A Stepwise Process to Improve Biorisk Management Systems

What to know

The views expressed in written materials or publications and by speakers and moderators do not necessarily reflect the official policies of the Department of Health and Human Services, nor does the mention of trade names, commercial practices, or organizations imply endorsement by the U.S. government.

Logos for CDC, University of New Mexico Health Sciences, and Project ECHO.
Format: MP3
Language: English (US)
Size: 44 MB
Last updated: February 27, 2024
Logos for CDC, University of New Mexico Health Sciences, and Project ECHO.

Transcript

Date of session: 02/27/2024

Facilitator

Aufra C. Araujo, PhD

Centers for Disease Control and Prevention

DLSbiosafety@cdc.gov

Didactic Speakers

Eric Cook, MPH, CBSP

Biosafety Officer, Global Chemical and Biological Security

Sandia National Laboratories

encook@sandia.gov

William Pinard, MS, BRM/BSEC (IFBA)

Project Lead, Principal Engineering Team

Global Chemical and Biological Security

Sandia National Laboratories

wjpinar@sandia.gov

Aufra Araujo: Good afternoon, good morning, and good evening, everyone. My name is Aufra Araujo, and I want to extend a warm welcome from the Centers for Disease Control and Prevention in Atlanta, Georgia. I'm a PhD Health Scientist in CDC's Division of Laboratory Systems. Thank you all for joining our second Extension for Community Healthcare Outcomes, or ECHO, Biosafety session for 2024.

The topic for this interactive discussion is A Stepwise Process to Improve Biorisk Management Systems. Today's subject matter experts are Eric Cook and William Pinard from Sandia National Laboratories in Albuquerque, New Mexico. Let me stop sharing briefly.

All right. I would like to ask everyone a quick icebreaker question. You know we love icebreakers, which is already in the chat. With March on the horizon, spring is almost here. I can tell. I have allergies, pollen allergies from Atlanta. So what is your favorite spring activity? That's the icebreaker question. If you care to enter or unmute and share with us, that would be awesome.

I see mountain hiking. I love that. Ooh, hiking. Anything outside. Yeah, me too with mask. Kayaking. Ooh, I envy these people. So sporty. Preparing vegetable garden. Ooh. Gardening. I like gardening too. Wildflowers. Look at that. Lots of activities. Outside sports. Yes. It's just so nice, that fresh air and the flowers blooming. I love that too. Tapping my maple trees to make syrup. Look at that. Outside meditation. Wow. I love these activities. Very active crowd here. It's so cool. Very good.

Now I would like to provide a brief recap from our last session. Let me share another slide here. OK. Not yet. This one. OK. Just a quick recap from our last session in January featuring Dr. Kalpana Rengarajan from Emory University, who– am I not sharing? Let it a moment. Looks like I'm not sharing.

William Pinard: Not yet.

Aufra Araujo: Just a second. What's happening? I was so excited here talking and all. Yes, now you should be seeing the slides. Yes. OK.

So I would like to provide a brief recap from our last session in January featuring Dr. Kalpana Rengarajan from Emory University, who presented on Laboratory Biorisk Management: What It Is and How to Improve It. We had a total of 65 participants attending the session. These participants are affiliated with 29 organizations. And I would like to share some quotes from participants from that session. Let's see here.

One question Dr. Rengarajan asked was how could you improve the biorisk management in your own lab? Some participants said a biorisk plan helps keep people safe, especially when there is employee turnover. It also helps keep people from getting complacent with the organisms they work with daily. Having our lab scientists more involved in their safety process would be good.

It's so nice to hear this type of feedback. And there is many more, but I don't want to take away the time from the discussion today. We encourage you to share information about our ECHO

Biosafety sessions with your colleagues. You see in green in the map the states, people affiliated with institutions located in those states. So wherever you see in grayish color where people that were not in this session. So if you can reach out to your networks and share about these ECHO Biosafety sessions, we appreciate it.

So now let me stop sharing again. All right, before we continue, I would like to address some technical aspects of our ECHO Biosafety sessions. Please use the video capabilities of your device for this session. Currently all audience microphones are muted. When engaging the discussion, please unmute yourself to speak.

