Water hygiene risk register entries: a compliance guide
- 2 days ago
- 9 min read
A water hygiene risk register entry is the documented record of a specific water system hazard, the controls in place to manage it, and the monitoring evidence that proves those controls are working. For facilities managers and compliance officers, understanding what a risk register water hygiene entry must contain is not optional. It is the foundation of your legal defence under ACOP L8, the Health and Safety Executive’s approved code of practice for controlling Legionella bacteria in water systems. Whether you manage a commercial office block or a hospital ward, every water system hazard you identify must be traceable from assessment through to active control.
What is a risk register water hygiene entry?
A risk register water hygiene entry is a structured record that links a named hazard in your water system to the specific controls, monitoring tasks, and outcomes that demonstrate it is being managed. The industry term most commonly used alongside this concept is the water hygiene log book, which serves as the operational home for all individual entries. Together, these records form the evidence chain that inspectors from the Health and Safety Executive or local authority environmental health teams will examine during an audit.
Typical entries include temperature monitoring results, flushing records, cleaning certificates, microbiological sampling results, and any remedial actions taken following out-of-range findings. Each entry is not a standalone note. It is a piece of a larger compliance picture that connects your written risk assessment to your day-to-day operational activity.
The legal requirement to maintain these records flows directly from ACOP L8, which places a duty on building owners, employers, and those with control of premises to manage water hygiene risks systematically. In healthcare settings, NHS England’s HTM 04-01 adds a further layer of expectation, requiring more detailed documentation and longer retention periods. If you manage premises in either sector, the quality of your risk register entries is the clearest signal of your compliance maturity.
What does a water hygiene risk register entry contain?
A well-constructed entry covers six core data fields: the hazard description, the location within the water system, the risk rating, the control measures assigned, the monitoring schedule, and the recorded outcome of each monitoring event. Missing any one of these fields creates a gap that an inspector will notice immediately.
The most common monitoring data captured within entries includes:
Temperature logs for hot and cold water outlets, with pass or fail status against ACOP L8 thresholds (hot water at 50°C or above at the point of use within one minute, cold water at 20°C or below)
Flushing records for infrequently used outlets, which are a primary Legionella risk factor
Cleaning and disinfection certificates for tanks, cooling towers, and TMVs (thermostatic mixing valves)
Microbiological sampling results, including Legionella culture tests and total viable counts
Remedial actions, documenting what was done, by whom, and when, following any adverse finding
The person responsible for each task must be named, and the date and time of every monitoring event must be recorded. Both electronic and paper records are acceptable under ACOP L8, provided they can be produced promptly and are complete and legible. Large estates increasingly favour electronic systems because they allow trend analysis across multiple sites and reduce the risk of records being lost or damaged.
Pro Tip: Standardise your entry template across all sites from day one. Include fixed fields for location reference, task type, date, operative name, result, and action taken. Consistent formatting cuts audit preparation time significantly and reduces the chance of enforcement action arising from incomplete records.
How does a risk register entry fit into the wider compliance framework?
A single risk register entry does not stand alone. It sits within a three-tier compliance structure: the written risk assessment at the top, the written control scheme in the middle, and the operational monitoring records at the base. Each tier depends on the others to be meaningful.
The written risk assessment, which should be reviewed regularly and updated whenever the system changes, identifies the hazards. The written control scheme translates those hazards into specific tasks and frequencies. The risk register entries are the proof that those tasks are being carried out as specified. Without the entries, the assessment and scheme are just paperwork.
Compliance tier | Purpose | Key document |
Written risk assessment | Identifies hazards and risk levels | Site-specific assessment report |
Written control scheme | Defines tasks, frequencies, and responsibilities | Control programme document |
Operational monitoring records | Evidences active management of each hazard | Risk register entries and log book |
Inspectors treat the log book as the heart of legionella compliance. Their primary question is not whether you have a risk assessment on file. It is whether your control scheme is being actively followed and whether you can prove it. A beautifully written risk assessment paired with incomplete monitoring records will not protect you from enforcement action.
Duty holders must retain records for at least five years under ACOP L8, with healthcare settings requiring longer retention under HTM 04-01. This means your record-keeping system must be designed for longevity, not just day-to-day convenience.
Risk register entries should also be treated as living records. Following the WHO’s water safety planning framework, which covers hazard identification, risk prioritisation, control strengthening, and continuous monitoring, entries must be updated whenever a system change occurs, a new hazard is identified, or a monitoring result triggers a remedial action. A static risk register is a compliance liability.
Pro Tip: Schedule a quarterly review of your risk register entries as a standing agenda item in your compliance meetings. This catches entries that have become outdated due to system modifications, personnel changes, or new equipment, before an inspector does.
What are the special considerations for healthcare and high-risk sectors?
Healthcare premises operate under a higher standard of scrutiny than most commercial buildings, and your risk register entries must reflect that. HTM 04-01 requires that records be designed for long-term traceability and comprehensive evidence management, anticipating more rigorous review and longer data retention obligations than ACOP L8 alone demands.
The reasons are straightforward. Patients, particularly those who are immunocompromised, elderly, or post-surgical, face a significantly higher risk of severe illness or death from Legionella exposure. Managing Legionella risk for immunocompromised patients requires a level of documentation granularity that goes beyond standard commercial practice.
Specific considerations for healthcare risk register entries include:
More frequent sampling schedules, particularly in clinical areas, renal units, and intensive care wards where patient vulnerability is highest
Point-of-use filter records, documenting installation dates, change frequencies, and batch numbers for filters fitted to outlets serving high-risk patient groups
Enhanced TMV servicing records, with full traceability of service dates, operative competence certificates, and test results
Incident and near-miss documentation, capturing any positive Legionella detection, the immediate response taken, and the investigation outcome
Contractor competence evidence, including copies of relevant qualifications and risk assessments for all third-party operatives working on water systems
Healthcare facilities that implement risk register entries from day one with the assumption of longer retention and rigorous evidence management are far better positioned when CQC or NHS Estates inspections occur. Retrofitting a compliant evidence chain after the fact is significantly more time-consuming and carries reputational risk.
