Who Can Carry out a Legionella Risk Assessment?

On paper, almost anyone could attempt a Legionella risk assessment. In practice, UK law requires competence, relevant experience and a thorough understanding of water systems and the applicable standards. The difference between a template report and a technically robust assessment is the difference between controlled risk and unmanaged exposure. So, who can carry out a legionella risk assessment, and who should?

What the law expects from duty holders

Under the Health and Safety at Work Act 1974 and the Control of Substances Hazardous to Health Regulations, organisations that operate water systems must control the risk from Legionella bacteria. HSE’s ACOP L8 sets out practical duties. These include identifying and assessing sources of risk, preparing a scheme to prevent or control the risk, implementing and monitoring precautions, keeping records and appointing someone responsible. HSG274 provides the detailed technical guidance that duty holders and their appointees rely on.

Competence is not a box to tick

Competence is more than a short training course. BS 8580-1 describes the expected competence of those who conduct Legionella risk assessments. Assessors should understand building water systems, water treatment, microbiology and the legal context, and must be able to translate findings into site-specific, defensible recommendations. BS 8580-1 is a code of practice that defines what a suitable and sufficient assessment should look like.

Why professional assessors are often essential

In very small, simple systems managed by a knowledgeable team, elements of Legionella control may be handled in-house. But once systems become more complex, span multiple buildings or serve vulnerable users, the risk of critical omissions increases. If an outbreak or enforcement action occurs, HSE will scrutinise not only whether a risk assessment exists, but also whether it is suitable, sufficient and carried out by a competent person in line with ACOP L8, HSG274 and BS 8580-1.

This is where professional assessors add value. Reputable Legionella risk assessment companies bring demonstrable competence aligned to BS 8580-1, independent laboratory support through UKAS-accredited facilities, and detailed reporting that translates findings into a workable scheme of control. These elements turn a statutory duty into an actionable compliance strategy.

Accreditation and why it matters

There is no statutory licence specific to Legionella risk assessments, but credible markers do exist. Membership of the Legionella Control Association requires companies to work to the LCA Code of Conduct and to maintain auditable management systems. Clients can verify providers through the LCA. In parallel, UKAS publishes guidance for accrediting bodies that undertake Legionella risk assessment activities, which helps buyers understand what robust quality assurance looks like.

How to choose the right provider

Use this commissioning checklist when selecting from Legionella risk assessment companies or searching for Legionella risk assessment companies near you.

• Evidence of competence and training that align with BS 8580-1, demonstrated through qualifications and project history

• A defined scope covering asset identification, schematic review, temperature control, stagnation risks, materials of construction and management arrangements

• Use of UKAS-accredited laboratories for any sampling, following BS 7592 where applicable

• A site-specific written scheme of control with responsibilities, monitoring frequencies and escalation procedures, not a generic schedule

• An audit trail that stands up to external inspection, ideally supported by digital record keeping for actions, temperatures and flushing

• Independence from major remedial incentives where possible, or a clear separation between assessment and follow-on works

Red flags inside a risk assessment report

• Copy-paste text that does not reflect your actual assets or building layout

• Recommendations that misquote standards or fail to reference ACOP L8, HSG274 or BS 8580-1

• No prioritisation or timescales, making it impossible for responsible persons to manage risks effectively

• Sampling undertaken without reference to UKAS accreditation or recognised proficiency schemes

The role of digital compliance

Strong outcomes depend on both a robust assessment and reliable follow-up. Digital platforms such as ZetaSafe centralise monitoring, record keeping and reporting, giving duty holders instant visibility of temperatures, flushing, sampling and corrective actions. This audit-ready trail supports inspections and reduces the risk of compliance gaps between annual assessments.

So, who can carry out a legionella risk assessment?

Legally, the duty holder must ensure an assessment is completed. It should be undertaken by competent professionals who can demonstrate knowledge of ACOP L8, HSG274 and BS 8580-1, supported by UKAS-accredited laboratories when sampling is required, and by systems that turn findings into action. That is how organisations move beyond paperwork to effective and sustainable control of risk.

Speak to an expert in smart compliance today!

Whether you’re looking for expert advice, want to discuss a project, or need support with compliance and risk management, our team is here to help.