---
title: "Best Legionella compliance software: how to compare logbook platforms"
source_url: https://legionella.io/articles/best-legionella-compliance-software-how-to-compare-logbook-platforms/
canonical_url: https://legionella.io/articles/best-legionella-compliance-software-how-to-compare-logbook-platforms/
pillar: "Digital Logbooks & Record Keeping"
summary: "Skip the feature lists. Use this buyer's framework to compare Legionella logbook platforms on records, scheduling, audit trail and the questions vendors dodge."
primary_keyword: "best Legionella compliance software"
date_published: 2026-01-29
date_reviewed: 2026-06-26
author: "Legionella.io editorial team (REMOTE TECH LTD)"
reviewed_against: "HSE L8 and HSG274 guidance"
region: "United Kingdom"
license: "(c) REMOTE TECH LTD. Quote freely with attribution and a link to source_url."
---

# Best Legionella compliance software: how to compare logbook platforms

The platform that wins your shortlist is rarely the one with the longest feature list. It is the one that lets you produce twelve months of defensible evidence in front of an inspector without a single gap, excuse or "that was the old system". Start there, and most of the demos sort themselves out.

Every vendor will show you temperature graphs and a tidy dashboard. Those are table stakes. What actually separates a good compliance platform from a glorified spreadsheet is what happens at the awkward edges: the overdue task nobody chased, the remedial action with no follow-up, the handover when your contractor changes, the export when you decide to leave.

This is a category guide, not a league table. The names change; the criteria below do not.

## What the purchase actually has to achieve

Software does not control Legionella. A competent risk assessment, the right control scheme and people doing the tasks control Legionella. The software's only job is to make the doing visible, scheduled and provable [1].

So judge any platform against three outcomes, in this order. It must hold a complete, tamper-evident record of monitoring, inspection and remedial work. It must drive the schedule your risk assessment specifies, so tasks get done on time and overdue items surface loudly. And it must let you produce all of that on demand, in a form an HSE inspector, an insurer or an incoming duty holder will accept [2].

If a product is strong on dashboards but weak on any of those three, it is the wrong product. The pretty parts are the easy parts.

## A six-test framework for comparing platforms

Run every shortlisted product through these six tests. For each, I have given the exact question to put to the vendor — ask it in the demo, not after the contract.

**1. The record test.** Can the system capture every task type your scheme actually contains: hot and cold temperatures, TMV checks, calorifier and shower descales, tank inspections, flushing of little-used outlets, plus free-text remedials? Ask: *"Show me a task type that isn't a temperature reading, and show me where the photo, the operative's name and the timestamp attach to it."*

**2. The audit-trail test.** A record you can silently edit after the fact is worth little when someone challenges it. Ask: *"If a reading is corrected next week, do you keep the original value, who changed it, and when?"* You want an immutable history, not an overwrite.

**3. The scheduling test.** The whole point is that nothing quietly lapses. Ask: *"A weekly flush is missed on a vacant floor. What does the system do — and who sees it, when?"* A good answer involves escalation, not a row that simply turns red where no one looks.

**4. The accountability test.** Records need to be attributable to a named, competent person. Ask: *"How do you stop one shared login signing off everything, and can I see at a glance who did what?"*

**5. The retrieval test.** This is the one most demos skip. Ask: *"Generate the full compliance pack for one site, last twelve months, as I would hand it to an inspector — now, on screen."* Watch how long it takes and how complete it is. If they need to "get back to you", that is your answer.

**6. The exit test.** Ask: *"If I cancel, what do I get, in what format, and what does it cost?"* Your records belong to you. A platform that holds your evidence hostage on cancellation is a liability, not an asset.

A platform that passes all six is rare. One that passes one to four but fumbles five and six will fail you on the day it matters most.

## Comparing the platform types

Most products fall into one of three shapes. The decision axes matter more than the brand names.

| Decision axis | Generic forms/checklist app | Dedicated Legionella logbook | Contractor's bundled portal |
|---|---|---|---|
| Built around L8/HSG274 task types | Rarely; you build it | Yes, out of the box | Usually yes |
| Tamper-evident audit trail | Varies, often weak | Core feature | Varies |
| Schedule driven by your risk assessment | You configure manually | Designed for it | Set by the contractor |
| Who owns/controls the data | You | You | Often the contractor |
| Multi-site, multi-role access | Add-on | Typical | Limited to their scope |
| Easy to leave with your records | Yes | Should be (test it) | Frequently hard |

The bundled contractor portal is the one to scrutinise hardest. It is convenient while the relationship lasts. The trap is that your compliance history can live inside a supplier you might one day want to replace — and the exit test above suddenly becomes the only test that counts.