Closed captioning is provided through Zoom for this session. If you are experiencing technical difficulties during the session, please send a private chat message to George Xiang, who is labeled as CDC Echo Tech. George will do his best to respond to your issue. If you're connecting to Zoom by phone only, at the time of discussion, please introduce yourself by stating your name and institution before speaking.

We encourage your active participation by sharing your knowledge and experience. Each laboratory is unique, and your skill sets are unique. So your contributions to the discussion are valuable. Here is a brief overview of today's session. Going to go back.

Today's session is being recorded. If you prefer not to be recorded, please disconnect now. After today's session, the transcript, the audio recording, presentation slides, and other resources will be posted on the DLS ECHO Biosafety website. Let me see. Next slide.

I'd like to remind everyone that these slides contain presentation material from speakers who are not affiliated with CDC. Presentation contained from external speakers may not necessarily reflect CDC's official position. Now it is my pleasure to introduce today's presenters, Eric Cook and William Pinard.

Eric is a Corporate Biosafety officer at Sandia National Laboratories and a Principal Member of the Technical Staff in the Global Chemical Biological Threat Reduction Program, promoting global program biorisk management. With 14 years of experience at Sandia, he excels in training, curriculum development, risk assessments, and mentoring by risk management advisors. Before Sandia, Eric led biosafety initiatives at Dartmouth College and MIT. He holds a master's degree in Public Health from Boston University specializing in environmental health and Bachelor of Science in Molecular Biology from Brigham Young University. Eric has been an ABSA International member since 1997 and was the recipient of the John H. Richardson Special Recognition Award. As a certified biosafety professional since 2005, Eric remains committed to ensuring the highest standards of safety in laboratory settings worldwide.

William is a Principal Engineer Program Project Lead with Sandia National Laboratories' Global Chemical and Biological Security Group. In his 13 years at Sandia, he has focused his efforts on human capacity development and biorisk management systems development. This has included leading the development of training programs for the International Federation of Biosafety Association's professional certifications in Biorisk Management and Biosecurity and mentorship efforts. He has also worked with institutions and professionals to design and execute biorisk management system improvement projects through the CWA 15793 and ISO 35001 frameworks. He serves as the country lead and strategic direction of Malaysia, the Gulf Cooperation Council, Türkiye, and has previously led work in Morocco, Egypt, Jordan, and Pakistan. William holds a master's in Biodefense from George Mason University and is professionally certified in Biorisk Management and Biosecurity by the International Federation of Biosafety Association.

All right. With that, let me stop sharing. And Eric, the floor is yours.

Eric Cook: All right. Thank you so much, Aufra. And I am just– here we go. I want to let people know the presentation, the slide deck that I'll be presenting from will be shared afterwards. And also there's a lot more slides in the slide deck than we have time for. And so those additional slides will be available for you to review, has more information on the history of ISO and CWA and other more additional information than what we have time for in our presentation.

So thank you for that introduction, Aufra. And I just wanted to mention just a little bit about Sandia National Labs. We're actually a very large national U.S. government owned laboratory. And we got our start way back in World War II. If you saw the movie Oppenheimer, you learned about Los Alamos Lab. We used to be a sister lab with Los Alamos in helping develop nuclear weapons. But the lab has grown and expanded well beyond just nuclear weapon work.

And the program that Will and I work in is the Global Chem Biothreat Reduction Security Program. And we spend a lot of time around the world mentoring and training and working with both public health laboratories, research laboratories, and animal disease diagnostic laboratories in helping them develop and improve their biorisk management systems and train their biorisk management advisors and other professionals. And so that's what I've been working on the last 14 years since I've been at Sandia.

And today I'm going to share a simple stepwise implementation process for buyer risk management system improvement. And I'm going to build on what Kalpana presented last month. And last month she introduced the ISO 35001 standard and the CWA. And so really for our objectives today, we're going to take those two biorisk management system frameworks and I'm going to show us a really simple way that they can be used as a tool for systemic change.