Common pitfalls in water hygiene risk register entries and how to avoid them
Even experienced facilities teams make predictable errors in their risk register entries. Recognising these patterns early prevents them from becoming enforcement issues.
Poor linkage between hazards and monitoring tasks. Each hazard identified in your risk assessment must map directly to a specific monitoring task in your control scheme and, in turn, to a specific entry type in your log book. If your risk assessment flags a little-used shower as a Legionella risk but your log book has no flushing record for that outlet, the chain is broken. Linking each hazard to specific monitoring is the single most important structural requirement of an effective risk register.
Inconsistent record formats. When entries are recorded differently across sites, or when a team switches between paper and electronic systems without standardising templates, record-format drift creates retrieval problems during audits. Standardise your data fields across every site and every operative.
Failure to update entries after system changes. A new water heater, a refurbished wing, or a change in building occupancy all affect your risk profile. Entries that do not reflect the current system state are misleading and potentially dangerous.
Treating the risk register, log book, and certificates as separate documents. A compliant record set treats these as a single traceable evidence chain. Your disinfection certificate should reference the relevant risk register entry. Your sampling result should link back to the monitoring schedule in your control scheme. Siloed records slow down audits and obscure the compliance picture.
Delayed entry of monitoring results. Records completed days after the monitoring event are unreliable and raise questions about accuracy. Entries should be made at the time of the task, not retrospectively.
Pro Tip: Use a standardised digital template that includes mandatory fields. If a field cannot be left blank without a deliberate override, operatives are far less likely to submit incomplete records. This single change removes the most common cause of audit failures.
Key takeaways
A water hygiene risk register entry is only as strong as the evidence chain connecting it to your risk assessment, control scheme, and operational monitoring records.
Point | Details |
Definition and legal basis | A risk register entry documents a hazard, its controls, and monitoring outcomes to evidence compliance with ACOP L8. |
Core data fields | Every entry must include hazard description, location, risk rating, control measures, monitoring schedule, and recorded outcome. |
Record retention | ACOP L8 requires a minimum of five years’ retention; healthcare settings under HTM 04-01 require longer. |
Healthcare demands | HTM 04-01 mandates greater documentation granularity, more frequent sampling, and long-term traceability for patient-facing premises. |
Living records | Entries must be updated promptly after system changes, incidents, or new findings to remain accurate and legally defensible. |
Why the log book is where compliance is won or lost
I have reviewed compliance records across commercial and healthcare sites for long enough to know that the risk assessment rarely causes problems during an inspection. What causes problems is the gap between what the assessment says should happen and what the log book proves actually happened.
The most common scenario I encounter is a well-written control scheme sitting alongside a log book full of gaps, unsigned entries, and temperature readings recorded in pencil with no date. That combination tells an inspector everything they need to know about how seriously a site takes its water hygiene obligations.
My strongest recommendation is this: treat your risk register entries as the primary compliance product, not a byproduct of the monitoring task. The monitoring task exists to keep people safe. The entry exists to prove it. Both matter equally. Sites that adopt automated temperature monitoring remove the human error element from the most frequently recorded data point and create a timestamped, tamper-evident record that holds up under any level of scrutiny.
The other shift I advocate strongly is moving away from the idea that compliance is an annual event triggered by a risk assessment review. Your risk register entries are updated weekly, sometimes daily. That cadence is where your compliance culture lives or dies. Train your team, standardise your templates, and review your entries quarterly. The sites that do this never scramble before an inspection.
— Sammi
How Bespokecompliancesolutions supports your water hygiene compliance
Bespokecompliancesolutions works with facilities managers and compliance officers across commercial and healthcare sectors to build and maintain audit-ready water hygiene records from the ground up.
From bespoke Legionella risk assessments that form the foundation of your risk register, to the implementation of a structured logbook system that captures every monitoring entry in a consistent, inspectable format, the team at Bespokecompliancesolutions designs solutions around your specific sites and sectors. Water sampling and analysis, TMV servicing, system disinfection, and ongoing consultancy are all available as part of a fully managed compliance programme. If your current records would not withstand an HSE inspection tomorrow, now is the right time to act.
FAQ
What is a risk register entry in water hygiene?
A risk register water hygiene entry is a structured record documenting a specific water system hazard, the controls assigned to manage it, and the monitoring evidence confirming those controls are effective. It forms part of the operational log book required under ACOP L8.
How long must water hygiene risk register records be kept?
Under ACOP L8, duty holders must retain water hygiene monitoring records for a minimum of five years. Healthcare premises operating under HTM 04-01 are subject to longer retention requirements reflecting the higher regulatory scrutiny applied to patient-facing environments.
What is the difference between a risk assessment and a risk register entry?
The risk assessment identifies hazards and assigns risk ratings across your water system. A risk register entry is the operational record proving that the control measures specified for each hazard are being carried out and monitored on schedule.
Can risk register entries be kept electronically?
Both electronic and paper records are acceptable under ACOP L8, provided they are complete, legible, and can be produced promptly during an inspection. Electronic systems are preferred for large or multi-site estates because they support trend analysis and reduce the risk of lost or damaged records.
What happens if risk register entries are incomplete during an inspection?
Incomplete or missing entries indicate to inspectors that the control scheme is not being actively followed. This can result in enforcement notices, improvement notices, or prosecution under the Health and Safety at Work etc. Act 1974, particularly if a Legionella-related illness is subsequently linked to the premises.
Recommended
Comments