To be effective, infection prevention and control must be integrated into the complex and multiple interlinking systems within a hospital's management structure. Each of the systems must consider how activity associated with it can be optimised to minimise infection risk to patients. The components of an organisational structure to achieve these quality assurance and patient safety aims are discussed. The use of performance management tools in relation to infection control metrics is reviewed, and the use of hospital-acquired infection as a proxy indicator for deficiencies of system management is considered. Infection prevention and control cannot be the role and responsibility of a single individual or a small dedicated team; rather it should be a priority at all levels and integrated within all management systems, including the research and educational agendas.