Lesson 7

Biorisk Management

Biorisk Management and the AMP Model

In working with infectious agents and toxins in laboratories, one must consider the practices and
procedures on biocontainment to ensure biosafety and biosecurity. Proper management is necessary to
carry out total safety of laboratory workers and patients.

Biorisk is the risk associated to biological toxins or infectious agents. The source of risk may be
unintentional exposure to unauthorized access, accidental release or loss, theft, misuse, diversion, or
intentional unauthorized release of biohazards. Biorisk management is the integration of biosafety and
biosecurity to manage risks when working with biological toxins and infectious agents (CWA 15793
Laboratory Biorisk Management Standard).

According to the CEN Workshop Agreement (CWA) 15793:2011, Biorisk Management (BRM) is a system
or process to control safety and security risks associated with the handling or storage and disposal of
biological agents and toxins in laboratories and facilities." BRM encompasses the identification,
understanding, and management aspects of a system in interrelated processes. It is divided into three
primary components: assessment (A), mitigation (M), and performance (P). These components are
collectively captured by what is called the AMP model (World Health Organization, 2010). The model
requires that control measures be based on a robust risk assessment, and a continuous evaluation of
effectiveness and suitability of the control measures. Identified risks can be either mitigated, avoided,
limited, transferred to an outside entity, or accepted.

Like a three-legged stool, a biorisk management system fails if one of the components, or legs, is
overlooked or is not addressed. In contrast to other risk management models, which typically focus
heavily on mitigation measures, AMP focuses on all components with equal attention.
Key Components of Biorisk Management

Risk Assessment
The initial step in implementing a biorisk management process relies on risk assessment which includes
the identification of hazards and characterization of risks that are possibly present in the laboratory.
Hazard refers to anything in the environment that has the potential to cause harm while risk is generally
defined as the possibility that something bad or unpleasant (such as an injury or loss) will happen. In
order for a risk to occur, there must bez situation for the hazard to cause harm (ISO/IEC Guide 51:1999).
For example, a sharp needle is a hazard, but if no one is using it, the needle will not pose any risks. More
specifically, risk is the likelihood that an adverse event involving a specific hazard or threat will occur
followed by the consequences of that occurrence. In performing risk assessment, a structured and
repeatable process is followed. It consists of the following steps:

1. Define the situation – the risk assessment team must identify the hazards and risks of the
biological agents to be handled. Next, at-risk hosts, who could be humans or animals inside and
outside the laboratory, must be identified. The work activities and laboratory environment
including location, procedures, and equipment should also be defined.
2. Define the risks – defining the risks must include a review of how individuals inside and outside
the laboratory may be exposed to the hazards. It could either be through droplets, inhalation,
ingestion, or inoculation in case a biological agent has been identified as the hazard.
3. Characterize the risks – to characterize the overall biosafety risks, the risk assessment team
needs to compare the likelihood and the consequences of infection-either qualitatively or
quantitatively.
4. Determine if risks are acceptable or not – this process of evaluating the biorisk arising from a
biohazard takes into account the adequacy of any existing controls, and deciding whether or not
the biorisk is acceptable.

Mitigation Procedures
The second fundamental component of the biorisk management model is mitigation. Biorisk mitigation
measures are actions and control measures that are put into place to reduce or eliminate the risks
associated with biological agents and toxins (Salerno, 2015). There are five major areas of control or
measures that can be employed in mitigating the risks.
 Hierarchy of Controls

Most Difficult Most Effective

Elimination

Substitution

Engineering Controls

Administrative Controls

PPE
Easiest to Implement Least Effective

Elimination, the most difficult and most effective control measure involves the total decision not to
work with a specific biological agent or even not doing the intended work. Definitely elimination
provides the highest degree of risk reduction. Substitution, the second control measure, is the
replacement of the procedures or biological agent with a similar entity in order to reduce the risks. For
example, a laboratory conducting research with the pathogen Bacillus anthracis, responsible for causing
the acute fatal disease anthrax, could potentially substitute a less dangerous experimental surrogate,
such as the Bacillus thuringiensis, an organism most commonly used in biological pesticides worldwide.
The third control measure, setting of engineering controls, includes physical changes in work stations,
equipment, production facilities, or any other relevant aspect of the work environment that can reduce
or prevent exposure to hazards. Examples are installation of biosafety cabinets, safety equipment
(centrifuge with cover, autoclave, and machines with indicators), facility design enabling proper airflow,
ventilation system to ensure directional airflow, and air treatment systems to decontaminate or remove
agents from exhaust air, controlled access zones, airlocks as laboratory entrances, or separate buildings
or modules to isolate the laboratory. The fourth measure, the setting of administrative controls, refers
to the policies, standards, and guidelines used to control risks. Proficiency and competency training for
laboratory staff is considered an administrative control. The displaying of biohazard or warning
signage’s, markings, and labels, controlling visitor and worker access, and documenting written standard
operating procedures are some examples. Practices and procedures of administrative controls comprise
minimizing splashes, sprays, and aerosols to avoid laboratory-acquired infections or wing standard
operating procedures (SOPs). The last mitigation control measure is the use of personal protective
equipment (PPE). These are devices worn by workers to protect them against chemicals, toxins, and
pathogenic hazards in the laboratory.

Gloves, gowns, and respirators are all examples of PPE. PPE is considered the least eff measure because
it only protects the person who is wearing it, and only when it is used correctly

As emphasized by Salerno (2015), not one of the mitigation controls or measure completely effective at
controlling or reducing all risks. The effectivity of mitigating risks relies on the combination of all the
different measures and the proper utilization of each. It m be ensured that following the measures
would not be overdone because undoing particular measures are definitely costly. The concept of a
hierarchy of controls describes the order or effectiveness (from most effective to least effective) of
mitigation measures and implies that this order should be taken into account when selecting and
implementing controls to reduce risks.

Performance Evaluation
The last pillar of the biorisk management model is performance evaluation that involves a systematic
process intended to achieve organizational objectives and goals. The model ensures that the
implemented mitigation measures are indeed reducing or eliminating risks. It also helps to highlight
biorisk strategies that are not working effectively and measures that are ineffective or unnecessary.
These can be eliminated or replaced. Performance management is simply a reevaluation of the overall
mitigation strategy. The diagram below shows the specific procedures in conducting performance
evaluation.

Identify the Key

Issues of Concern

Evaluate and Refine Define OUTCOMES

Performance Indicators and
Indicators Metrics

Provide Findings Define ACTIVITIES

from Performance Indicators and
Indicators Metrics

Collect Data and

Report Indicator
Results

Performance Evaluation Process

The result of a robust risk assessment must be properly recorded, documented, and communicated to
all stakeholders of the organization. Only through this final process that findings could be decided upon,
given appropriate action, to be able to provide and establish a clear manifestation of implementing the
fundamental concept of biosafety and biosecurity in the laboratory