An auditor almost never doubts that you flushed the outlets, checked the calorifier flow temperature, or serviced the TMVs. What they doubt is that you can show it — quickly, for the right asset, on the right date, signed by someone who was actually there. That gap between doing the work and proving it is where most Legionella audits get uncomfortable.
Paper logbooks lose that argument slowly. You leaf through a binder, land on the wrong month, find three blank rows nobody can explain, and the inspector’s confidence drains away while you flick. A good digital trail wins it differently: the evidence is already sorted, searchable and time-stamped before anyone asks.
This is a checklist. The aim is to walk into the next visit with every item it will probe already pulled together — and to know which of those items a digital system genuinely makes easier to defend.
What an auditor is actually testing
Audits come in several shapes: an HSE inspection, an insurer’s survey, a client or landlord assurance visit, an internal review, a handover between facilities providers, or the worst kind — the reconstruction that follows a suspected case. They all test the same chain. Is there a current, suitable risk assessment? Is there a written scheme of control that names who does what? Are the control measures actually being carried out and recorded? And the question that separates a managed system from a hopeful one: when a reading fell out of range or a task was missed, did anyone notice and act?
L8 treats record-keeping as a duty rather than housekeeping. Duty holders are expected to keep records of the assessment, the precautions in place, and the monitoring carried out, under named and competent management [1]. HSG274 fills in the operational detail and is explicit that monitoring frequencies follow the risk assessment, not a fixed national calendar [2]. So nobody is marking you against a universal scoresheet. They are checking that your records match your own stated scheme.
The pre-audit evidence checklist
Pull these together before the visit, grouped the way an auditor tends to work through them. Each item should be something you can put on screen, not promise to find later.
The governing documents
- Produce the current Legionella risk assessment, with its date and the reason for its last review; BS 8580-1 sets the expectation for what a suitable assessment looks like [3].
- Show the written scheme of control and confirm it names the duty holder, the responsible person and a deputy.
- Confirm the asset register the records hang off is current — outlets added, removed or sealed since the last review.
The monitoring evidence
- Retrieve temperature records for sentinel and representative outlets, hot and cold, with dates and readings.
- Show flushing records for low-use outlets, and the use-pattern logic behind the schedule.
- Pull cleaning, disinfection, tank inspection, calorifier and TMV servicing records.
- Produce any sampling reports, each tied to the reason it was taken.
The exceptions (the part that matters most)
- Filter for every out-of-range reading and missed task in the period.
- For each one, show what was done, who was told, and the date it was closed out.
The people and contractors
- Show training records for whoever carries out and signs off the checks.
- Evidence contractor competence — membership of a recognised scheme such as the LCA Code of Conduct is the usual shorthand [4].
How digital records make each item provable
A binder can hold every item above. The difference is how long it takes you to answer a question, and how hard it is to quietly fudge. That is what digital audit prep really buys you.
Search and filter come first. Asked for one shower’s history over twelve months, you produce it in seconds instead of reading dates off a wall chart. Every entry carries its own attribution — who did it, when, against which asset, with what result — so there is no arguing about handwriting or an unsigned row.
Exceptions surface instead of hiding. The system flags overdue tasks and out-of-range readings rather than leaving them as silent blanks, which means you find your own gaps before the auditor does. An inspector tends to trust a system that admits its weak spots more than one showing a suspiciously perfect run of in-range numbers.
Then there is the trail itself. Edits are logged, so you cannot backdate Tuesday’s flush on Friday and pass it off as routine. That immutability is precisely what makes the record worth more than a tidy spreadsheet.
Worth saying plainly: digital does not equal compliant. A dashboard glowing green on averages while individual outlets quietly fail is worse than honest paper, because it buries the exceptions an auditor most needs to see. Weigh that against the day-to-day chasing a paper system costs you — the trade-off is set out in Paper vs digital logbooks.
The items people skip
Most pre-audit panics trace back to the same overlooked few.
Close-out is the big one. Teams record the failing temperature and forget to record the fix, the escalation and the re-check. An open exception with no resolution reads, fairly, as a control that was never managed — and it is the first thing a sharp auditor will pull on. This and other recurring slips are covered in Common mistakes in Legionella record keeping.
Retention is the next. L8 expects records to be kept and available, and guidance points to holding monitoring records for a number of years rather than clearing them down at year end — confirm the exact periods for your assessment, scheme and monitoring against L8 before you rely on a figure [1]. A digital system should make retention automatic rather than a box of archived folders nobody can find.
People skip access, too. Decide in advance how the auditor sees the records — a read-only login or a clean export beats handing over an admin account. And they skip handover: when a contractor or responsible person changes, the history has to travel with the role, not leave with the person who held the password.
Before you rely on any of this
None of the above is legal advice, and a logbook — however well organised — does not decide what counts as adequate control on your site. That judgement comes from a competent, site-specific risk assessment, and the figures it sets will differ from another building’s. A digital system makes the evidence faster to find and harder to falsify; it cannot make a thin scheme thorough. An auditor judges the substance behind the records, not the software badge on them.
FAQ
What records will an HSE inspector ask to see first?
Usually the current risk assessment and the written scheme of control, because those define what everything else should be measured against [1]. From there an inspector moves to the monitoring evidence and, pointedly, to how out-of-range results and missed tasks were handled. Have those exceptions and their close-outs ready, not just the routine green entries.
How long do we have to keep Legionella records?
L8 expects records to be retained and available, and guidance generally points to keeping monitoring records for a period of years rather than discarding them annually [1]. The exact retention period varies by record type, so confirm it against L8 for your assessment, scheme and monitoring logs. A digital logbook should apply that retention automatically.
Will switching to a digital logbook make us compliant on its own?
No. The software stores and surfaces evidence; it does not perform the controls or write your risk assessment. Compliance still rests on a suitable assessment, a written scheme, competent people doing the checks, and acting on exceptions [2]. Digital tooling makes proving all of that quicker — it does not replace any of it.
Sources
[1] HSE, “Legionnaires’ disease. The control of legionella bacteria in water systems - Approved Code of Practice and guidance (L8)”. https://www.hse.gov.uk/pubns/books/l8.htm [2] HSE, “Legionnaires’ disease: Technical guidance (HSG274)”. https://www.hse.gov.uk/pubns/books/hsg274.htm [3] BSI, “BS 8580-1:2019 - Risk assessments for Legionella control. Code of practice”. https://knowledge.bsigroup.com/products/water-quality-risk-assessments-for-legionella-control-code-of-practice-1 [4] Legionella Control Association, “Code of Conduct for Service Providers”. https://www.legionellacontrol.org.uk/