LESSON 7
Identified risks can be either mitigated, avoided,
BIORISK MANAGEMENT AND THE AMP MODEL
In working with infectious agents and toxins in laboratories,
one must consider the practices and procedures on
biocontainment to ensure biosafety and biosecurity. Proper
management is necessary to carry out total safety of
laboratory workers and patients.
BIORISK
Biorisk is the risk associated to biological toxins or infectious
agents. The source of may be unintentional exposure to
unauthorized access, accidental release or loss, theft, misuse,
diversion, or intentional unauthorized release of biohazards.
The risk associated with biological materials in the laboratory
has a safety and a security component.
Biorisk encompasses risks from the biosafety and laboratory
biosecurity perspective, associated with biological materials.(
CWA15793 document)
BIORISK MANAGEMENT
Biorisk management is the integration of biosafety and
biosecurity to manage risks when working with biological
toxins and infectious agents (CWA 15793 Laboratory Biorisk
Management Standard).
Biorisk Management (BRM) is "a system or process to control
safety and security risks associated with the handling,
storage, and disposal of biological agents and toxins in
laboratories and facilities." CEN Workshop Agreement (CWA)
15793:2011
AMP model
BRM encompasses the identification, understanding, and
management aspects of a system in interrelated processes. It
is divided into three primary components:
(A) assessment
(M) mitigation
(P) performance
These components are collectively captured by what is called
the AMP model (World Health Organization, 2010).
The model requires that control measures be a
based on a robust risk assessment, and a continuous
evaluation of effectiveness and suitability of the control
measures.
limited, transferred to an outside entity, or accepted.
Like a three-legged stool, a biorisk management system fails
if one of the components, or legs, is overlooked or is not
addressed. In contrast to other risk management models,
which typically focus heavily on mitigation measures, AMP
focuses on all components with equal attention.
Assessment
Process of identifying the hazards and evaluating the
risks associated with biological agents and toxins, taking into
account the adequacy of any existing controls, and deciding
whether or not the risks are acceptable
Risk Evaluation
Crucial intermediary step between Risk
Characterization and taking active steps towards mitigating
risk.
Process of determining, subjectively, whether a risk
is high or low, and whether it's acceptable or not
KEY COMPONENTS OF BRM
How can we define risk, likelihood, and consequences?
 Risk is the likelihood of an event with a hazard (or a
hazard and threat) that has consequences
 Likelihood is the probability an event occurring
 Consequences is the severity of an event
Likelihood - factors that affect whether or not the incident
happens.
For biosafety, likelihood is defined by the likelihood
of infection and exposure via an infectious route of a
biological agent.
For biosecurity, likelihood is defined as the likelihood
of theft of a biological agent and the severity of the
consequence of an attack with that agent.
Consequences - factors that affect the severity of the
incident.

Consequences are defined as the consequences of

disease to the at risk population. The populations of concern
include persons in and around the laboratory, the human
population outside the laboratory, and the animal community
outside the laboratory.

RISK ASSESSMENT FRAMEWORK

In performing risk assessment, a structured and repeatable process

KEY COMPONENTS OF BIORISK MANAGEMENT
Risk Assessment
The initial step in implementing a biorisk management process relies
on risk assessment characterization of risks that are possibly which
includes the identification of hazards and present in the laboratory.
Hazard
- refers to anything in the environment that has the potential
defined as the possibility that something bad or to cause harm
while risk is generally defined as the unpleasant (such as an
injury or loss) will happen.
- In order for a risk to occur, there must be a situation for the
hazard to cause harm (ISO/IEC Guide 51:1997).
- For example, a sharp needle is a hazard, but if no one is using it,
the needle will not pose any risks.
- More specifically, risk is the likelihood that an adverse event
involving a specific hazard or threat will occur followed by the
consequences of that occurrence.
What is Hazard?
 Hazard is a source or object that can cause harm
 Hazard is not a risk without a specific environment or situation
is followed. It consists of the following steps:
1. Define the situation - the risk assessment team must identify the
hazards and risks of the biological agents to be handled. Next, at-risk
hosts, who could be humans or animals inside and outside the
laboratory, must be identified. The work activities and laboratory
environment including location, procedures, and equipment should
also be defined.
2. Define the risks - defining the risks must include a review of how
individuals inside and outside the laboratory may be exposed to the
hazards. It could either be through droplets, inhalation, ingestion, or
inoculation in case a biological agent has been identified as the
hazard.
3. Characterize the risks- to characterize the overall biosafety risks,
the risk assessment team needs to compare the likelihood and the
consequences of infection-either qualitatively or quantitatively.
4. Determine if risks are acceptable or not - this process of
evaluating the biorisk arising from a biohazard takes into account
the adequacy of any existing controls and deciding whether or not
the biorisk is acceptable.