And then we have a number of tools and resources that might help you in implementing this process. So I want to introduce you to those tools. And all of these will be available to you afterwards. And again, it's a simple four step process that we've been teaching and using and helping labs all around the world to implement these systems.

So the agenda for my talk today. I'm going to start just kind of a very brief review of biorisk management systems. In fact, it's only going to be a few slides. In the slide deck that I'll be providing afterwards, it'll have a lot more detail that you can look up. We're going to do a scenario together that will help us explore and use these reference materials.

And then this is the four-step process that I'll be sharing, which is step one is really preparing for– a lot of people use the term gap analysis. But I found that in some corners, particularly when I started as trying to do this at Sandia Labs, we have some bio-research labs and biotechnology labs here at Sandia. And when I introduced the concept of gap analysis, basically what I heard from my colleagues and coworkers here at Sandia was we don't have any gaps.

We have a really good, comprehensive safety and security program and there are no gaps.

And so what we found was maybe a better term rather than gap analysis is mapping. So the idea of taking a standard or taking a guideline or taking a regulation and then mapping the existing requirements with what we're doing. And we kind of put those together to look for not gaps but look for opportunities to improve our existing systems.

And so step one is preparing and outlining the scope of our process. Step two is conducting the mapping exercise. Step three is once we've conducted the exercise, collating the data, identifying, brainstorming opportunities to improve the existing system. From that, once you've identified those opportunities, brainstorming some project ideas to match our opportunities to specific projects that could be implemented, and then the last step is planning and executing and then checking the results of a project plan.

For our workshop today, I'm just going to go through each of these steps. I have a few case studies that I will share. I will share the results of what we did at Sandia in this four-step process. And then we also have– a couple of weeks ago, Will and I were working with a laboratory to help them do this exact process.

So I've gotten permission from this laboratory to share their results and what they did. A lot of people don't, for security and other reasons, they don't necessarily want to air their dirty laundry, so to speak. And so we've gotten permission from them to share their case but not– so we'll share their case but not identify who they are. But it was a laboratory outside the U.S.

All right. So in future ECHO sessions here with the CDC, this last step, the project planning, will be addressed in a lot more detail in the future. And so I'm not going to go through all the specific steps of planning a project and implementing the project, but just introduce it from a high level.

As we're going, if you guys have any questions or need more– have questions about what I've been saying, please throw the questions in the chat and I'll ask George and Will and others to monitor that and kind of shake me or jump in with your questions as we go. So I would encourage questions and interactivity throughout this presentation.

So the first part I want to just briefly review biorisk management systems. And this was actually done last month in last month's ECHO session. Kalpana went through a lot more detail on what is a biorisk management system and introduced the ISO 35001 and the CWA 15793. But this is just kind of a review of what Kalpana presented.

But some of the key messages that we should have taken from Kalpana's talk was that the CWA 15793 and the ISO 35001, these are biorisk management system frameworks. So the CWA was the first international people call them standards. I like to think of them not as standards but as a framework that describes what a biorisk management system is.

And it's important to understand that these frameworks, these standards, so to speak, don't replace other ISO standards that you might be familiar with, such as 14001 or the quality management systems standards that you already have in place for your laboratories. That they're designed to be compatible with those other standards and also other guidelines and best practices.

You might be familiar with the CDC NIH Biosafety in Microbiological and Biomedical Laboratories, or what we call the BMBL. Or the WHO Laboratory Biosafety Manual and these types of international references that are used to describe biosafety practices and also biosecurity practices in the lab. And that these frameworks are not meant to replace those but to work with them and enhance them. And the frameworks outline a process to identify, assess, control, and monitor risks, and so on.

And the difference between the CWA and the ISO, the CWA came first and was the first framework. And it had an expiry date, and it was always meant to be a stepping stone towards the ISO. And then the ISO 35001 was published and became available in 2019 and has replaced the CWA since then.

But we have not thrown the CWA out quite yet, because one of the things with the key difference between the ISO and the CWA is the CWA has an implementation guidance document, whereas the ISO has not yet published an implementation guide. That is in the works and it is coming out any month or any year now but should be available soon.

