A mobile app does not control Legionella. It records that you did, or it surfaces, quickly, that you didn’t. Hold onto that distinction, because it is the whole basis for choosing one well. The sales deck will talk about live dashboards and clever charts; the question that decides whether the money was worth spending is narrower. Does the app make your proof of control faster to capture, harder to fake, and easier to act on than the system you have now?
Most facilities teams arrive at this decision already buried in spreadsheets, signed paper sheets and contractor PDFs that nobody can find the morning an auditor asks. An app can fix that. It can also become an expensive way to store the same mess behind a login. The difference comes down to a handful of details vendors rarely lead with, so here is how to find them before you commit.
What you are actually buying
Strip away the screens and a Legionella app is two things bolted together: a task scheduler that tells the right person to do the right job at the right outlet, and an evidence store that keeps what they found. L8 expects duty holders to hold records of the precautions taken, the monitoring carried out, and the management arrangements behind them [1]. Judge any Legionella task management tool against that sentence first.
A good one captures, for every task, six things: who did it, when, on which asset, what the result was, whether it was in range, and what happened if it wasn’t. Everything else, the QR codes on outlets, the trend graphs, the push notifications, is either in service of those six or it is decoration.
How to choose one: a framework that survives the sales demo
Five questions separate a genuine digital logbook from a pretty front end. Ask each one out loud, and make the vendor show you, not tell you.
1. Does the app fit your scheme, or must your scheme bend to fit it? Your written control scheme and asset register are the spec. An app built around a fixed template, with fixed task names and fixed frequencies, forces you to describe your building in someone else’s words, and the gaps between their template and your reality are exactly where control quietly slips. You want to configure your own outlets, your own task types, and the frequencies your risk assessment set. Ask: “Can we add a non-standard asset and a custom task frequency ourselves, and what does a change cost after go-live?”
2. Does it work where the water actually is? Cold tanks live in roof voids, calorifiers in basements, sentinel outlets at the end of long risers, places where mobile signal goes to die. If the app can’t take a temperature reading offline and sync it later, your operative will either skip the round or scribble readings on the back of a hand and type them up over a brew. Both destroy the audit trail you bought the app for, so treat offline capture as a hard requirement. Ask: “Show me a reading taken with the phone in airplane mode, then synced. What timestamp does it keep?”
3. Can the record be trusted six months later? The point of going digital is an audit trail nobody can quietly rewrite. Find out whether a past entry can be edited or deleted, and whether that change is itself logged, with a name and a time, that an auditor can see. A record you can silently back-date is worth less than the paper sheet it replaced, because it looks authoritative and isn’t. Ask: “If someone changes last Tuesday’s reading, what does the audit log show?”
4. What happens the moment a reading fails? This is where apps separate. A low hot-water temperature or a missed flush should not just sit in a list. It should flag, route to a named responsible person, and stay open until someone closes it with an action. Recording a failure and doing nothing about it is arguably worse than not recording it, because now you have documented that you knew and didn’t act. Ask: “Walk me, on screen, through one failed temperature reading from the outlet to a closed-out action.”
5. Can you get your data back out? One day you will need twelve months of records for an insurer, an enforcing officer, or an incoming contractor, and one day you may leave this vendor. Both need the same thing: a clean export of your history, in a format you can use, that you own. Data you can see but cannot extract is data you are renting. Ask: “If we cancel, exactly what leaves with us, in what format, and is there a charge?”
If the app also pairs with sensors, add a sixth: who owns the alert? A temperature sensor on a flow and return is only as good as its calibration record and the person who acts on what it reports. A live dashboard with no thresholds, no named owner and no escalation is a screen, not a control measure. Decide who answers the two-in-the-morning alert before you wire anything in.
Red flags worth walking away over
- “Guaranteed compliance” or “fully compliant out of the box.” No app confers compliance; the duty holder does [3].
- No offline capture, dressed up as “works best on good wifi.”
- Records that can be edited without a trace.
- Sensor alerts sold on the look of the dashboard, with no escalation behind them.
- Your historical data held hostage on exit.
- Per-outlet pricing that quietly multiplies across a multi-site estate until the spreadsheet you replaced starts to look cheap.
When an app is the wrong answer
Be honest about scale. A small site with a handful of outlets and one reliable person who is actually on site does not need this. A well-kept paper logbook is perfectly compliant, and a tablet just adds a cost and a charging cable to lose. An app earns its keep at scale, across multiple buildings, or wherever the failure mode is record-chasing rather than the work itself.
And no app fixes a process problem. If flushes aren’t being done, software won’t do them; it will produce a tidy record of the fact that they weren’t. Buy a tool to manage a working process, not to conjure one into existence. If you are still weighing paper against digital in principle, on making the switch is a better starting point than any vendor’s demo.
What the app can’t do for you
An app routes and records control tasks. It does not perform them, and it does not make you compliant. Only competent people doing the right things, proven by the record, do that. Any limits, frequencies or acceptable ranges baked into the software are a vendor’s defaults, not the standard for your building. The figures that count come from your site-specific risk assessment, and HSE guidance is explicit that monitoring frequency follows the system and the assessment rather than a fixed schedule [2]. Treat a built-in threshold as something to confirm, never as permission to stop thinking. Whatever the software promises, accountability for the lot stays with the duty holder [3].
Before you commit
Run one building through a full monitoring cycle before you roll anything out across the estate. Pick your most awkward site, the one with the basement plant room and the outlets nobody can reach, and test the three things demos tend to hide. Capture a reading with no signal. Fail a reading on purpose and watch where it goes. Then export the month and see what you actually own. If all three hold up, you have a tool. If any one of them folds, you have a dashboard. To put real numbers around the decision, on technology ROI breaks down where the spend pays back and where it doesn’t.
FAQ
Will a Legionella app make our building compliant?
No. Compliance comes from a competent person carrying out the controls your risk assessment requires and keeping records that prove it. An app makes those records faster to capture and harder to lose, which helps you demonstrate control, but the duty and the liability stay with you [3].
Do we still need a paper logbook as a backup?
Usually not as a parallel system; running two records doubles the effort and invites the two to disagree. What you do need is confidence that you can export and read your digital history without the vendor’s app, so that a signal outage, a billing dispute or an audit never leaves you unable to produce records.
What happens to our records if we change providers?
Settle this before you sign, not after. You want a full export of your historical data, both human-readable proof and the raw underlying data, in a standard format that you own outright. If a vendor cannot say plainly what leaves with you on exit, treat the vagueness itself as a red flag.
Sources
[1] HSE, “Legionnaires’ disease. The control of legionella bacteria in water systems - Approved Code of Practice and guidance (L8)”. https://www.hse.gov.uk/pubns/books/l8.htm [2] HSE, “Legionnaires’ disease: Technical guidance (HSG274)”. https://www.hse.gov.uk/pubns/books/hsg274.htm [3] HSE, “Legionnaires’ disease - what you must do”. https://www.hse.gov.uk/legionnaires/what-you-must-do/index.htm