Compliance and Legionella Risk Assessment

by Charlie Brain, on 12-10-2021
Find me on:


Compliance - Correctly Sized

As a reminder to us all, the HSE state that it is a legal requirement for every employer and self-employed person to assess the health and safety risks arising out of their work. The purpose of an assessment is to identify what needs to be done to control health and safety risks.

Law and Guidance

COSHH and the Management of Health Safety at Work Regulations both identify a requirement to undertake risk assessments and highlight the importance of, as far as reasonably practicable, preventing or, where prevention is not possible, controlling risks.


More specific to Legionella, the HSE’s ACoP L8 and HSG274 suite of documents, offer advice on managing water systems; including the need to carry out a “suitable and sufficient” risk assessment that identifies the risks and methods to be used to control them. HSG274 Part 2 also offers guidance on what should be included or considered in a Legionella risk assessment.


Further guidance on Legionella risk assessments can be found in the British Standards Institute’s (BSI) standards publication BS 8580-1:2019 “Water quality - Risk assessments for Legionella control. Code of practice”. This document also gives guidance on what should be included, but does not however, tell you how to carry out a Legionella risk assessment.


New call-to-action


We know undertaking such assessments are a legal requirement, and we know we have a range of guidance documents to help us with their content, but when should a Legionella risk assessment be carried out?



The answer to that question, if one is not in place, is now!. This not only applies to existing water systems, but those water systems being installed. British Standard 8680:2020 “Water Quality – Water Safety Plans - Code of Practice” gives guidance on carrying out Legionella risk assessments during design and commissioning stages. Once in place, a Legionella risk assessment must be reviewed “regularly”, but how often is “regularly”?


The two-year risk assessment review frequency, previously outlined by the HSE, was removed from guidance in 2013 which meant the process for reviewing Legionella risk assessments needed to be re-established. There are now six criteria within the HSE's 'HSG274 Part 2' which detail 'changes' that could impact the validity of the current risk assessment and therefore creates a need to develop a new risk assessment.

The six criteria are as follows:

  • A case of Legionnaires’ disease/Legionellosis associated with the system;
  • A change to the use of the building;
  • A change to the water system or its use;
  • Changes to key personnel;
  • New information about risks or control measures;
  • The results of checks indicate that control measures are no longer effective.


Risk Assessment papers with a yellow hardhatBy maintaining a schedule of water systems and when they were last risk assessed enables you to cross-reference against the review criteria above. This will help indicate whether a particular risk system requires a review or new risk assessment (See our Risk Assessment Review Tool here). This risk review tool can be easily updated and reviewed regularly, or at each *Water Safety Group meeting (see below definition). The frequency of review is determined by each organisation, this could be as frequently as monthly or as part of your quarterly or six-monthly Water Safety Group meetings. Where a reassessment has not been triggered by the above criteria, there should be a policy of planned reassessments.


*BS8680:2020 defines a Water Safety Group as “multidisciplinary group of people formed to undertake the commissioning, development and ongoing implementation and management of the water safety plan (WSP) with the skills and responsibility for ensuring that the water is safe at the point of use for all uses and all users of water within buildings”


Suitable and Sufficient

To explain what is meant by “suitable and sufficient”, the Legionella risk assessment content should reflect the complexity of the water system in question. Put simply, the more water systems there are and the more complex they are, the bigger and more detailed the risk assessment is likely to be. No matter the size and complexity of the risk system being assessed, the HSE have stated what the risk assessment should show:


  • a proper check was made
  • you asked who might be affected
  • you dealt with all the obvious significant risks, taking into account the number of people who could be involved
  • the precautions are reasonable, and the remaining risk is low
  • you involved your workers or their representatives in the process

So the level of detail in a risk assessment should be proportionate to the risk. In Legionella terms, a simple water system requires a simple risk assessment, that will recommend simple control measures. There is no reason why a simple water system, such as those found in domestic dwellings should have a long complex Legionella risk assessment.


This is also true regarding the competence of the risk assessor. BS 8580-1:2019 states that the risk assessor should provide evidence that they have undertaken the necessary training appropriate to the type and complexity of the water system they are assessing. All risk assessors should have some form of relevant Legionella training, even to assess the most basic of water systems.


For more complex systems such as cooling towers, or more complex buildings such as hospitals, increased knowledge is required. Training courses such as those supplied by ILM (Institute of Leadership Management) or the Water Management Society should be evidenced, also ongoing relevant competence evidence such as those required as part of the Legionella Control Association or the United Kingdom Accreditation Service (ISO 17020:2012 standard) registration, should be considered.


Proportional management of Legionella risk is important throughout the control regime, employing a suitable risk assessor to deliver a suitable risk assessment is vital because identifying the risks and implementing the subsequent control measures are the primary fundamentals in overall Legionella management. Don’t fall at the first hurdle.


Key Points

To summarise Legionella risk assessment and the associated compliance, here are some key points to take away;

  1. Legionella risk assessments are a requirement of regulations and guidance;
  2. Guidance details what needs to be assessed but doesn’t tell you how;
  3. BS8580-1:2019 details the approach for undertaking a Legionella risk assessment;
  4. A Legionella risk assessment should reflect the building and water systems assessed;
  5. A Legionella risk assessors’ competence should reflect the building and water systems assessed;
  6. A Legionella risk assessment is an ongoing process which should be continually reviewed and updated as and when there are changes;
  7. A Legionella risk assessment is critical to the preparation of the control scheme, so keep it suitable, keep it accurate and keep it up to date.


If you have questions regarding the issues raised above or you would like to speak with one of our consultants, please click here to get in touch.

Editor’s Note: The information provided in this blog is correct at date of original publication – October 2021.

© Water Hygiene Centre 2021


New Call-to-action


About the author

Charlie Brain

Charlie started the Water Hygiene Centre as a trainee risk assessor back in 2010, since then he has developed professionally from risk assessor, project manager and is now a Senior Consultant. During this time he has taken ownership of our risk assessment method and development of our bespoke reporting platform and has been key in our UKAS accreditation to 17020.

Share your thoughts