A legionella risk assessment is a structured evaluation of a building’s hot and cold water systems and associated plant to identify where Legionella bacteria could grow and how occupants might be exposed to contaminated aerosols. It examines everything from storage tanks and calorifiers to showers, cooling towers, and any equipment generating small droplets.
Under UK law, this assessment is a core duty established by the Health and Safety at Work etc. Act 1974, the Management of Health and Safety at Work Regulations 1999, and COSHH regulations. The HSE’s Approved Code of Practice L8 and HSG274 guidance documents provide the practical framework for compliance.
The critical point is that a legionella risk assessment is a process, not merely a document. It combines on-site investigation, system mapping, technical analysis, and the production of a report with risk ratings and an action plan. This forms the foundation of a Water Safety Plan that governs how premises manage water hygiene over time.
The assessment applies to virtually all man-made water systems: hot and cold water services, evaporative condensers, spa pools, hot tubs, process water, and any system capable of generating aerosols that could be inhaled.
Interested in Learning More? Get In Touch Today!The Key Takeaways
- A legionella risk assessment is a legal requirement under UK health and safety legislation for any organisation controlling premises with water systems that could present a risk.
- The assessment involves an on-site inspection of hot and cold water systems to identify conditions where Legionella bacteria could grow and spread through contaminated water droplets.
- Risk conditions include water temperatures between 20–45°C, stagnation, the presence of scale, biofilm, and organic matter in systems like cooling towers, showers, and storage tanks.
- Duty holders include employers, landlords, facilities managers, and building owners across healthcare, hospitality, manufacturing, and commercial sectors.
- Marlowe Environmental Services provide competent, UK-wide legionella risk assessments, monitoring, and remedial support for both simple and complex systems.
Why Legionella Risk Assessments Matter
Legionella bacteria cause Legionnaires’ disease, a potentially fatal form of pneumonia caused by inhaling contaminated water droplets. People do not contract legionnaires disease by drinking water; they must inhale fine aerosols containing the bacteria deep into their lungs.
The bacteria thrive in specific conditions. Water stored or recirculated at temperatures between 20-45°C creates ideal growth environments. Add scale, rust, sludge, or biofilm,common in poorly maintained water systems,and bacterial growth accelerates. Areas of stagnation, dead legs in pipework, and infrequently used outlets compound the risk.
Consider practical examples.
- A hotel with guest rooms unoccupied for weeks creates stagnation in shower pipes.
- A hospital’s complex hot water network serving hundreds of vulnerable patients with compromised immune systems demands rigorous control.
- A factory’s cooling towers, essential for production, can become breeding grounds for waterborne pathogens if not properly managed.
Employers, landlords, and duty holders carry legal responsibilities to identify and control these reasonably foreseeable risks. Even when an assessment concludes the overall risk is low, that conclusion must be documented and the assessment regularly reviewed.
The business impacts of getting this wrong extend beyond health and safety legislation compliance. HSE enforcement action, civil claims, reputational damage, and unplanned shutdowns all follow outbreaks. In healthcare settings, CQC scrutiny adds another layer of accountability.
We work with organisations to reduce these risks, demonstrate compliance, and protect building users,including those with weakened immune systems or kidney disease who face heightened vulnerability to exposure to legionella.
What a Legionella Risk Assessment Looks Like On Site
Rather than a checklist exercise, a legionella risk assessment involves a thorough walkthrough of water systems. Consider a typical assessment at a five-storey office building with a roof tank and basement plant room.
The Competent Assessor Arrives
UK safety legislation requires the person conducting the assessment to be demonstrably competent. This means formal legionella awareness training, practical experience surveying similar systems, and knowledge of ACOP L8, HSG274, and BS 8580-1:2019. For complex water systems in healthcare or industrial settings, sector-specific expertise is essential.
Initial Briefing
The assessor meets the responsible person or duty holder to review existing documentation: previous assessments, schematics, monitoring records, and any history of non-compliance. This briefing clarifies scope and identifies access constraints.
