---
title: "Setting up a digital Legionella logbook"
source_url: https://legionella.io/articles/setting-up-a-digital-legionella-logbook/
canonical_url: https://legionella.io/articles/setting-up-a-digital-legionella-logbook/
pillar: "Digital Logbooks & Record Keeping"
summary: "How to set up a digital Legionella logbook so the audit trail holds up: asset structure, what each task records, permissions and a clean switch from paper."
primary_keyword: "digital logbook setup"
date_published: 2025-06-18
date_reviewed: 2026-06-26
author: "Legionella.io editorial team (REMOTE TECH LTD)"
reviewed_against: "HSE L8 and HSG274 guidance"
region: "United Kingdom"
license: "(c) REMOTE TECH LTD. Quote freely with attribution and a link to source_url."
---

# Setting up a digital Legionella logbook

A digital Legionella logbook only earns its keep if, on the day you wish it didn't matter, a stranger can open it and reconstruct what was controlled, when, by whom, and what happened the moment a reading went out of range. Set it up for that day, and most other decisions answer themselves.

That day might be an HSE visit, a case linked to your building, or a handover where the person who held it all in their head has just left. Swapping a folder for an app changes nothing on its own. What changes things is how you structure the record before anyone logs a single temperature.

## Build it backwards from the audit

Most teams configure the software the way the vendor demos it: import a spreadsheet of outlets, switch on weekly reminders, done. Start from the other end instead. Decide what a sceptical outsider would need to see to believe your water system is under control, then set the logbook up to produce exactly that and nothing vaguer.

In practice the evidence trail has to answer four questions for every control measure: what is this, who did it, what did they find, and what happened if the result was wrong. L8 expects duty holders to keep records of the precautions taken, the monitoring carried out, and the management arrangements behind them [1]. A digital system should make those records tighter than paper ever managed, by tying each task to a specific asset, a timestamp, a reading and a named user. If your setup makes the trail looser or fuzzier than the paper book it replaced, the migration has cost you.

## Get the asset structure right first

The single biggest setup decision is the unit of record. A logbook organised around vague areas such as "ground floor" or "the kitchen" produces evidence nobody can act on. One organised around named assets and outlets, such as calorifier 1, the east-wing sentinel tap, or shower 214, produces a trail that maps cleanly onto your schematic and your risk assessment.

Before importing anything, reconcile three documents: the asset register, the system schematic, and the written scheme of control. If an outlet appears on the schematic but not in the register you import, the logbook will silently stop watching it, and silent gaps are the ones that surface at the worst time. Spend the dull afternoon getting the asset list complete and correctly named. Renaming half your outlets after staff have logged a month of readings against the old labels is a job nobody enjoys.

## Decide what each task must capture

A bare "task complete" tick is worth very little. Configure each monitoring task so that closing it forces the evidence that proves it happened: the asset, the reading, whether that reading sat inside the limit your scheme sets, the person, and the time. Make the timestamp reflect when the check was done, not when someone typed it up. A logbook full of readings batch-entered at 16:55 every Friday tells an investigator more than you would like it to.

The out-of-range path is where digital genuinely pays back. When a temperature or result falls outside the limit, the logbook should refuse to let it close as "fine" and instead open a short exception trail: what was found, who was told, what remedial action was taken, the re-check, and the close-out. That sequence is the difference between a record that shows a managed control and one that just shows a number. Photos help for tank condition or a removed dead leg, but keep them as supporting evidence, not as a substitute for the reading itself.

## Don't fake the back-history

When you switch over from paper, resist the urge to back-fill months of historical readings into the new system to make it look established. Keep the paper records as the historical evidence and start the digital trail clean from go-live. A digital log that claims six months of flawless compliance from a system installed last week is one of the first things an investigator learns to distrust. The retention clock on your old records keeps running regardless of the new tool, so file them properly rather than retype them; if you are unsure how long that is, settle the retention question early ([covers how long to keep Legionella records in the UK](https://legionella.io/articles/how-long-to-keep-legionella-records-in-the-uk/)). For the wider mechanics of moving across, [walks through making the switch from paper to digital](https://legionella.io/articles/paper-vs-digital-logbooks-making-the-switch/).

## Lock down who can change what

Ask the vendor one question before you commit: can a completed record be edited or deleted, and if it is, does the system keep a visible history of the change? An audit trail that can be quietly overwritten is not an audit trail. Set permissions so the roles match real life: field staff record results, the responsible person reviews and signs off, and any edit to a closed record leaves a footprint showing who changed what and when. The point is not to distrust your team; it is that your records have to stand up when you are not in the room to explain them.