The other thing about the CWA is it is freely available. It's not copyrighted. So you can download it, you can share it, and you can use it freely. Whereas the ISO, like other standards, you have to purchase that. And so as a presenter, I can't share text from the ISO, but I can share the CWA.

And so for one of our activities today, we're going to be using the CWA reference or the CWA framework and implementation guide, and we'll be using that for one of our case studies. But note that there's– while there are differences textually in how the ISO is organized, what they accomplish is essentially the same thing.

And then from ISO, there's a couple main principles that are used. One is the assessment mitigation performance model. And then the plan, do, check, act model, which we'll touch on a little bit at the end. The PDCA model is used in most ISO standards as the way that you implement your standard is through this process of planning, doing, checking, and acting. And we'll touch a little bit on that at the end.

All right. So one of the things that Kalpana asked you last month that was part of your presentation was she had you describe what a management system is. And so what I'd like, just to reflect on what you learned last month, in general, when you think about management systems, what are they? Or maybe provide a brief definition from what you recall and throw that in the chat. So I'd be interested to see what you're putting in the chat. And so I'm going to ask you to just throw some perceptions or what you guys think of as a management system.

And while you're doing that, so put those in the chat. And while you're doing that, I'm going to share my view or definition of a biorisk management– not a biorisk management system, but management systems in general. So I encourage you to type into the chat while I share this next story. And then once we're done, I'll have maybe Will read some of those chats that come in.

All right. So when I think of a management system, I actually go back to my days in elementary school. And I think most people might be familiar with the playground scene during recess where the children are allowed to go out and play kind of freely in the schoolyard during recess. And one of the things that I liked to do was play soccer with my friends. And we would gather out on the field outside the classrooms.

And usually when we would play, we'd organize ourselves into two teams. Captains would be chosen and they would pick who they wanted on their team. And then the sides would separate and usually we would choose the slowest kid to go stand in the goalie and then everyone else just kind of chased the ball. And that was how we organized ourselves when we played soccer.

And so this was a type of management system. There were a few roles that were assigned. We had somebody in the goalie. But other than that, everyone kind of chased the ball and we had some limited rules like no fighting or pushing or injuring each other. But there were no teachers, there were no coaches, there were no referees, and no real rule structure other than chase the ball and kick it. But we all had a goal, and the goal was to score more points, to kick the ball through the goal and score points and to try to score more points than the other team.

And as I got older, I played soccer in high school. And once I got into high school, we had a coach, we had a referee, we had organized roles and responsibilities. So in high school, I was the left wing. And so I was a forward. I played up front. I had specific responsibilities and area that I covered. And when the ball was passed to me, generally it was to make my way down the sideline and then to hook the ball over to the center or other players to head it or kick it in. So we had strategy. We had a little more– it got a little more organized.

Now, I didn't play soccer in college. But as people move up in the ranks and they go into college or they go into the professional ranks, then it becomes even more organized. Now you have trainers. You have people who track stats and you have all kinds of– if you go all the way up to Manchester United, they have hundreds of people who manage all aspects of the planning and scheduling and travel and nutrition and psychology and statistics. And you don't have just one coach. You have 20 coaches. And each coach has a specific responsibility that they help the athletes perform at the best.

But ultimately, when you compare Manchester United with the kids on the playground, they all had the kind of same goal and objective, and that was to score points. And so when I think of a management system, a management system is something that is designed, a framework for us to know what our jobs are and know what our responsibilities are. It has clear goals that we're trying to achieve. And then it has systems and multiple layers of systems set up to help us achieve those goals.

And the same thing happens with biorisk management. We also have systems and frameworks that help us know how to be safe in the laboratory, how to operate safely. And so all of us, no matter where we work, we have biorisk management systems in our laboratories. The question is, is our laboratory system the schoolyard playground or is it the Manchester United framework translated into laboratory safety form?

So Will, do you want to tell us about some of what people put in for their definitions of a management system?

William Pinard: Certainly. We had a few come in. And the first one we had from Nick Crosby was a way to organize risks, resources, and practices to make sure that the risks are managed acceptably.

Eric Cook: All right. Hey, shout out to Nick. You were one of my shipping trainees, right? I recognize that name. I hope it's the right Nick. But keep going.

