The organization shall establish, document, implement

and maintain a biorisk management system in

accordance with the requirements of this laboratory
biorisk management standard.
The priority should be on protecting employees, their
community and environment from accidental or
unauthorized intentional release of biological materials
from the facility. The level of detail and complexity of
the biorisk management system, the extent of
documentation and the resources devoted to it will be
dependent on the nature (size, structure, complexity) of
an organization and its activities.
 Based on a documented agent-based biorisk
assessment that includes laboratory biosecurity
considerations, laboratories containing VBM
should develop systems and controls to provide
the required degree of assurance that biosafety
and laboratory biosecurity risks are
appropriately managed, and that the
consequences of release of any VBM from the
laboratory are appropriately minimized.
1-Reducing the risk of unintentional exposure to
pathogens and toxins or their accidental release
(biosafety), and reducing the risk of unauthorized
access, loss, theft, misuse, diversion or intentional
release of VBM to tolerable, acceptable levels
(laboratory biosecurity);
2. Providing assurance, internally and externally
(facility, local area, government, global community,
etc.), that suitable measures have been adopted and
effectively implemented;
3. Providing a framework for continuous awareness-
raising for biosafety, laboratory biosecurity and
ethical code of conduct, and training within the
facility.
 This approach allows countries and facility managers
to define and choose appropriate systems and
controls to ensure that the biorisk management
goals that have been identified are reached. It allows
institutions to adapt their laboratory biosecurity
plans to their particular situation.
The roles and responsibilities of personnel who perform
and verify work affecting biorisk management should be
defined and documented, particularly for people who need
the organizational freedom and authority to do one of the
following:
a)Initiate action to prevent or reduce the adverse effects of
risk;
b) Control further treatment of risks until the level of risk
becomes acceptable;
c) Identify and record any problems relating to the
management of risks;
d) Initiate, recommend, or provide solutions through
designated channels; or
e) Communicate and consult internally and externally as
appropriate.
• There are many defined methodologies and
approaches available for conducting risk
assessments, and the approach taken will vary
depending upon the nature of the situation and
the level of detail required. One framework
which organizations may consider adopting is
outlined in Figure 1 below:
 Risk assessment
The risk assessment should include, but should not be limited to the following
elements:

1. properties of organisms, including availability of treatment, vaccines, or

prophylaxis;

2. laboratory procedures, work structure, equipment, facilities (i.e.:

biocontainment/biosafety level) and controls;

3. personnel health status, qualifications, training, and human factors (e.g.

behaviour, reliability, errors);

4. environmental conditions, including endemic pathogens, and external

threats; or

5. legislation, rules, and requirements where appropriate.

The risk assessment should categorize and prioritise risks to
identify those which need to be eliminated or controlled.
Risk is a function of the likelihood and consequences of an
adverse event.
Descriptions of likelihood and consequence, together with
the acceptability of risk levels should be defined and used in
the assessment.
Likelihood is the probability of an adverse event occurring.
Consequence is the severity of the incident. Adverse events
can include accidental exposure, loss, theft, misuse, or
intentional unauthorized release of biological materials or
related information. The likelihood and consequences of
each potential adverse event should be evaluated, and the
criteria used to define likelihood and consequences should
be clear, consistent, and documented.
• Management should develop a strategy to determine the
risks at the facility, and to implement the controls
necessary to reduce the risks to acceptable levels. It is the
responsibility of the management of the organization to
ensure that the level of risk is acceptable.

Risk management may include, but is not limited to, the following:

 management commitment;

 results of the risk assessments;

 identification of institutional level of risk tolerance;

 results of internal and external monitoring and evaluations; and

 implementation of mitigating measures.

 Risk mitigation strategies should consider the "hierarchy of
control" as follows:
1. Elimination of the work producing the hazard always should be considered
first. If the hazard cannot be
2. Eliminated completely, the next control measures may be applied to prevent
or minimize exposure to the risk. It generally is a combination of these;
3. Substitution with an alternative organism / activity. It involves changing the
agent or hazardous material, process, or equipment for one that is less
hazardous. Reduction of quantity and / or frequency may also be an option;
4. use of engineering controls for isolation of the hazard from the employee /
staff or to secure materials;
5. administrative controls include SOPs, training, supervision, and time
limitations on the execution of the task for all staff who work within or
support laboratory operations; and
6. reliance on personal protective equipment (PPE). PPE should be used
when the risk cannot be adequately controlled by a combination of the
above methods.

Specific control measures should be regularly tested and

maintained to ensure continuous performance. In addition, the
entire risk management process should be regularly monitored
and reviewed to ensure that it continues to achieve the goals of
reducing risks to acceptable levels. Documentation should
include the monitoring and review procedures of the entire risk
management system, including the names of those responsible
for these tasks.