

## Before you lean on any of this

Retention periods, what counts as an adequate record, and how long superseded assessments should be kept are set by current HSE guidance and your own site-specific risk assessment, not by a software default or by anything here. This is general guidance on keeping evidence usable, not legal advice on how a regulator or court would treat a particular record — the question of whether digital records are accepted as evidence in their own right is covered separately in [Are digital records legally acceptable in the UK?](https://legionella.io/articles/are-digital-records-legally-acceptable-in-the-uk/). Apply all of it through a competent assessment of your specific systems and the people they serve.

The single most useful thing you can do today: log into your current system and export everything for one asset to a file on your own drive, then open it somewhere the vendor's software has never been installed. If it opens, reads clearly and stands on its own, your archive is real. If it does not, you have just found the gap with years to spare instead of days.

## FAQ

### How long should we keep Legionella records?
There is no single number that fits every site. HSE guidance points to retaining monitoring records for a period of years, with five years widely applied in practice, while the risk assessment stays current for as long as it reflects the system and superseded versions are kept rather than deleted [1][2]. Confirm the specific period against current HSE guidance and write it into your scheme so it is a decision, not an accident.

### What happens to our records if we switch logbook providers?
Whatever your contract's data-return clause says — which is why it is worth reading before you sign, not after you leave. The safe assumption is that you must extract your own complete, context-rich export in an open format before access ends, and store it independently. If the only copy lives in a platform you no longer pay for, you no longer have an archive.

### Is a cloud backup enough, or do we need our own copy?
A supplier's cloud backup protects against their hardware failing; it does not protect against the contract ending, the account being closed, or the format becoming unreadable. For genuine long-term access, keep an independent copy you control, in a format you can open without the original system, and test that you can actually restore and read it.

## Related reading

- [Essential records for Legionella compliance](https://legionella.io/articles/essential-records-for-legionella-compliance/)
- [Paper vs digital logbooks: making the switch](https://legionella.io/articles/paper-vs-digital-logbooks-making-the-switch/)
- [Automation in record keeping: IoT-enabled logging](https://legionella.io/articles/automation-in-record-keeping-iot-enabled-logging/)
- [Are digital records legally acceptable in the UK?](https://legionella.io/articles/are-digital-records-legally-acceptable-in-the-uk/)

## Sources

[1] HSE, "Legionnaires' disease. The control of legionella bacteria in water systems - Approved Code of Practice and guidance (L8)". https://www.hse.gov.uk/pubns/books/l8.htm
[2] HSE, "Legionnaires' disease: Technical guidance (HSG274)". https://www.hse.gov.uk/pubns/books/hsg274.htm
[3] UKHSA, "Investigation of Legionnaires' disease: cases, clusters and outbreaks". https://www.gov.uk/government/publications/investigation-of-legionnaires-disease-cases-clusters-and-outbreaks