William Pinard: All right. And then from Joseph Kozlovac, define policies, processes, procedures, work instructions used by an Institute to manage the tasks needed to meet its objectives.

Eric Cook: Good. So what I'm seeing here, the same thing if you think about a football match or a soccer match is we have a goal that we're trying to accomplish. And it's policies, processes, procedures, instructions, perfect, to help us meet our goals and objectives. Good.

William Pinard: And then from Robin Riddervold-Cotton we have a dynamic standardized and systematic system to successfully accomplish specific outcomes.

Eric Cook: All right, perfect. So one of the things to think about as you look around your laboratory is, are we doing safety like the schoolyard kids or are we doing safety like Manchester United? And one of the things about safety systems and about– in this analogy is that there are always ways we can improve. And you never have the perfect system and we can always get better. And otherwise, we get relegated.

So the idea is this continual improvement process. And safety and security is never finished. There are always going to be new ways that we can improve. And what the ISO 35001 does and what the CWA does is it kind provides a framework that allows us to help identify areas in which we can improve.

So this is just also a review. I think Kalpana covered this. But just I wanted to review a couple definitions when we talk about laboratory biosafety and laboratory biosecurity. These are the definitions that we use. And the thing I want to highlight here is biosafety are all these principles, technologies, and practices that we use to prevent unintentional exposure, whereas biosecurity is kind of the same thing, but we're focused on preventing intentional release, loss, theft, misuse, and so on. So when we look at the definition of biosafety and biosecurity, they also incorporate this concept of technologies and practices and systems in that sense.

And then so what do we mean biorisk, because we talk about biorisk management? And just to reiterate that biorisk is risk from working with biological materials. And it includes both biosafety and biosecurity risks. So when we develop a biorisk management system, it's a system that addresses both biosafety and biosecurity, both the unintentional, accidental, preventable risks all the way up to biosecurity, which is the intentional theft, loss, and misuse.

So this is, again, should be review. But this is the CWA 15793. This is how they define laboratory by risk management as a system or process to control safety and security risks. And so they say a system or process. I think of it as multiple systems, multiple processes that we have in place.

All right. And so that's where when we look at laboratory biorisk management, we divide our systems into I use the term elements, but we could call them programs. We could call them subsystems. But essentially, here are some of the key elements. And I've broken it out into 11. I've seen other people break it out into 15 or 18. Some people break it down into three. But this is kind of how I kind of see biorisk management systems.

And so we are going to do an exercise to take a look at these various elements. But if you think about a soccer team, you have coaching, you have trainers, you have statisticians. And then on the field or pitch itself, you have different positions, different roles, different elements. You have offense and defense, and you have all of these different elements that have to work together to be successful.

So same thing with a biorisk management system. You've got your institutional commitment, your policies, your committees, your documentations. You have a risk assessment program or process. You have an inspection and audit program. Sometimes people combine those two into the same. I like to think of risk assessment as forward looking and the audit and inspection kind of backwards looking. But they're really two sides of the same coin.

You have your training program, your occupational medicine program, your emergency response incident tracking programs. Maybe biosecurity is a separate program. Your shipping and transport programs, waste management, PPE. And then number 11 is kind of the miscellaneous that covers all the others, including your work practices, your validations, your commissioning and decommissioning.

And there's also a few elements that might be missing such as your– one of the things that is kind of different from biorisk management systems is when you look at references, such as the BMBL, the WHO's Laboratory Biosafety Manual, or these other kind of biosafety practices guidelines and documentation is those are kind of often focused on infrastructure such as lab equipment, HVAC systems, autoclaves, these kind of physical infrastructure elements. Whereas I think of biorisk management systems as more people soft structures in place. Not the hard infrastructure, but the people who make it all work.

So to introduce and take a deep dive into the CWA, I want to introduce this case study. And what I'm going to ask is for George to share with you a few documents. So we're going to throw some documents in the chat that you can download and take a look at for this scenario. So George has posted in the chat a Cataract Hospital scenario. So if everyone could download that and have that ready to use.

