---
title: "The Legionella Control Association Code of Conduct explained"
source_url: https://legionella.io/articles/the-legionella-control-association-code-of-conduct-explained/
canonical_url: https://legionella.io/articles/the-legionella-control-association-code-of-conduct-explained/
pillar: "UK Legionella Law & Compliance"
summary: "The LCA Code of Conduct is a useful signal, not a transfer of liability. How UK duty holders should read membership, check its scope and avoid five traps."
primary_keyword: "LCA Code of Conduct"
date_published: 2025-08-23
date_reviewed: 2026-06-26
author: "Legionella.io editorial team (REMOTE TECH LTD)"
reviewed_against: "HSE L8 and HSG274 guidance"
region: "United Kingdom"
license: "(c) REMOTE TECH LTD. Quote freely with attribution and a link to source_url."
---

# The Legionella Control Association Code of Conduct explained

A risk assessment quote lands on your desk with the Legionella Control Association badge on the letterhead, and the instinct is to read that badge as "sorted". It isn't, quite. The LCA Code of Conduct is a genuinely useful signal — but it does a narrower job than most duty holders assume, and the gap between what it actually certifies and what people think it certifies is where compliance quietly comes apart.

The Code of Conduct is the standard a company commits to when it joins the Legionella Control Association. It obliges a service provider to deliver its Legionella control work — risk assessment, monitoring, cleaning and disinfection, consultancy, training, water sampling — to a defined level, and to give you, the customer, documentation you can hold it to [1]. Two things follow from that and they matter. Membership is voluntary. And hiring a member is not, by itself, compliance.

## What the Code actually covers

Think of the Code as a promise about *how* a provider works, not a guarantee about *your* building. A registered provider signs up to commitments around the things that go wrong in this trade: employing trained and competent staff, agreeing a clear scope before work starts, following written procedures, and reporting results in a form you can act on [1]. The Association registers providers against specific service categories rather than as a blanket "approved for everything" stamp — so a firm can hold registration for monitoring and disinfection without being registered to carry out risk assessments [1].

For you, the practical value is the paper trail it forces into existence: a defined service, competent people behind it, and reports that connect to your control scheme. That feeds directly into your own evidence — what [Acting on your risk assessment](https://legionella.io/articles/acting-on-your-risk-assessment-setting-priorities/) calls turning findings into prioritised, recorded action. What the badge does not do is shoulder your legal duty. Under the Approved Code of Practice (ACoP L8), the duty holder appoints competent help and remains accountable for the system [2][3]. With that distinction clear, the common mistakes almost name themselves.

## Five ways duty holders misread the badge

### Reading the badge as a transfer of responsibility

The most expensive mistake. A provider is appointed, the membership logo goes on file, and the duty feels discharged. It isn't. HSE is blunt that responsibility sits with the duty holder, and using a contractor does not move it [2][3]. A member carries out the work; you still own the decisions, the oversight and the records that prove control. Membership shows you chose help with care. It does not make the provider answerable for your compliance.

### Not checking what the registration actually covers

People see one badge and assume it blankets every service. It doesn't. Because registration is service-category specific, an LCA-registered water treatment firm is not automatically registered to write your risk assessment, and vice versa [1]. The fix takes five minutes: confirm the exact categories the provider holds, then check those are the ones you are actually buying. If you are commissioning a risk assessment from a firm registered only for monitoring, the badge is real but it is not covering the work in front of you.

### Treating membership as the legal requirement

Two versions of this turn up in tenders. One demands "must be LCA registered" as though that were the law. The other rejects a perfectly competent small contractor purely for not being a member. Both confuse a voluntary scheme with a statutory duty. The law requires competence; it does not name the Association [2]. Membership is a well-recognised and convenient way to evidence competence — treat it as strong evidence to weigh, not a pass/fail gate. This is the same best-practice-versus-legal-minimum line drawn in [Water Safety Plans](https://legionella.io/articles/water-safety-plans-best-practice-vs-legal-requirement/).

