Most buildings already have a perfectly good Legionella risk assessment. It sits in a folder, was written by a contractor, gets reviewed once a year because the calendar says so, and barely touches the system that actually runs the building’s safety. That is the real problem. Not the assessment — the disconnection.

A water risk that lives in its own silo behaves like one. Findings never become work orders, ownership stays vague, and the next assessor re-lists the same defects two years later. The fix is not a better survey. It is wiring the water risk onto the same rails every other significant hazard already runs on: fire, asbestos, electrical safety, working at height.

Why the standalone survey keeps failing

The default pattern is to commission the assessment as a one-off deliverable. A report arrives, it is technically sound, it goes on a shelf, and everyone feels covered. The trouble is that the document gets treated as the finish line rather than an input.

L8 gives risk assessment and the management of control measures Approved Code of Practice status, which means they are a continuing legal duty, not a thing you buy once and store [1]. When the assessment is isolated from how you manage everything else, you keep the document but quietly lose the duty. Three failure modes follow from that isolation, and they are predictable:

  • The recommended actions never transfer into the maintenance system.
  • Ownership defaults to “the water contractor” instead of a named person who can actually act.
  • Review happens by calendar only, so a refurbishment or an occupancy change slides past unnoticed.

Each one is a join that was never made. Integration is about making those joins on purpose.

The four rails: run water risk like every other risk

The mental model I’d argue for is simple. Stop building a parallel system for water and instead hang the Legionella risk assessment on the same four rails your safety management already uses for fire and asbestos.

Rail one: one risk picture. Put the water risk where leadership already looks — the site or corporate risk register, sitting next to fire and asbestos with a rating and a status. If a director can tell you the fire-risk position but has never heard of the water risk, integration has failed at the top, however good the underlying report is.

Rail two: ownership in the line, not in the contract. Appoint a competent responsible person inside the organisation, with the authority and the budget to make things happen, and name a deputy for leave and turnover. HSE expects a responsible person to take day-to-day charge of control [3]. The contractor performs tasks under that duty; accountability does not transfer with the invoice.

Rail three: change-driven review, not calendar-only. The assessment is reviewed at the interval it sets for itself and whenever something material changes — occupancy, a refurbishment, a plant swap, a recurring out-of-range temperature. Monitoring and sampling frequency should follow the system and the risk assessment, not a fixed date chosen for diary convenience [2][4]. Treating review as a living trigger rather than an annual ritual is the heart of continuous risk assessment.

Rail four: the assurance loop. Every finding becomes a tracked action with an owner and a due date, closed out like any other health and safety action, and water risk earns a line on the management review agenda. BS 8580-1 frames the assessment as the basis for an ongoing control scheme rather than a standalone report, which is exactly the posture this rail enforces [5].

The bit that actually breaks: the handover

Here is what the generic guidance skips. The most common audit finding is not a missing risk assessment. It is a good assessment whose recommendations never crossed into the maintenance system.

The assessor writes “remove the redundant dead leg in the second-floor plant room.” The report reaches the responsible person. The line is read, nodded at, and never turned into a work order. Eighteen months later the next assessor walks the same plant room and re-lists the identical dead leg. The control programme didn’t fail at the survey; it failed at the transfer between paper and plant.

So the unglamorous discipline that matters most is this: every “recommended action” line gets a row in the same action tracker you use for fire and electrical, with an owner, a date and a closure check. The other quiet killer is authority without budget — a responsible person who cannot raise a purchase order can only forward emails. Give the role teeth, or the rails carry nothing.

From finding to ranked action: a worked example

Run a single finding through the four rails. Suppose the assessment flags a little-used shower in a recently refurbished wing sitting lukewarm at the outlet.

  • Risk picture: log it on the register with a rating, not buried as item 47 in a sixty-page PDF appendix that nobody opens.
  • Rank it: weigh exposure (an aerosol-producing outlet, possibly serving vulnerable users) against ease of fix, so it competes fairly with your other open risks rather than waiting its turn behind a leaking gutter. Where you need a defensible method for that ranking, quantitative risk assessment can put structure behind the judgement.
  • Own it: the named responsible person raises the remedial work; the deputy covers any absence.
  • Trigger review: note that the refurbishment changed the pipe layout, and flag a re-assessment of that wing now rather than waiting for the annual date.
  • Record the decision, not just the task: “Outlet flushed weekly pending pipework alteration; two consecutive missed flushes escalate to the responsible person; recurring lukewarm readings trigger a re-assessment of the wing.” That single sentence turns a chore into a managed control with a defined failure path.

The honest limits of this approach

Integration does not lower the technical bar. Wiring water risk into your management system will not fix bad pipework — it just guarantees the bad pipework gets seen, ranked and actioned instead of forgotten. Good rails carrying a weak assessment only distribute weak advice efficiently, so the competence of the assessment still comes first.

Scale it to the organisation, too. A large estate may run a corporate register and a quarterly management review; a small landlord might have one spreadsheet and a quarterly walk-round. The principle holds either way. Do not bolt on governance the building cannot sustain — an over-engineered system nobody updates is worse than a simple one that is alive.

A word of caution before you act. The four rails describe how to connect water-safety management to your wider safety system; they are not a ruling on which legal duty falls to whom, nor a substitute for a competent, site-specific risk assessment. The control limits, monitoring intervals and remedial actions come from that assessment applied to your building, and the ownership structure comes from your own governance. Where a finding touches someone’s health, defer to clinicians; where it touches a legal duty, take proper advice.

FAQ

Who should own the Legionella risk assessment — us or our water treatment contractor?

The duty holder and a named responsible person inside the organisation own it. The contractor delivers tasks and expertise under that duty, but accountability, oversight and the records that prove control stay in-house. Outsourcing the work does not outsource the responsibility [3].

Does integrating Legionella mean it has to go on a board-level risk register?

It needs to sit wherever significant building risks already get visibility for your size of organisation — a corporate register for a large estate, a single site risk log for a small one. The test is not the format. It is whether someone with budget authority can see its status alongside fire and asbestos.

How is this different from just doing the risk assessment on time?

Doing it on time is one rail of four. You can hold a current, well-written assessment and still fail if its actions never become work orders, ownership is fuzzy, or review only ever happens because the calendar nudged you. Integration closes those other three gaps.

A next step you can take this week

Pull your current Legionella risk assessment and your last maintenance action log, and put them side by side. Take every recommended action from the assessment and check it has a matching entry in the maintenance system that is either closed or genuinely in progress. The gaps you find — actions that were written but never crossed over — are your integration problem in miniature. Closing them is the single most useful thing you can do before paying for another survey. For change-driven triggers worth adding to your review list now, planned shutdowns and reopenings are a common one teams forget.

Sources

[1] HSE, “Legionnaires’ disease. The control of legionella bacteria in water systems — Approved Code of Practice and guidance (L8)”. https://www.hse.gov.uk/pubns/books/l8.htm [2] HSE, “Legionnaires’ disease: Technical guidance (HSG274)”. https://www.hse.gov.uk/pubns/books/hsg274.htm [3] HSE, “Legionnaires’ disease — what you must do”. https://www.hse.gov.uk/legionnaires/what-you-must-do/index.htm [4] HSE, “Testing and monitoring your water system for legionella”. https://www.hse.gov.uk/legionnaires/testing-monitoring-water-system.htm [5] BSI, “BS 8580-1:2019 — Risk assessments for Legionella control. Code of practice”. https://knowledge.bsigroup.com/products/water-quality-risk-assessments-for-legionella-control-code-of-practice-1