And then the other thing I'm going to ask George to upload or put in the chat and that is a link to the CWA 16393 document. So this document you can download as a PDF and it's freely available. And so I'm going to have George put a link for that in the chat. Or you could just Google CWA 16393. And there it is. OK, thanks. So George just put that link there. And so download that document. You're going to use that for this next case study.

So this is actually a real case I worked with a colleague of mine in a laboratory. And she wrote this for me. And this was based on a real scenario. This actually happened for their lab. And so the scenario is you've got a public teaching hospital that's affiliated with the Ministry of Health. And they do diagnostic testing in this laboratory. And this laboratory of has the capacity to do PCR testing.

And so during the SARS-CoV-2 outbreak, during COVID, initially before they had the rapid diagnostic tests, the only way to do COVID testing was through PCR. And so this laboratory was one of the few laboratories that had the equipment, the training, and the supplies to do PCR testing for COVID. And so in their country, they were one of the first labs to be set up and running doing COVID testing.

So prior to this, they only did maybe fewer than 100 samples a day. But when COVID hit, they started receiving over 1,000 samples on a daily basis. And because of the nature of what they were– the COVID risk, they ended up producing large amounts of biological waste, much more than they normally work with.

And so during this time, the biosafety officer was doing a regular check and she noticed many issues related to biowaste management. And so this is the biosafety officer's report. And she wrote this report here and noticed a number of problems.

And so what I'd like to challenge you with is the biosafety officer is seeking help to fix the situation. And she's kind of new to her position and does not have as much experience with biowaste management. And so what I'd like you to do is read the scenario from the document that George provided. There's actually a table. In that table, you can list the problems in the first column. In the middle column, you can identify the– we have this management element.

So identify which of these 11 elements, which of these systems are most– would that problem fall in. So I want you to find not– focus on the system problems. What is broken or what can they do to improve their biorisk management system? And so those problems will fall into one of these 11 elements. So what I'll have you do is identify problems, connect the problem to an element, and then go to the CWA and the 16393 and see if you can find a reference in the CWA document that will provide a solution for your problem.

So Oliveira asked a question. What is the difference between CWA 15793 and CWA 16393? So excellent question. 15793 is the standard, the framework. 16393 is the implementation guide for the standard. And we like to work with 16393, because 16393 has all of the standard. It's available in the 16393.

But in addition to that, it lists guidance on how– further details on what the committee was thinking or providing when they wrote the standard. And so, 16393 is the implementation guide for the standard. And so for our sake, when we look at implementing systems, the 16393 is a much better document for us to work off of.

All right. So I'm going to give you guys a minute to look at the scenario and then start to fill out that table. And then I would like to ask for maybe a volunteer or two if they'd like to unmute themselves and share. So this last part here, choose one problem from your list of problems and recommend specific changes to the biorisk management system that's based on the 16393.

So I'm going to give you just a minute. We don't have a lot of time. We've got to keep moving. But perhaps what we could do is ask you to in the chat, if you wouldn't mind just throwing in the problem and maybe a recommended change. You can cut and paste the text right from the CWA and throw it in the chat with a reference. That would be fantastic. So if anyone would like to share that in the chat.

While you're doing that, I'm going to– what do you think? I do not have a clock in front of me, which is a bad thing. So make sure, Aufra, to keep me on time.

Aufra Araujo: Yes. I think wait a couple minutes and people can review the exercise and provide their feedback either by unmuting or sharing in the chat. And then after that, we need to keep moving. I'll let you know if we're pressing for time.

Eric Cook: All right, thank you.

Aufra Araujo: We are at a little—

William Pinard: I think we're doing OK for time. I just looked at the clock.

Aufra Araujo: 30 minutes. Yes, OK.

Eric Cook: So I'll give you guys just a couple minutes to look that over. And I'm going to wait for at least one volunteer to share their problem and what they came up with the solution. The reference in section from the CWA. And I just want to give you guys a minute to look through the CWA, get a feel for what is in it, and how it can help us both identify problems, but also help us find solutions that we could use to improve our existing systems.