### Filing the certificate and ignoring the paperwork it entitles you to

The certificate goes in the folder; the service documentation it should sit beside never gets read. That is the wrong way round. The certificate is the least useful part. The value is the agreed scope, the named competent staff, the procedures and the reports the Code commits the provider to supply [1]. Ask for them, read them, and check the delivered work matches what was promised. A reporting format you cannot act on is a red flag regardless of any logo on the cover.

### Checking membership once and never again

Contracts run for years; a one-time tick at appointment ages badly. Confirm membership is still current at each renewal, and — more importantly — audit the actual service against the Code's promises. Did the assessor visit when due? Did reports arrive, and did they flag the things your own walk-rounds see? Were remedial actions closed, or just listed? Membership is a starting filter, not standing assurance.

## The one correction worth making first

If you change only one habit, separate two questions that duty holders routinely merge: "Is this provider a member?" and "Is this provider competent for *my* building, and can I prove they did the work?" The badge helps answer the first. Only your own records, scope and oversight answer the second — and it is the second that an inspector, or a court, will ask about.

A concrete start this week: pull your current provider's details, look up the precise service categories their registration covers, and lay those next to the services named in your contract. Where the two don't line up, you have found either a gap to close or a conversation to have before the next renewal.

## Where this guidance stops

None of this turns a membership badge into a substitute for your own judgement. Whether a given provider is competent for your particular system is a decision for your risk assessment and your responsible person, not for a logo. This is general guidance on how to read the scheme — it is not legal advice and not an endorsement of any provider. Decisions that sit downstream of the badge, such as how often water is sampled, should follow your system and risk assessment rather than a contractor's standard package [4]; the trade-offs there are covered in [Detecting Legionella](https://legionella.io/articles/detecting-legionella-culture-and-pcr-testing-methods/).

## FAQ

### Is LCA membership a legal requirement for Legionella contractors?
No. UK law requires you to use competent people; it does not name the Legionella Control Association [2]. Membership is a voluntary scheme and a widely recognised way to demonstrate competence, but a non-member can be competent and a member can still do poor work on a particular job. Judge the competence, then use membership as supporting evidence.

### Does hiring an LCA member make my building compliant?
No. It helps you show you selected help carefully, which matters. Compliance itself rests on your risk assessment, written control scheme, monitoring and records — and on you overseeing the work. The duty stays with the duty holder whether or not a contractor is a member [3].

### How do I check what a provider's LCA registration actually covers?
Ask the provider, and confirm against the Association's register, exactly which service categories they hold — risk assessment, monitoring, cleaning and disinfection, consultancy, training and analysis are registered separately [1]. Then match those categories against the work named in your contract, so you are not buying a service the registration doesn't reach.

## Related reading

- [Acting on your risk assessment: setting priorities](https://legionella.io/articles/acting-on-your-risk-assessment-setting-priorities/)
- [Water Safety Plans: best practice vs legal requirement](https://legionella.io/articles/water-safety-plans-best-practice-vs-legal-requirement/)
- [COSHH and Legionella: managing water treatment chemicals safely](https://legionella.io/articles/coshh-and-legionella-managing-water-treatment-chemicals-safely/)
- [Detecting Legionella: culture and PCR testing methods](https://legionella.io/articles/detecting-legionella-culture-and-pcr-testing-methods/)

## Sources

[1] Legionella Control Association, "Code of Conduct for Service Providers". https://www.legionellacontrol.org.uk/
[2] HSE, "Legionnaires' disease. The control of legionella bacteria in water systems - Approved Code of Practice and guidance (L8)". https://www.hse.gov.uk/pubns/books/l8.htm
[3] HSE, "Legionnaires' disease - what you must do". https://www.hse.gov.uk/legionnaires/what-you-must-do/index.htm
[4] HSE, "Testing and monitoring your water system for legionella". https://www.hse.gov.uk/legionnaires/testing-monitoring-water-system.htm