What is the difference between a hazard and a threat?

 A hazard is a source or object that can cause harm.
RISK GRAPH
“Hazard is for biosafety”
 In security terms, a threat is associated with a person who has
intent to cause harm to other people, animals, or the institution
“Threat is for biosecurity”
 A risk can be based on either a hazard, or a hazard and a
threat.

HAZARD AND RISK

1.Example:
You are in an open field next to a very hungry , aggressive, adult
tiger. The tiger is unrestrained and sees you as food.
Risk: Injury or death
Likehood: Very High
Consequences: Very High
 MITIGATION PROCEDURES
2.Example: Mitigation Procedures
You are in the zoo, observing a caged adult tiger, which is well fed, The second fundamental component of the biorisk management
and has a mild temperament. model is mitigation.
Likehood: Very low
Consequences: Very low Biorisk mitigation measures are actions and control measures that
are put into place to reduce or eliminate the risks associated with
3.Example: biological agents and toxins (Salerno, 2015).
You are holding a tiger cub with a playful temperament in you arms. MITIGATION CONTROL MEASURES
Likehood: Very High There are five major areas of control or measures that can be
Consequences: Very low employed in mitigating the risks.

LIKELIHOOD
Level Descriptor Likelihood Description

1 Rare almost impossible to occur

2 Unlikely not very possible to occur

3 Possible Might occur

4 Likely Very possible to occur

5 Almost Certain Highly probable to occur

1. Elimination
CONSEQUENCE  the most difficult and most effective control measure,
Level Descriptor Likelihood Description involves the total decision not to work with a specific
biological agent or even not doing the intended work.
1 Negligible Trivial incident or near miss  elimination provides the highest degree of risk reduction.
requiring reporting and follow EXAMPLE: Removing the hazard, not working with the agent
up
2 Minor Incident with self-limiting 2. Substitution
consequences  the second control measure, is the replacement of the
3 Moderate Incident that requires medical
procedures or biological agent with a similar entity in
treatment and/or has
insignificant] environmental
order to reduce the risks.
consequences  For example, a laboratory conducting research with the
4 Major Incident with potential lost pathogen Bacillus anthracis, responsible for causing the
time due to infection but non- acute fatal disease anthrax, could potentially substitute a
permanent consequence less dangerous experimental surrogate, such as the
and/or limited environmental Bacillus thuringiensis, an organism most commonly used
impact in biological pesticides worldwide.
5 Severe Potential fatality or serious EXAMPLE: replacing the hazard with something less
illness with permanent dangerous
disability and/or serious
3. Engineering controls
environmental impact
 The third control measure, setting of engineering
controls, includes physical changes in workstations,
equipment, production facilities, or any other relevant
aspect of the work environment that can reduce or
prevent exposure to hazards.
 Examples are installation of biosafety cabinets, safety
equipment (centrifuge with cover, autoclave, and
machines with indicators), facility design enabling proper
airflow, ventilation system to ensure directional airflow,
and air treatment systems to decontaminate or remove
agents from exhaust air, controlled access zones, airlocks
as laboratory entrances, or separate buildings or modules
to isolate the laboratory.
Mitigation
Actions and control measures that are put into place 4. Administrative controls
to reduce or eliminate the risks associated with biological  The fourth measure, the setting of administrative
agents and toxins controls, refers to the policies, standards, and guidelines
 used to control risks. Proficiency and competency
training for laboratory staff is considered an
administrative control.
 The displaying of biohazard or warning signages,
markings, and labels, controlling visitor and worker
access, and documenting written standard operating
procedures are some examples.
Practices and procedures
 Practices and procedures of administrative controls
comprise minimizing splashes, sprays, and aerosols to
avoid laboratory-acquired infections or following
