If you’re here because you’re looking for guidance on creating a water safety compliance plan, the steps below are designed for social housing teams that juggle multiple buildings, access challenges, and contractor delivery. The aim is not a perfect document. It’s a plan that can be followed, audited, and improved.
Key takeaways
- Start with clear ownership: the dutyholder, the responsible person, and the competence requirements.
- Your plan should be built around the system and the risk assessment, then translated into a written control scheme with named tasks.
- Records matter because they show what was done, when, by whom, and what actions followed. The HSE even provides sample recording sheets you can adapt.
- Review the plan when things change, not on an arbitrary calendar. System alterations and resident profile changes are explicit triggers.
Step 1: Name the dutyholder and the responsible person
Write down who is legally and operationally in charge. In housing, this is often the organisation (dutyholder) with a named responsible person managing the control scheme day-to-day. HSE’s L8 is clear that duties sit with those in control of premises and require competent management arrangements.
Add two practical details – who covers absence, and what “competent” means in your organisation (training, experience, or external specialist support).
Step 2: Define the scope and describe each water system
A plan needs boundaries. List what’s included (communal plant, stored cold water, TMVs, tanks, distribution pipework, outlets, etc.) and what’s not.
Then describe each building’s system in plain language. A simple schematic is enough if it shows:
- incoming supply and any storage,
- hot water generation,
- recirculation loops,
- sentinel outlets and high-risk outlets (for example, showers),
- known low-use areas.
There is guidance on hot and cold water systems that explicitly covers residential accommodation and housing associations, and points back to the core duty to assess and control risk.
Step 3: Complete (or refresh) the Legionella risk assessment
Your compliance plan should reference a current risk assessment for each system, and state when it was last reviewed.
Avoid a “review every X months” rule that nobody believes in. Inspections are not proactive in domestic settings, but if something goes wrong, you may need to demonstrate that you assessed and controlled the risk.
Build review triggers into the plan, such as:
- changes to the water system (new plant, extensions, reconfiguration),
- change in resident population or vulnerability,
- repeated failures or recurring issues.
Step 4: Set the control measures you rely on
This is where your plan moves from “risk on paper” to “risk controlled”.
Typical controls for hot and cold water systems include temperature management, reducing stagnation, inspection and cleaning of assets, and maintenance of key components. Read the HSE HSG274 technical guidance to understand what good control looks like and how to run it in practice.
Be explicit about where your controls differ by building type. A high-rise with complex plant and long runs will not behave like a small block with direct mains.
Step 5: Turn controls into a written scheme with tasks, limits, and actions
This is the heart of the plan.
For each building (or group of identical buildings), list tasks with:
- frequency (weekly, monthly, quarterly, annually),
- who completes it (in-house, contractor, specialist),
- method (what exactly gets checked),
- acceptance criteria (what counts as a pass),
- actions on failure (immediate action, escalation, timescales, retest).
If you want a clean starting point, adapt the HSE sample recording sheets rather than building from scratch.
One useful reality check: sampling is often overused as a substitute for control. Microbiological monitoring is not usually required for domestic hot and cold systems, and is only needed in specific circumstances. You can find further details in Part 2 of this technical guidance document.
Step 6: Build access, contractor control, and escalation into the plan
Housing compliance lives or dies on access and follow-through.
Your plan should state:
- what can be checked in communal areas without resident access,
- how you plan checks that require access (and how many attempts you make),
- escalation routes for persistent no-access,
- how contractor competence is assessed and kept current.
You can use mandatory visits, such as gas safety checks or routine maintenance visits, to carry out appropriate inspections where access is difficult.
Step 7: Set record-keeping standards that stand up to audit
Write down what records you keep, where they live, and how long you retain them.
At a minimum, your evidence pack should usually include:
- risk assessments and review notes,
- the written scheme of control,
- monitoring and inspection logs,
- maintenance and remedial records,
- certificates and lab results.
Record keeping is a core expectation within the government’s framework for controlling Legionella risk.
If you want to see what “audit-ready” looks like across a portfolio using technology, True Compliance’s water quality compliance page is a useful place to start.
Step 8: Verify, review, and improve
Monitoring tells you tasks happened. Verification tells you the approach is working.
You should set a routine for:
- spot checks on completed logs and actions,
- trend reviews (repeat fails, repeat no-access, recurring plant issues),
- periodic audits.
The wider water sector frames this as an end-to-end risk assessment and risk management approach, from “source to consumer”. The same logic applies within buildings: from the incoming supply to the outlet.
If you want a practical template mindset for risk tables, monitoring, and management procedures, the WHO Water Safety Plan Manual is a great reference to use.
Ultimately, a good plan reads like it was written for real buildings. Named people, clear tasks, sensible triggers, and records you can pull in minutes.
If yours still feels abstract, tighten the scheme of control first. Everything else falls into place once the tasks and actions are clear.