Physical Inspection
The legionella risk assessment process then moves through the entire water system,from incoming mains supply through to every outlet. The assessor examines:
| Component | What’s Assessed |
| Cold water tanks | Lid condition, insulation, screens, internal cleanliness |
| Calorifiers and cylinders | Temperature settings, stratification, sediment |
| Distribution pipework | Dead legs, redundant sections, insulation quality |
| Outlets | Aerators, flexible hoses, usage frequency |
| Cooling towers | Drift eliminators, treatment systems, maintenance records |
The assessor looks at conditions, not just assets. They identify potential hazards like stagnant water in unused outlets, poorly insulated pipes running through warm spaces, or cold water tanks in roof voids that exceed 20°C during summer.
Temperature Profiling
Temperature monitoring forms a critical part of the assessment. The assessor measures temperatures at sentinel outlets and throughout the system:
- Cold water should remain below 20°C
- Hot water should reach at least 50°C at outlets
- Calorifiers should operate at 60°C or above
The time taken for outlets to reach target temperatures reveals whether pipes are adequately insulated and whether water sits too long in distribution networks.
System Mapping
The assessment produces or updates schematic drawings showing water flow through the building. An asset register catalogues every significant component, its location, condition, and maintenance history. This documentation creates a baseline for future reviews.
Management Arrangements
Throughout the inspection, the assessor evaluates management systems: permits to work for plumbing contractors, flushing records for infrequently used outlets, cleaning schedules, and training records for staff involved in maintaining water systems.
For complex estates like hospitals, universities, or multi-site portfolios, Marlowe Environmental Services deploy teams of assessors to survey multiple buildings systematically, ensuring consistent methodology across the estate.
Risk Identification and Evaluation
After the site survey, the assessor analyses findings to determine where Legionella could realistically grow and how people might be exposed. This centres on the concept of reasonably foreseeable risk,not proving contamination exists, but identifying where it could occur if current control measures fail.
Factors considered in this evaluation include:
- System design complexity and water age
- Temperature trends and consistency
- Presence of scale, sludge, or biofilm
- Historical sampling data where available
- Reliability of existing precautionary measures
Occupant susceptibility also shapes the assessment. Buildings housing elderly residents, care home populations, hospital inpatients, or people with compromised immune systems require more stringent evaluation than standard office environments.
Risks are typically categorised to help duty holders prioritise. A risk rating system,whether high, medium, and low categories or numerical scoring,identifies which issues demand immediate attention and which form part of longer-term improvement plans.
The evaluation also flags business-critical systems. A cooling tower essential for manufacturing or a domestic hot water system serving an entire hospital wing carries operational consequences beyond health risks if it fails or requires shutdown for remediation.
The Legionella Risk Assessment Report and Recommendations
The main output is a written report that serves as a working management tool rather than a certificate to file away. This detailed assessment document typically includes:
- Site description and schematic overview
- Asset register with component conditions
- Summary of current management arrangements
- Findings with photographic evidence
- Risk evaluation for each identified hazard
- Prioritised action plan with timescales
Recommendations range from procedural improvements to engineering interventions. Simple control measures might include introducing weekly flushing of little-used outlets or improving record-keeping practices. More elaborate control measures could involve removing dead legs, resizing water storage tanks, upgrading insulation, or installing secondary disinfection systems. Each recommendation identifies the responsible person, suggested completion timescale, and any dependencies such as building shutdowns or specialist contractor involvement.
Quality reports also establish ongoing control regimes: temperature monitoring frequencies, tank inspection schedules, cleaning and descaling programmes, and where appropriate, biocide treatment strategies or legionella testing protocols.
What Happens After the Assessment?
Completion of a legionella risk assessment marks the start of risk assessing and management, not the end. Duty holders must act on findings to achieve and maintain compliance with relevant health regulations.
The assessment drives creation or update of a written scheme of control,often called a Water Safety Plan. This translates recommendations into scheduled tasks with clear roles, frequencies, and success criteria for appropriate control measures.
Day-to-day activities typically include:
- Regular temperature checks at sentinel outlets
- Flushing of infrequently used outlets
- Periodic tank and calorifier inspections
- Cleaning and disinfection tasks
- Microbiological sampling where indicated
Records of these activities must be maintained,typically for at least five years in higher-risk settings, to demonstrate ongoing compliance and support trend analysis.