standard operating procedures (SOPS).
 Processes and activities that have been shown in practice
to be effective in reducing risks
5. Personal protective equipment (PPE)
 The last mitigation control measure is the use of personal
protective equipment (PPE).
 These are devices worn by workers to protect them
against chemicals, toxins, and pathogenic hazards in the
laboratory.
 Gloves, gowns, and respirators are all examples of PPE.
 PPE is considered the least effective measure because it
only protects the person who is wearing it, and only
when it is used correctly.
As emphasized by Salerno (2015), not one of the mitigation
controls or measures is completely effective at controlling or
reducing all risks. The effectivity of mitigating risks relies on
the combination of all the different measures and the proper
utilization of each. It must be ensured that following the
measures would not be overdone because undoing particular
measures are definitely costly.
HIERARCHY OF CONTROLS
The concept of a hierarchy of controls describes the order of
effectiveness (from most effective to least effective) of
mitigation measures and implies that this order should be
taken into account when selecting and implementing controls
to reduce risks.
Control methods at the top of the list are, in general, more
effective and protective than those at the bottom.
Advantages and Disadvantages
Performance
 Performance is the way in which someone or something
functions.
 Performance is the ultimate result of all the efforts of a
company or organization
 Performance improves biorisk management: you know
that your system works and is sustainable, and that the
risk is acceptable
 The implementation of the entire biorisk management
system, including evaluating and ensuring that the
system is working the way It was designed.
 Another aspect of performance is the process of
continually improving the system.
In what way does performance improve biorisk
management?
You know that your system works and is sustainable,
and that the risk is acceptable.
PERFORMANCE EVALUATION
The last pillar of the biorisk management model is
performance evaluation that involves systematic process
intended to achieve organizational objectives and goals.
 The model It ensures that the implemented mitigation
measures are indeed reducing or eliminating risks. It also
helps to highlight biorisk strategies that are not working
effectively and measures that are ineffective or
unnecessary.
 These can be eliminated or replaced.
Performance management is simply a reevaluation of the
overall mitigation strategy. The diagram below shows the
specitic procedures in conducting performance evaluation,
The result of a robust risk assessment must be properly recorded,
documented, and communicated to all stakeholders of the
organization. Only through this final process that findings could be
decided upon, given appropriate action, to be able to provide and
establish a clear manifestation of implementing the fundamental
concept of biosafety and biosecurity in the laboratory.

KEY POINTS

 Biorisk Management (BRM) is an integral part in the

implementation of the concept of biosafety and biosecurity in a
laboratory. It involves the process of assessment, mitigation,
and performance evaluation.
 The AMP model illustrates the balanced role among the
components of BRM.
 A robust risk assessment is the heart of BRM. It ensures safety
and security of the people working in the laboratory as well as
all the stakeholders in an organization.
 The different mitigation procedures to be employed depend on
the result of a robust risk assessment. It is recommended not to
overdo or underdo the measures.
 Performance evaluation is not a linear process, rather, it is a
continuous process to monitor the implementation of existing
biosafety procedures and practices. It provides direction for
decision-makers to be able to come up with reasonable and
justifiable biosafety guidelines.
 Most importantly, communicating BRM among the members of
the organization, especially to the top management paves the
way for interactive transmission and exchange of information
and opinions throughout the analysis process about risk, risk-
related factors, and risk perceptions among risk managers, risk
communicators, the general public, and other impacted parties.