## Trade-offs worth accepting (and not)

No platform is all upside. A dedicated logbook usually costs more than repurposing a generic app, and it asks you to adopt its way of structuring tasks. In my view that structure is the feature, not the friction — it stops your scheme drifting into a free-text mess no two operatives record the same way.

Conversely, do not pay for breadth you will never use. Remote sensor integration, BMS feeds and live dashboards are genuinely useful on large or high-risk estates with cooling towers or healthcare premises governed by HTM 04-01 [3]. On a small portfolio of low-risk buildings, they are spend that pays back slowly, if at all. Match the tool to the risk profile your assessment describes, not to the demo's most impressive screen.

## Red flags

Some signals should end a vendor conversation early. Records that can be edited without leaving a trace. No way to attribute a sign-off to a named person. A "compliant" claim with no reference to who decides your task frequencies — because that is your risk assessment's job, not the software's [2]. An export that is a flat PDF dump with no underlying data. And any reluctance to demonstrate the twelve-month retrieval live.

The loudest red flag is a sales pitch that promises the software will *make* you compliant. It will not. It records and schedules; you and your competent people remain the duty holders [1].

## When not to buy yet

If you do not have a current risk assessment, buy that first. Software built on top of an unknown or outdated control scheme just digitises uncertainty faster.

And if your real problem is that tasks aren't being done — rather than not being recorded — fix the doing before you fix the recording. The best platform in the category cannot flush a dead leg.

This is general guidance to help you choose, not a verdict on any specific product or a substitute for advice from a competent person. Your control scheme, task list and monitoring frequencies must come from a site-specific Legionella risk assessment carried out to a recognised standard; the software should serve that assessment, never define it.

## FAQ

### Does compliance software make me legally compliant?

No. The duty to assess and control the risk, keep records and produce them on request sits with the duty holder and responsible person, not the tool [1]. Good software makes that duty far easier to discharge and to prove, but it cannot do the assessment, run the tasks or accept the liability for you.

### Who decides the monitoring frequencies the software schedules?

Your site-specific risk assessment does, in line with HSG274 — the platform simply enforces whatever schedule you configure [2]. Treat any product that ships with fixed "compliant" frequencies sceptically; the right intervals depend on your systems, water temperatures and usage, and may differ outlet to outlet.

### Can I get my records out if I switch providers?

You should always be able to, and you should test it before signing. Ask for a full export of raw data and evidence in a usable format, confirm any cost, and check that retained records will still meet the retention expectation for Legionella management and monitoring records [1]. If the answer is vague, treat that as a reason to look elsewhere.

## Related reading

- [Features of effective Legionella record-keeping software](https://legionella.io/articles/features-of-effective-legionella-record-keeping-software/)
- [Is a digital logbook worth it? Cost-benefit analysis](https://legionella.io/articles/is-a-digital-logbook-worth-it-cost-benefit-analysis/)
- [Paper vs digital logbooks: making the switch](https://legionella.io/articles/paper-vs-digital-logbooks-making-the-switch/)

**Next step:** Pick your single most awkward site and ask your current front-runner to produce its full twelve-month compliance pack, live, in the demo. If you are still on paper or spreadsheets, run the same test on your existing records this week — the gaps you find are exactly the criteria your shortlist needs to close.

## Sources
[1] HSE, "Legionnaires' disease. The control of legionella bacteria in water systems - ACoP and guidance (L8)". https://www.hse.gov.uk/pubns/books/l8.htm
[2] HSE, "Legionnaires' disease: Technical guidance (HSG274)". https://www.hse.gov.uk/pubns/books/hsg274.htm
[3] NHS England, "Health Technical Memorandum 04-01: Safe water in healthcare premises". https://www.england.nhs.uk/publication/safe-water-in-healthcare-premises-htm-04-01/