---
title: "Cloud vs on-premise: where to host your Legionella data"
source_url: https://legionella.io/articles/cloud-vs-on-premise-where-to-host-your-legionella-data/
canonical_url: https://legionella.io/articles/cloud-vs-on-premise-where-to-host-your-legionella-data/
pillar: "Digital Logbooks & Record Keeping"
summary: "Your Legionella records are your proof of control. Compare cloud and on-premise hosting on what matters at audit: survivability, access and a trustworthy trail."
primary_keyword: "cloud vs on-premise"
date_published: 2025-09-26
date_reviewed: 2026-06-26
author: "Legionella.io editorial team (REMOTE TECH LTD)"
reviewed_against: "HSE L8 and HSG274 guidance"
region: "United Kingdom"
license: "(c) REMOTE TECH LTD. Quote freely with attribution and a link to source_url."
---

# Cloud vs on-premise: where to host your Legionella data

Your Legionella records are not paperwork. They are the only thing that proves, after the fact, that the water in your building was actually under control. Lose them, strand them on a dead laptop, or let them be quietly edited, and a diligent control regime looks identical to a negligent one the moment an inspector asks to see twelve months of temperatures.

So the hosting question — cloud or on-premise — deserves better than "whatever IT prefers". The useful frame is evidence: which option keeps your proof of control durable, reachable and trustworthy over years, not which is cheapest to stand up this quarter.

## What you're really choosing between

In theory the choice is binary. Cloud means a hosted platform you reach through a browser, where a vendor runs the servers. On-premise means software and data that live on hardware you own and control — a server in a comms room, or sometimes just a shared drive and a spreadsheet on one manager's machine.

In practice most duty holders are already in a messier third state and haven't named it. The records sit in a water-treatment contractor's portal that you don't control. Or they are scattered: paper site logs, a spreadsheet of lab results, photos on a phone, a calorifier service report in someone's inbox. That fragmentation is itself a hosting decision — just an accidental one. Writing down where each record actually lives is the first move worth making, and it usually exposes a gap long before you choose any platform. If your records are scattered like this, [moving from paper to a single digital logbook](https://legionella.io/articles/paper-vs-digital-logbooks-making-the-switch/) is the real prerequisite, not the hosting model.

## The criteria that matter at audit

Forget feature lists. Five questions decide whether a hosting choice helps you or hurts you when it counts. L8 expects duty holders to keep records of monitoring, inspection and the management arrangements, and to be able to produce them [1][2] — so the honest test for any option is how well it stands up to each line below.

| What you're really deciding | Cloud / hosted | On-premise / local |
| --- | --- | --- |
| Survives a flood, fire or failed drive at the site | Data sits off-site, so a building incident doesn't take the evidence with it — provided the vendor's backups are real | Only as safe as your last backup; a server lost with the building takes the records too |
| Reachable mid-incident, off-site, out of hours | Browser access from anywhere, which matters when a question lands on a Saturday | Tied to your network or VPN; fine on-site, awkward when you're not |
| Tamper-evidence (can an entry be backdated unseen?) | Mature platforms keep versioned, user-stamped history that is hard to alter quietly | A shared spreadsheet can be re-saved with no trace of who changed what, or when |
| Who patches, secures and backs it up | The vendor — that is part of what you pay for, and you should confirm they actually do it | Your IT, or you; a skipped update or missed backup becomes your liability |
| Getting your data out later | Depends on the export terms — check before you sign, or you end up renting your own evidence | You hold the files, but only if they open in a format someone can still read in five years |

The pattern in that table is the whole argument. Cloud tends to win on survivability, access and a tamper-evident audit trail. On-premise wins on control and independence — but only if you genuinely fund the backups and security a vendor would otherwise carry.

## Which to pick when

Cloud is the pragmatic default for a multi-site estate, for any team that needs records reachable during an out-of-hours incident, and for anyone who cannot honestly promise disciplined, tested local backups. The audit trail alone — every reading stamped with who took it and when — often does more for a defensible position than the original jump from paper ever did.

On-premise earns its place where data genuinely cannot leave the organisation's own network for security or policy reasons, or where in-house IT already runs hardened, backed-up servers and can absorb one more application. The deciding factor is honesty about maintenance. An unpatched, un-backed-up local server is the worst of both worlds: it carries all the risk of self-hosting with none of the resilience.

Watch the contractor portal most of all. Letting a water-treatment provider hold your records in their system feels convenient until the day you change provider — at which point access tends to end with the contract, and you discover the evidence was never really yours. The duty does not move with the data: accountability for the records stays with the responsible person, whoever runs the software [2]. Before you rely on any third-party portal, settle in writing how you export your full history, and in what format. The same caution applies to feeding records into a wider estates platform — be clear on [what inspectors actually look for in your records](https://legionella.io/articles/what-inspectors-look-for-in-your-legionella-records/) before you assume a dashboard counts as proof.

## Before you commit

None of this is IT-security or legal advice, and no hosting model changes your duties — the responsible person still owns the records and what they prove [1][2]. A platform can only make good control easy to evidence; it cannot turn missed flushes into compliance, and a system that stores bad data beautifully is still storing bad data. Confirm the retention periods that apply to your records, and your own data-protection position on the operative names, signatures and photos these systems hold, against current HSE guidance and your organisation's IT policy before you sign. Where a vendor quotes a specific retention period or security certification, get it in writing rather than taking the sales sheet on trust.

## FAQ

### Does the HSE specify where Legionella records must be stored?
No. L8 is concerned that the records exist, are kept for the expected period, and can be produced on request — not which server they sit on [1]. Cloud, on-premise and paper are all acceptable in principle; the obligation is about retention and retrievability, so confirm the periods that apply to your records against the guidance.

### If our contractor keeps everything in their portal, whose records are they?
The obligation is still yours. Outsourcing the work, or the software, does not outsource accountability for the records [2]. Treat portal access as borrowed: agree an export route and format up front, because that access usually ends when the contract does, and rebuilding a lost history after a switch is slow and painful.

### Is a cloud logbook automatically more audit-proof than a spreadsheet?
Not automatically. What makes records defensible is a trustworthy trail — who recorded what, when, and whether anything changed afterwards — plus the discipline to keep it current. A well-run spreadsheet can beat a neglected platform. The edge cloud tends to have is tamper-evidence: a versioned, user-stamped history is far harder to backdate than a file anyone can quietly re-save.

## Related reading

- [Paper vs digital logbooks: making the switch](https://legionella.io/articles/paper-vs-digital-logbooks-making-the-switch/)
- [Integrating Legionella records with facility management systems](https://legionella.io/articles/integrating-legionella-records-with-facility-management-systems/)
- [Essential records for Legionella compliance](https://legionella.io/articles/essential-records-for-legionella-compliance/)
- [What inspectors look for in your Legionella records](https://legionella.io/articles/what-inspectors-look-for-in-your-legionella-records/)

## Sources

[1] HSE, "Legionnaires' disease. The control of legionella bacteria in water systems — Approved Code of Practice and guidance (L8)". https://www.hse.gov.uk/pubns/books/l8.htm
[2] HSE, "Legionnaires' disease — what you must do". https://www.hse.gov.uk/legionnaires/what-you-must-do/index.htm