The organization shall establish, document, implement
and maintain a biorisk management system in
accordance with the requirements of this laboratory biorisk management standard. The priority should be on protecting employees, their community and environment from accidental or unauthorized intentional release of biological materials from the facility. The level of detail and complexity of the biorisk management system, the extent of documentation and the resources devoted to it will be dependent on the nature (size, structure, complexity) of an organization and its activities. Based on a documented agent-based biorisk assessment that includes laboratory biosecurity considerations, laboratories containing VBM should develop systems and controls to provide the required degree of assurance that biosafety and laboratory biosecurity risks are appropriately managed, and that the consequences of release of any VBM from the laboratory are appropriately minimized. 1-Reducing the risk of unintentional exposure to pathogens and toxins or their accidental release (biosafety), and reducing the risk of unauthorized access, loss, theft, misuse, diversion or intentional release of VBM to tolerable, acceptable levels (laboratory biosecurity); 2. Providing assurance, internally and externally (facility, local area, government, global community, etc.), that suitable measures have been adopted and effectively implemented; 3. Providing a framework for continuous awareness- raising for biosafety, laboratory biosecurity and ethical code of conduct, and training within the facility. This approach allows countries and facility managers to define and choose appropriate systems and controls to ensure that the biorisk management goals that have been identified are reached. It allows institutions to adapt their laboratory biosecurity plans to their particular situation. The roles and responsibilities of personnel who perform and verify work affecting biorisk management should be defined and documented, particularly for people who need the organizational freedom and authority to do one of the following: a)Initiate action to prevent or reduce the adverse effects of risk; b) Control further treatment of risks until the level of risk becomes acceptable; c) Identify and record any problems relating to the management of risks; d) Initiate, recommend, or provide solutions through designated channels; or e) Communicate and consult internally and externally as appropriate. • There are many defined methodologies and approaches available for conducting risk assessments, and the approach taken will vary depending upon the nature of the situation and the level of detail required. One framework which organizations may consider adopting is outlined in Figure 1 below: Risk assessment The risk assessment should include, but should not be limited to the following elements:
1. properties of organisms, including availability of treatment, vaccines, or
prophylaxis;
2. laboratory procedures, work structure, equipment, facilities (i.e.:
biocontainment/biosafety level) and controls;
3. personnel health status, qualifications, training, and human factors (e.g.
behaviour, reliability, errors);
4. environmental conditions, including endemic pathogens, and external
threats; or
5. legislation, rules, and requirements where appropriate.
The risk assessment should categorize and prioritise risks to identify those which need to be eliminated or controlled. Risk is a function of the likelihood and consequences of an adverse event. Descriptions of likelihood and consequence, together with the acceptability of risk levels should be defined and used in the assessment. Likelihood is the probability of an adverse event occurring. Consequence is the severity of the incident. Adverse events can include accidental exposure, loss, theft, misuse, or intentional unauthorized release of biological materials or related information. The likelihood and consequences of each potential adverse event should be evaluated, and the criteria used to define likelihood and consequences should be clear, consistent, and documented. • Management should develop a strategy to determine the risks at the facility, and to implement the controls necessary to reduce the risks to acceptable levels. It is the responsibility of the management of the organization to ensure that the level of risk is acceptable.
Risk management may include, but is not limited to, the following:
management commitment;
results of the risk assessments;
identification of institutional level of risk tolerance;
results of internal and external monitoring and evaluations; and
implementation of mitigating measures.
Risk mitigation strategies should consider the "hierarchy of control" as follows: 1. Elimination of the work producing the hazard always should be considered first. If the hazard cannot be 2. Eliminated completely, the next control measures may be applied to prevent or minimize exposure to the risk. It generally is a combination of these; 3. Substitution with an alternative organism / activity. It involves changing the agent or hazardous material, process, or equipment for one that is less hazardous. Reduction of quantity and / or frequency may also be an option; 4. use of engineering controls for isolation of the hazard from the employee / staff or to secure materials; 5. administrative controls include SOPs, training, supervision, and time limitations on the execution of the task for all staff who work within or support laboratory operations; and 6. reliance on personal protective equipment (PPE). PPE should be used when the risk cannot be adequately controlled by a combination of the above methods.
Specific control measures should be regularly tested and
maintained to ensure continuous performance. In addition, the entire risk management process should be regularly monitored and reviewed to ensure that it continues to achieve the goals of reducing risks to acceptable levels. Documentation should include the monitoring and review procedures of the entire risk management system, including the names of those responsible for these tasks.