Biorisk Management

Key points

  • Biorisk management minimizes laboratory risks via assessment, mitigation, and evaluation.
  • CDC uses two main models of biorisk management: the Assessment, Mitigation, and Performance (AMP) model, and the Plan-Do-Control-Act (PDCA) model.

Introduction

What is it?

Biorisk management is a process by which laboratories and facilities combine safety and security to control or minimize risks associated with the handling, storage, and disposal of biological agents and toxins. A biorisk management approach involves two main aspects: biosafety, which focuses on keeping people, animals, and the environment safe from germs and diseases, and biosecurity, which focuses on preventing theft or misuse of dangerous materials. It is a performance-based, holistic risk-management system that emphasizes roles and responsibilities for everyone in an organization.

Why is it needed?

A biorisk management framework is needed because it addresses the assessment and mitigation of risks and ensures the continuous evaluation of control measures. This approach helps organizations enhance safety and security, reducing the number and severity of accidents in laboratories. Organizations are encouraged to adopt a biorisk management system approach when addressing biosafety and biosecurity concerns in their laboratories.

What are the approaches?

Assessment, Mitigation, and Performance (AMP) model approach to biorisk management

This model consists of three critical elements in risk management: assessment (A), mitigation (M), and performance (P), collectively called the AMP model [3, 4]. In this model, the control measure is based on a comprehensive risk assessment, and its performance is continually evaluated.

Assessment of risks

  • Identify hazards and evaluate the risks associated with working in a laboratory.
  • Check the safety measures already in place and decide if the risks are acceptable.
  • Share responsibility between principal investigators, scientists, researchers (or a risk assessment team), security professionals, and biosafety professionals.
  • Perform assessments when there are new tasks or significant changes in how things are done.
  • Regularly review laboratory risks at least once a year.
  • Use the results to choose the proper control measures to reduce risks as needed.

Mitigation strategies

  • Implement control measures to eliminate or reduce the hazard identified during risk assessment.
  • Base measures on robust risk assessments instead of predetermined conditions
  • Eliminate hazards as the most effective control to reduce risk; however, this may not be a feasible option in many cases to perform the intended work.
  • Reduce risk through other control measures, such as:
    • Engineering controls that reduce or prevent exposure to hazards (e.g., biosafety cabinets).
    • Administrative controls, such as policies and guidelines used to control risks (e.g., written standard operating procedures).
    • Personal protective equipment (PPE) worn by workers to protect them against laboratory hazards (e.g., gloves and gowns).
  • Recognize that no single mitigation control measure is completely effective at reducing all risks.
  • Combine controls for optimal risk mitigation. All interested parties must consider organizational strengths, resources, commitment, personnel knowledge, and staff competency levels to ensure the appropriate implementation of mitigation measures.

Performance evaluation

  • A systematic process to achieve improved levels of organizational objectives and goals.
  • Evaluate performance to verify that implemented mitigation measures have reduced or eliminated risks to an acceptable level.
  • Identify measures that are not working effectively and need to be corrected or removed.
  • Provide evidence that the organization can understand and effectively reduce operational risk to an acceptable level.
  • Ensure performance evaluation is a continuous and ongoing process that must have a strong commitment from management.

Management system approach to biorisk management

This biorisk management system is based on a management system approach that enables an organization to effectively identify, assess, control, and evaluate the biosafety and biosecurity risks inherent in its activities. This approach integrates best practices and procedures and helps ensure that an organization can effectively achieve its objectives.

An effective management system approach should be built on the concept of continual improvement through a cycle of planning, implementing, reviewing, and improving the actions that an organization undertakes to meet goals. This approach is known as the Plan-Do-Check-Act (PDCA) cycle. Successful implementation of PDCA can lead to measurable improvements in an organization's efficiency, effectiveness, and accountability.

If desired outcomes are not being achieved, implement corrective actions based on what was learned and start the cycle again. Through this cyclical process, the PDCA approach ensures that the laboratory approach to biorisk management is continually evolving and adapting to meet new challenges.

The PDCA cycle

PDCA cycle diagram illustrating Plan, Do, Check, and Act phases for risk management.
PDCA Cycle Diagram for Continuous Improvement in Risk Management

An illustration of the Plan-Do-Check-Act (PDCA) cycle, which follows the steps listed below.

  1. Plan: Plan a change, develop goals, and establish objectives, programs, and processes that align with laboratory policies.
  2. Do: Put plans into action and implement the processes outlined in the planning stage, executing the process.
  3. Check: Assess the activities, processes, and results against the policy and objectives set during the planning stage. Gather data, analyze results, and measure performance to understand how well strategies are performing and the risks being controlled.
  4. Act: Continuously review processes and activities to ensure laboratory practices are not just maintained but consistently improved to achieve the desired outcomes.

Resources

  1. CEN Workshop Agreement 15793:2011, Laboratory biorisk management
  2. ISO 35001:2019, Biorisk management for laboratories and other related organisations
  3. Gribble LA, Tria ES, and Wallis L. (2015). The AMP Model: In Salerno RM and Gaudioso J. Laboratory Biorisk Management: Biosafety and Biosecurity, 31-43. CRC Press, Taylor & Francis Group.
  4. Meechan PJ and Potts J. (2020). Appendix N-Clinical Laboratories: In Biosafety in microbiological and biomedical laboratories. 6th ed. Washington, DC: Government Printing Office.
  5. CDC Developing Biorisk Management Objectives

Contact us

For more information about biorisk management resources, contact DLSbiosafety@cdc.gov.

Disclaimer‎

The Centers for Disease Control and Prevention (CDC), or the Department of Health and Human Services (HHS) cannot attest to the accuracy of a non-federal site and the listing of non-federal resources and tools does not constitute an endorsement by HHS or any of its employees of the sponsors of the information or products.