What Does a Legionella Risk Assessment Actually Involve?

Why Legionella Risk Assessments Matter

Legionella bacteria is the cause of Legionnaires' disease, a severe and potentially fatal form of pneumonia. Outbreaks are reported across the world every year, and the fatality rate typically sits between 10 and 30 per cent. The risk is manageable, but only if it is properly understood, assessed, and controlled.

That responsibility falls on the duty holder. Whether you are an employer, a building owner, or someone in control of premises, the law requires you to identify, assess, manage, and control the risk of exposure to Legionella bacteria. A Legionella risk assessment is the foundation of all of that.

If you have never had one carried out, or you are not sure what the process actually involves, this guide walks you through it clearly.

What Is a Legionella Risk Assessment?

A Legionella risk assessment is a systematic evaluation of your water systems to identify whether conditions exist that could encourage the growth and spread of Legionella bacteria. It is not a simple tick-box exercise. A thorough assessment examines the design, condition, operation and management of every relevant water system on site, documents the findings, and sets out a control scheme to manage any risks identified.

The assessment is carried out by a competent person, a requirement of BS8580, which in practice means someone with the technical knowledge, experience, and independence to evaluate your systems objectively and give you reliable recommendations. For most organisations, that means engaging a specialist consultant.

Who Is Legally Required to Have One?

The short answer is: if you control premises with a water system, the law applies to you.

The Health and Safety at Work etc. Act 1974 places a general duty of care on employers and those in control of premises. The Control of Substances Hazardous to Health Regulations 2002 (COSHH) requires employers to assess the risk from biological agents including Legionella. The Approved Code of Practice L8, published by the Health and Safety Executive (HSE), and the accompanying technical guidance HSG274 set out in specific detail how that duty should be met.

Duty holders include employers, building owners, landlords, managing agents, and facilities managers. The obligation applies across commercial offices, industrial facilities, healthcare settings, hotels, care homes, schools, and residential blocks among others. The size of the organisation is not a factor; if there is a water system and people who could be exposed, the duty applies.

Which Water Systems Need to Be Assessed?

Any water system that could create conditions favourable to Legionella growth is within scope. That includes:

• Domestic hot and cold water systems

• Cooling towers and evaporative condensers

• Adiabatic cooling systems

• Showers and spray taps

• Healthcare water systems

• Recreational and leisure water systems, including spa pools and hydrotherapy pools

• Industrial process water systems

• Vehicle wash systems

The assessment will identify all such systems on your site and evaluate each one against the risk factors set out in ACoP L8 and HSG274.

What Does the Assessment Process Involve?

A professional Legionella risk assessment typically follows a structured process:

Site Survey and System Documentation

The assessor will carry out a physical inspection of all relevant water systems and pipework. Schematic drawings will be produced or reviewed, mapping the layout of your systems including flow routes, storage tanks, outlets, and any dead legs or infrequently used points where water can stagnate.

Risk Identification and Rating

Each system is evaluated against the conditions known to promote Legionella growth: water temperatures between 20 and 45 degrees Celsius, the presence of nutrients such as scale, sediment, or corrosion, and any conditions that allow water to stand. Risk ratings are assigned based on the likelihood of bacterial growth and the potential for exposure.

Water Sampling and Laboratory Analysis

Where appropriate, water samples will be taken for laboratory analysis to establish baseline conditions. At ISHEM, all testing is carried out by laboratories accredited to ISO 17025, the international standard for testing and calibration laboratories, which ensures the reliability and accuracy of results.

What Happens After the Assessment?

A Legionella risk assessment is the starting point, not the end point. Once the assessment is complete and the written control scheme is in place, the duty holder is responsible for implementing and maintaining the controls set out within it.

That may include temperature monitoring, regular flushing of infrequently used outlets, cleaning and disinfection programmes, and ongoing water sampling at agreed intervals. Good record-keeping is essential. The HSE expects duty holders to be able to demonstrate, through documented records, that they are actively managing the risk.

Where remediation is required, it is important to note that the recommendations of an independent assessor should be based solely on what is technically appropriate and legally required, with no financial interest in the works themselves. That independence is fundamental to receiving impartial advice you can act on with confidence.

From the assessment, a written control scheme can be created: a documented plan setting out the measures required to manage and control the risks identified. This becomes the operational reference for your ongoing water safety management and forms part of your compliance records.

How Often Should a Legionella Risk Assessment Be Reviewed?

ACoP L8 does not prescribe a fixed review interval, but it does require that the risk assessment is kept up to date. In practice, a review should be triggered by any significant change to your water systems or their use, including:

• Changes to the building layout or water system design

• Changes in building use or occupancy

• A confirmed case of Legionnaires' disease associated with the premises

• Evidence that existing controls are not working effectively

• Changes to the water supply or incoming water quality

As a general principle, many organisations review their assessment every two years as a minimum, but the frequency should reflect the nature and complexity of the systems involved and any changes that have occurred in the interim.

How ISHEM Can Help

ISHEM is an independent, multi-disciplinary consultancy with no financial interest in remediation works or products. That independence is at the core of how we work: when we carry out a Legionella risk assessment, the recommendations you receive are based entirely on your compliance needs, not on what generates additional commercial activity for us.

Our consultants are qualified and experienced across the full range of sectors, including healthcare, industrial, commercial, and residential premises. We provide Legionella risk assessments, written control schemes, water safety plans, compliance assurance reviews, and accredited training courses in both classroom and virtual formats. All laboratory analysis is carried out by ISO 17025-accredited laboratories.

We operate across the UK, Europe, Asia Pacific, and the Americas, supporting organisations of all sizes in meeting their legal obligations.