A legionella risk assessment is a structured review of your water system to identify where Legionella bacteria could grow and how people might be exposed, so you can put effective controls in place. It is a legal and safety essential for many businesses and landlords, and good practice for any building with stored or complex hot and cold water systems.
1. Understand your legal and safety duties
Before starting, clarify why you need a legionella risk assessment and what standards apply.
- In the UK, duty holders (such as employers, landlords and those in control of premises) must assess the risk from Legionella and manage it under health and safety law and HSE guidance like ACOP L8 and HSG274.
- If you are not competent or confident, you can appoint a specialist water hygiene or legionella control company to carry out the risk assessment on your behalf.
2. Identify and map your water systems
The first practical step in any legionella risk assessment is to locate and understand every relevant part of the water system.
- Create a simple schematic showing the incoming supply, cold water storage tanks, hot water cylinders, boilers, distribution pipework, outlets (taps, showers, hose reels), and any high‑risk systems such as cooling towers, spa pools or ornamental fountains.
- Note any “dead legs” or seldom‑used outlets, long pipe runs, or areas where water can sit in tanks or pipework, as these are classic stagnation points that increase legionella risk.
3. Review existing records and management procedures
Next, gather all existing documentation so you can see how the system has been managed up to now.
- Check for previous legionella risk assessment reports, maintenance logs, temperature records, tank inspection reports, and any remedial works that were recommended or completed.
- Compare what is written in procedures or written schemes of control with what actually happens on site, looking for gaps in flushing regimes, temperature checks, cleaning schedules or record‑keeping.
4. Inspect the system and check temperatures
A detailed site inspection is at the heart of a legionella risk assessment because it shows how the system behaves in real life.
- Use a suitable thermometer to measure cold and hot water temperatures at representative outlets: cold should typically be below 20°C after running and hot should reach at least 50–60°C within a defined time, depending on system design and guidance.
- Visually inspect cold water tanks, hot water cylinders, pipe insulation and outlets for signs of poor condition, contamination, scale, corrosion, biofilm, debris or missing lids and insulation, all of which can support Legionella growth.
5. Identify potential legionella risk factors
Using your survey findings, highlight where conditions favour legionella bacteria or where people are exposed to aerosols.
- Key risk factors include water stored or circulating between about 20–45°C, stagnation (dead ends, infrequently used outlets), nutrients such as scale, rust and organic matter, and systems that generate fine water droplets such as showers, spray taps, cooling towers and spa pools.
- Consider user vulnerability: people who are older, immunocompromised, or have respiratory conditions are at greater risk from Legionnaires’ disease, so sites such as healthcare, care homes and some residential settings require extra caution.
6. Assess likelihood and severity of harm
A legionella risk assessment should weigh both how likely Legionella is to grow and how serious the consequences could be.
- For each part of the system, judge the likelihood of bacterial growth and exposure by combining evidence from temperatures, system design, maintenance standards and usage patterns.
- Then consider the potential severity of harm, factoring in the number and vulnerability of people who could be exposed, and use this to prioritise which risks need the most urgent control measures.
7. Develop and implement control measures
Once risks are understood, you need a clear plan often called a scheme of control to reduce them to an acceptable level.
- Typical control measures include maintaining correct hot and cold water temperatures, flushing low‑use outlets, cleaning and disinfecting tanks and systems, removing redundant pipework, controlling scale and corrosion, and, where necessary, using biocidal treatment or disinfection.
- Assign responsibilities, set frequencies for tasks (e.g. weekly flushing, monthly temperature checks, annual tank inspections), and ensure staff are trained to carry out and record these activities correctly.
8. Decide when testing is appropriate
Microbiological testing for legionella can be part of a control strategy, but it is not always mandatory in every simple system.
- In higher‑risk systems such as cooling towers, spa pools or complex healthcare systems, routine sampling is often expected as part of ongoing verification of controls.
- Where testing is done, use competent laboratories and interpret results in the context of your overall risk assessment, acting quickly if results or site conditions indicate loss of control.
9. Record your findings and keep evidence
Good documentation is a core requirement of a compliant legionella risk assessment.
- Your written risk assessment should describe the water systems, identify the hazards and risk factors, list the people at risk, explain the control measures, and include diagrams, temperature data, photos and an action plan with timescales.
- Keep ongoing records of all monitoring, inspections, cleaning, disinfection and remedial work, as these demonstrate that the legionella risk assessment is being put into practice and reviewed.
10. Review and update regularly
A legionella risk assessment is not a one‑off document; it should evolve as the building and systems change.
- Review the assessment periodically (for example every couple of years, or as recommended for your type of premises) and sooner if there are system changes, building refurbishments, management changes, incidents, or evidence that controls are failing.
- Update diagrams, risk ratings and control measures so the document always reflects the current water system and the way it is managed day to day.
Focusing on a thorough, documented legionella risk assessment and robust controls helps protect occupants, supports legal compliance, and keeps your hot and cold water systems safe and reliable for the long term.