## A setup checklist before go-live

Run through this before you roll the system out beyond a pilot. The items are grouped so you can hand each block to the person who owns it.

Structure and scope:
- Reconcile the asset register, schematic and written scheme, and resolve every outlet that appears on one but not the others.
- Name assets the way the risk assessment names them, so a reader can move between the two without a translation step.
- Confirm each control measure in the scheme has a matching task in the logbook, and no orphan tasks exist with no scheme behind them.

Task configuration:
- Make each task force the asset, reading, in-or-out-of-range flag, user and a true timestamp on close.
- Set the acceptable limits and frequencies from your risk assessment, not from the product's default template.
- Build the out-of-range route: exception raised, escalation logged, remedial action, re-check, close-out.

Evidence and access:
- Confirm completed records cannot be silently edited or deleted, and that any change is visibly logged.
- Set role-based permissions for recording, reviewing and signing off.
- Test a full export of your data, in a format you could read without the vendor, before you depend on the system.

## The trade-offs nobody mentions in the demo

A few setup choices look helpful and quietly backfire. Worth deciding deliberately rather than accepting the defaults.

Over-stuffed tasks. Pile twenty mandatory fields onto a routine flush and busy staff start entering whatever clears the screen fastest. Reliable data from six fields beats fiction from twenty.

Dashboards that average away failure. A headline "94% compliant" can hide the one sentinel outlet that has been amber for a month. Configure the views so a single repeated exception stays visible rather than smoothed into a percentage.

Connectivity assumptions. Plant rooms and basements are exactly where signal dies and exactly where readings are taken. Check the app captures offline and syncs later with the original time intact, or your timestamps will drift to whenever the phone next found a connection.

## Before you flip the switch

A green dashboard records whether you are compliant; it does not make you compliant. The same screen can sit happily on top of a system where the real control has lapsed, with temperatures drifting, an outlet quietly dropped from the round, or a remedial action logged but never actually done. Every limit, frequency and escalation route you configure has to come from your site's risk assessment and a competent person; HSE guidance is clear that monitoring schedules follow the system and its risk assessment rather than a supplier's preset [2]. And the duty stays with you. Putting the record into software no more transfers accountability than handing it to a contractor does [3].

So don't launch across the whole estate on day one. Pick one wing or one system and configure it end to end, from assets and tasks through to limits, escalation and permissions, then run it for a fortnight. A small, correct pilot surfaces every structural decision while it is still cheap to change, and gives you a working pattern to clone across the rest of the site.

## FAQ

### Can a digital logbook replace our paper records entirely?
Going forward, yes, a well-configured digital system can be your live record. But your existing paper records still hold the history, and the retention period that applies to Legionella records applies to them whatever tool you adopt next [1]. Keep the paper archive filed rather than retyped, and start the digital trail clean from go-live.

### Will an HSE inspector accept digital records as evidence?
L8 is concerned with whether you keep adequate records of precautions, monitoring and management arrangements, not with whether they sit on paper or a screen [1]. A clear, well-structured digital log usually makes an inspection easier, because the inspector can follow a task from result to exception to close-out in one place. The format is not the question; the completeness and honesty of the trail is.

### What happens to our records if we change software provider?
This is the question to settle before you sign, not after. Confirm you can export your full history in a readable, open format, and that you would keep access to it if the contract ended. Records you cannot extract are records you do not really own, and a provider switch should never leave a gap in your evidence trail.

## Related reading

- [Paper vs digital logbooks: making the switch](https://legionella.io/articles/paper-vs-digital-logbooks-making-the-switch/)
- [How long to keep Legionella records in the UK](https://legionella.io/articles/how-long-to-keep-legionella-records-in-the-uk/)
- [Essential records for Legionella compliance](https://legionella.io/articles/essential-records-for-legionella-compliance/)
- [Features of effective Legionella record-keeping software](https://legionella.io/articles/features-of-effective-legionella-record-keeping-software/)

## Sources

[1] HSE, "Legionnaires' disease. The control of legionella bacteria in water systems - Approved Code of Practice and guidance (L8)". https://www.hse.gov.uk/pubns/books/l8.htm
[2] HSE, "Legionnaires' disease: Technical guidance (HSG274)". https://www.hse.gov.uk/pubns/books/hsg274.htm
[3] HSE, "Legionnaires' disease - what you must do". https://www.hse.gov.uk/legionnaires/what-you-must-do/index.htm