The sufficient assessment must be reviewed regularly. For typical commercial premises, review every two years represents standard practice. Complex systems like cooling towers or large healthcare estates warrant annual or more frequent reviews. A review is also triggered by significant changes: plant modifications, altered usage patterns, repeated control failures, or a suspected legionellosis case.
Marlowe Environmental Services support implementation through remedial works, chemical treatment programmes, remote temperature monitoring, training, and periodic reassessments.
Who Needs a Legionella Risk Assessment?
Any organisation or individual controlling premises with water systems that could pose a legionella risk carries a legal obligation to carry out a legionella risk assessment. This is not optional guidance; it is embedded in UK health and safety law.
Concrete examples include:
- Office buildings with stored hot water and cold water tanks
- Hotels and leisure centres with showers, spa pools, and hot tubs
- Factories with cooling towers and process water systems
- Care homes and hospitals with extensive hot and cold water networks
- Schools and universities with distributed systems
- Distribution centres with welfare facilities
Domestic properties present a different picture. Landlords with domestic hot water systems in small, well-used dwellings may find the risk,and therefore the assessment,relatively straightforward.
A simple risk assessment documenting low risk may suffice, provided conclusions are properly recorded and reviewed.
Low risk does not remove the duty. It simply means fewer controls may be justified. Not all systems require elaborate control measures, but all must be assessed.
In larger organisations, facilities managers, estates teams, and health and safety officers typically serve as the duty holder or responsible person for water safety.
Dedicated to expert legionella risk assessments
At Marlowe Environmental Services, our specialist team in environmental compliance help support organisations across healthcare, hospitality, retail, manufacturing, education, and commercial real estate.
Our end-to-end legionella management services include:
- Compliant risk assessments meeting ACOP L8 and BS 8580-1 standards
- Schematic production and asset registration
- Monitoring and temperature logging systems
- Chemical treatment programmes
- Remedial engineering works
- Legionella awareness training
- Ongoing consultancy and reassessments
Using a single competent provider delivers consistency across multi-site portfolios, centralised reporting, and clearer demonstration of compliance to the HSE, insurers, and regulators.
If your last assessment is over two years old, your systems have changed since 2020, or you are uncertain whether current documentation meets approved code of practice requirements, get in touch for an initial discussion.
Frequently Asked Legionella Risk Assessment Questions
How often should a legionella risk assessment be reviewed in the UK?
HSE guidance does not specify a fixed interval, but most organisations review their assessment every two years for standard commercial premises.
High-risk systems like cooling towers or large healthcare estates warrant annual or more frequent reviews. A review is also required after significant changes to plant, pipework, usage patterns, or following a suspected legionellosis case. Document your chosen review frequency in your Water Safety Plan and justify it based on your identified risk levels.
Is legionella water testing always required after a risk assessment?
Routine microbiological testing is mandatory for certain high-risk systems such as cooling towers and evaporative condensers, but not for every hot and cold water system.
The risk assessment determines whether sampling is appropriate based on system type, vulnerability of occupants, and how reliably physical controls like temperature maintain safe conditions. Many offices and small commercial buildings with robust temperature control and good system design operate safely without routine legionella sampling.
Can my organisation carry out its own legionella risk assessment?
UK law permits duty holders or their staff to conduct assessments, provided they are demonstrably competent,meaning sufficient training, knowledge, and practical experience.
For complex systems in healthcare premises, sites with cooling towers, or large campuses, in-house teams often struggle to meet BS 8580-1 standards without specialist support. Many organisations commission external specialists like Marlowe Environmental Services for the initial assessment, then manage routine controls internally with appropriate training.
How long should legionella records be kept?
As a practical minimum, retain the current and previous legionella risk assessments plus at least five years of key monitoring and maintenance records for higher-risk systems. Specific retention periods may be influenced by sector guidance such as NHS Water Safety Group advice or HTM 04-01 for healthcare premises. Align your legionella record retention with broader health and safety and clinical governance policies where applicable.