Print this, walk your site, and tick honestly. The point of a Legionella compliance checklist is not to produce a tidy document — it is to find the gaps between what your scheme says happens and what actually happens, before an HSE inspector, insurer or incident does it for you.

A checklist is only as good as the scheme behind it. There is no national pass mark you tick against; an inspector checks that your records match your own written scheme of control, and that someone acted when a reading drifted [1]. So treat every item below as a prompt to produce the evidence, not just to remember that you meant to.

Use it as a dry run. If you cannot put your hand on the proof in under a minute, mark it red — that is exactly the item that will stall a real audit.

The self-audit checklist

Work through it in four groups, in this order: the assessment sets what you must control, the controls deliver it, the records prove it, and training keeps it honest. Tick green only where you can show the evidence today.

1. Risk assessment and scheme

  • A current, written Legionella risk assessment exists, dated, covering every water system on site.
  • It names the duty holder, the responsible person and any deputy, with the dates their appointment was made.
  • It includes an up-to-date asset register and a schematic that matches the pipework as installed, not as designed.
  • Dead legs, blind ends, infrequently used outlets and redundant pipework are identified, with actions to remove or manage them.
  • The assessment has been reviewed after any change of use, layout, occupancy or following a period of low use — and the trigger for the next review is recorded [1].
  • A written scheme of control sets out what is monitored, by whom, how often, and the action to take when a result falls outside limits.

2. Control measures and monitoring

  • Hot water storage and distribution temperatures are checked at the frequency your assessment sets; as a general expectation, stored hot water sits around 60C and reaches the tap above 50C [4].
  • Cold water is confirmed below 20C at representative points, again to your assessment’s schedule [4].
  • Sentinel outlets (nearest and furthest) are monitored, and a rolling sample of other outlets is rotated through over the period your scheme defines [2].
  • Little-used outlets are flushed at a frequency the risk assessment justifies, with each flush recorded rather than assumed.
  • TMVs, calorifiers, expansion vessels, showerheads and any cooling towers or evaporative condensers are inspected, cleaned or descaled on schedule.
  • Where temperature is not the control method, the alternative — for example a chemical regime — is monitored to its own parameters and limits.
  • Out-of-range results have a logged action and a close-out, not just a red number.

3. Records and evidence

  • Every monitoring result is recorded against the specific asset or outlet, with date, value and who took it.
  • Records are retained and retrievable for the period L8 expects, under named and competent management [1].
  • Remedial works, disinfections and sampling results are filed where an auditor can follow the thread from problem to fix.
  • Contractor certificates, service-provider competence and any sub-contracted work are documented and current.
  • There is a clear audit trail showing missed tasks were noticed and rescheduled, not silently skipped.

4. Training and competence

  • The responsible person has training appropriate to their duties, with a record of what and when.
  • Staff carrying out flushing and temperature checks know what a failure looks like and who to tell.
  • Roles and deputies are written down so cover exists when someone is on leave or leaves the organisation.
  • Training is refreshed on a stated cycle, and the refresh dates are logged, not vaguely “recent”.

How to score and use it

Three colours beat a percentage. Green means you produced the evidence on the spot. Amber means the work is being done but the proof is slow, scattered or verbal. Red means you could not show it.

Amber is the dangerous middle. It is where most enforcement starts — not because nobody flushed the outlet, but because nobody can prove it was flushed on the right date by a named person. In my view, a wall of amber is a worse audit position than a couple of honest reds, because it signals a system running on memory rather than evidence.

Date the audit, keep it, and re-run it on a sensible cycle so you can see drift over time. A self-audit you do once and lose tells an inspector nothing; a dated series of them shows a programme that watches itself, which is precisely the assurance regular auditing is meant to give [3].

The items people quietly skip

Schematics are the first to rot. The pipework gets altered, an outlet is capped, a new wing opens — and the drawing stays frozen at handover. An assessment built on a wrong schematic misses real risk.

Close-out is the second. Plenty of logs capture the out-of-range reading and then go quiet. The reading is not the record an inspector cares about; the action you took is.

Handover is the third. When a contractor changes or the responsible person moves on, the history has to travel with the role, not walk out with the person who held the folder.

Before you treat a green tick as compliance

This checklist is general guidance, not legal advice, and a full set of ticks does not by itself prove your system is safe. What counts as adequate control is decided by a competent, site-specific risk assessment, and the temperatures, frequencies and limits it sets will differ from the next building’s. The list tells you whether you can find your evidence; only the assessment behind it tells you whether the evidence is the right evidence. Treat a red mark as a genuine prompt to act, not a box to colour in later.

Here is a concrete next step for today: run the four groups against one building and count your ambers. If most of your gaps are “we did it but proving it took ten minutes”, the problem is the record, not the work — and that is the case for moving the log off paper and spreadsheets into a digital logbook like L8log, where each check is stamped to an asset, dates itself, and surfaces the missed task before the auditor does. Audit on paper first, then decide what to track digitally.

FAQ

How often should I run a self-audit like this?

There is no fixed legal interval, and the frequency should reflect your site’s risk and how much it changes. A common, defensible approach is a light internal check each quarter and a fuller review at least annually or after any significant change. The aim is to catch drift between scheduled risk-assessment reviews, not to replace them [3].

Does completing this checklist make me compliant?

No. The checklist surfaces whether you can evidence your controls; it does not perform them or judge whether they are adequate. Compliance rests on a suitable and sufficient risk assessment, a written scheme, competent people doing the checks, and acting on exceptions [1]. A clean checklist with a thin assessment behind it is still exposed.

Who should actually do the self-audit?

Ideally someone with enough independence to mark honestly — a responsible person auditing their own daily routine tends to grade generously. Where you can, have a second competent person or an external reviewer walk the same list. The value is in the reds you would rather not have found.

Sources

[1] HSE, “Legionnaires’ disease. The control of legionella bacteria in water systems - ACoP and guidance (L8)”. https://www.hse.gov.uk/pubns/books/l8.htm [2] HSE, “Legionnaires’ disease: Technical guidance (HSG274)”. https://www.hse.gov.uk/pubns/books/hsg274.htm [3] HSE, “Legionnaires’ disease - what you must do”. https://www.hse.gov.uk/legionnaires/what-you-must-do/index.htm [4] HSE, “Hot and cold water systems”. https://www.hse.gov.uk/legionnaires/hot-and-cold.htm