A signature on a maintenance record is a claim, not proof. When someone ticks “flushed” and signs it, they are saying I did this. Whether they actually did it — at the right outlet, at the right time, with a reading that was in range — is a separate question. It is also the exact question an inspector or an incident investigator will ask first.
Moving from paper to a digital logbook does not close that gap on its own. A typed name in a box can be every bit as hollow as an illegible scrawl on a clipboard. What closes it is verification: the context wrapped around the signature that makes the claim checkable months later. Get that right and your records defend you. Get it wrong and you have built a tidier version of guessing.
A signature and verification are not the same thing
It helps to keep two jobs apart, because most systems quietly merge them into one click.
A signature answers who is accountable. It puts a named person against a task and says they stand behind it. That matters for the management chain L8 expects duty holders to maintain, with records of the precautions taken and clear responsibility for them [1].
Verification answers a harder question: did the work happen as recorded? It is the timestamp, the asset reference, the actual temperature, the photo of the cleaned strainer, the note explaining why a reading was low and what was done about it. A signature without verification is a promise. A signature with verification is evidence.
This distinction earns its keep because Legionella control fails in the gaps. A weekly flush that was signed but never done leaves an outlet quietly stagnating while the paperwork says all is well. That record is not just useless — it is misleading, because it tells the next person the risk is handled.
Where it bites on a real site
Three everyday tasks show why the signature alone is not enough.
Flushing low-use outlets. This is where electronic sign-off is abused most often. Picture forty void rooms or seldom-used cleaners’ sinks across an estate, all due a weekly flush. The temptation is to sit down on Monday morning and tick the lot. The signatures look complete; the water never moved. A trustworthy system makes that batch-signing visible — ideally impossible — by tying each sign-off to a time and place that could only come from someone actually at the outlet.
Temperature monitoring. Here the verification is the data. A sentinel tap check or a TMV test is only worth recording if the number goes in with it. “Checked, signed” tells you nothing; “59.4°C at the furthest hot outlet, in range, signed” tells you the control is working and gives the next reviewer something to trend. The signature confirms who took the reading; the reading confirms the system behaved.
Contractor and remedial work. A tank clean, a disinfection after repairs, a sample taken by a third party — these are signed by people who may not have a login on your platform. Outsourcing the task does not move the accountability; the duty holder still owns the result and the record [3]. The verification trail has to stretch to cover work done by others, capturing their identity, findings and close-out evidence rather than having a manager who wasn’t there transcribe it.
What a sign-off needs to carry
Before you trust any digital signature on a Legionella task, check that it carries the things that make it checkable later. Use this as a test of your logbook, not just your people.
- Attribute it to a named individual, not a shared device login or a generic “engineer” account. A signature that could belong to anyone belongs to no one.
- Stamp the time the task was completed, not the time the form was opened or later synced. If those can differ, the system should record both and show it.
- Bind it to the specific asset — this outlet, this calorifier, this room — by a reference that matches your asset register, so a reviewer can find the same point next week.
- Capture the result, not just a tick. A number, a pass/fail against a stated limit, or a photo. The evidence, not the assurance.
- Mark in-range versus out-of-range explicitly, so an exception cannot hide inside a wall of green.
- Record the exception and what followed it when a result is out of limit: who was told, what was done, when it was re-checked, who closed it.
- Lock the record after sign-off, with any later edit kept as a visible, dated amendment rather than a silent overwrite. An audit trail you can quietly rewrite is not an audit trail.
If a sign-off cannot answer who, what, when, the result, and what happened on an exception, it is decoration.
Where digital sign-off can mislead you
The convenience of a digital logbook hides a couple of traps worth naming.
The first is the dashboard. A green completion percentage is reassuring and easy to take upstairs, but averages bury the one outlet that has been amber for six weeks. Review the exceptions, not the headline figure. A good system surfaces the misses; a flattering one buries them.
The second is identity hygiene. Shared PINs, a single tablet left logged in at the front desk, contractors signing under a manager’s name — each turns an individual signature back into an anonymous tick. The technology only adds traceability if each person genuinely uses their own credentials.
If your records are spread over several buildings, these problems multiply, which is why consistency across a group matters as much as the design of any single form — see Managing records across multiple sites.
A note on what this does and does not settle
A clean signature trail proves a task was recorded as done by a named person at a stated time. It does not prove the control strategy behind that task is right, and it is no substitute for competent, site-specific judgement. What counts as an acceptable electronic record, how long you keep it, and what your written scheme must capture are decisions for your risk assessment and your competent adviser, not for a software default. L8 sets out that duty holders should retain records of the assessment, the control scheme and the monitoring carried out; confirm the current retention periods against L8 directly rather than assuming, as they differ by record type [1]. The written scheme in HSG274 should also define which tasks are monitored and signed off, and to what limit [2]. This is general guidance, not legal advice.
FAQ
Does a typed name or a tick count as a valid signature for Legionella records?
It can, provided the system reliably attributes the action to a known individual and you keep the supporting evidence. The legal weight sits in the traceability, not the format — a typed name backed by a user identity, a timestamp and the result is stronger than a wet-ink scrawl with nothing behind it. A tick with no attribution behind it proves very little.
Do contractors need their own logins, or can we sign on their behalf?
Capture the contractor’s own identity and findings wherever you can, rather than re-keying their work under a staff account. The duty holder remains accountable for the system regardless of who does the task [3], so the record needs to show honestly who carried it out. Many platforms allow a guest or visitor sign-off for exactly this reason.
What happens to a digital sign-off if the engineer had no phone signal on site?
The entry should be captured offline and synced when a connection returns. The point to check is which time the record keeps — it must store when the task was actually completed, not when it uploaded later, or your timestamps stop meaning anything in precisely the awkward, hard-to-reach spots that matter most.
Start with one week of flush records
Do not redesign your whole logbook this afternoon. Pull last week’s flushing or temperature sign-offs, pick five at random, and test each one against the list above: a named person, a completion time, the right asset, an actual result, and a clear trail on any exception. The gaps you find — a shared login here, a missing reading there, four tasks signed in the same minute — are your real to-do list, and they will tell you far more than any dashboard.
Sources
[1] HSE, “Legionnaires’ disease. The control of legionella bacteria in water systems - Approved Code of Practice and guidance (L8)”. https://www.hse.gov.uk/pubns/books/l8.htm [2] HSE, “Legionnaires’ disease: Technical guidance (HSG274)”. https://www.hse.gov.uk/pubns/books/hsg274.htm [3] HSE, “Legionnaires’ disease - what you must do”. https://www.hse.gov.uk/legionnaires/what-you-must-do/index.htm