Oh good. And just to let people know that George has also shared in the chat an actual– you can download the CWA 16393 as a PDF. And it has a search tool. So if you put in a certain term or text, it can help you find that in the actual document.

Aufra Araujo: OK. So I want to encourage folks to open the mics and share their thoughts or enter in chat if you prefer.

Eric Cook: Or if you guys had similar challenges to our biosafety officer at Cataract Hospital. Good. So Jonathan mentioned one of the problems was training. There's obviously a lack of training. So Jonathan, what did you find? What does the CWA say about training? And you can just cut and paste what you found in the CWA. Perfect.

So from page 30 of the CWA, the organization should design, establish, maintain, assess, and monitor a robust biorisk related training program appropriate to all levels of personnel. The training should include raising personnel awareness of biorisk issues, including relevance of human factors. And the result should be a training program that provides staff with the knowledge and skills to reduce risk with measurable markers of success can be reported to management.

And Colleen mentioned that a waste management program should be designed to minimize waste production. So that's part of proper biowaste management is that your program should be designed and people trained to try to minimize the generation of biohazardous waste. So good. All right.

And Nick is sharing section 4.4.4.5.3 that you should have a policy. And obviously it's not clear in the scenario, but I would guess that they did not have a policy or program in place for their waste management. And there's a number of cross references that can help. And then the waste management policy should be updated on how to handle autoclaved and non-autoclaved waste. So good. All right, so you guys are finding a lot of information. And thank you Layla and Vivian and all those who have shared.

All right, so I'm going to continue on. All right, so this is an example. So for example, the laboratory only has enough capacity to treat half the waste during the COVID rush. And so where would we find a management system solution for that? And that kind of goes into the last element, which is the miscellaneous kind of work planning and good laboratory work practices.

And in section 4.4.4.3 of the CWA, it says the organization shall ensure that the program of work for the facility is defined, documented, and reviewed, and the organization shall establish criteria for work that requires prior approval. And here's the key point from it is it shall ensure there is sufficient resource, capacity, and capability to manage workflow, whether planned or unplanned.

So this is one of the challenges often in surge situations. Sometimes our laboratory is designed and our work is going well, but then some emergency comes up, some outbreak, and then all of a sudden we can't handle the work. And what the CWA is saying from a systems perspective is that you should have– management needs to take a look at both planned and unplanned and prepare for surges in that sense for work planning.

All right. So the next thing I want to talk about, so now that we've done this scenario together and hopefully you've all had a chance to open up the CWA and get a feel for what type of information is available in it, the next thing I want to share with you is this four step process.

And one of the things that I want to mention is that there's no ideal route to successful CWA ISO adoption or implementation. And it really depends on what your organization's– there are so many factors involved. The size of your organization. We all have unique challenges and different systems and different processes. And so it needs to be kind of specific to your organization.

And so in this next part, I kind of want to introduce this simple four step process. And I'm going to share how we, me personally as the corporate biosafety officer at Sandia, how I use this to address some of the biorisk management system implementation process, how I used it at Sandia.

But then I also want to share a case study of a laboratory that Will and I recently worked with just a couple of weeks ago to go through this exact process. And so I'm going to, with their permission, I'm going to share their results. They asked us not to identify the lab. So we won't tell you who the lab is. But I'll give you some background and talk about how they did this.

So here's the basic four step process that we follow to implement or a stepwise process for implementing either the ISO or the CWA. Or really this same process could be used for any standard or any guideline or anything that you want to use as your reference.

So the first step in the process is to prepare. And that means to review, identify, or choose the references, the guidelines, the documents that you're going to base your implementation process on. So usually in this case, it's going to be either the CWA or the ISO or it could be both.

And then part of the preparation is now that you've had a chance to read the CWA, you'll notice that the language that they use is not necessarily the language that your existing systems or your staff, the members of your workforce, the lab workers, management leadership, they have their own lingo or their own language associated with management systems and with biosafety or biosecurity programs. And so part of that first step is translating that terminology into your lingo, so to speak.

The second step is to assemble a diverse team with a variety of perspectives. And then use the terminology, use the tools that you created in the preparation step to then map your existing systems or structures to the given standard.

The third step. So after you've assembled a team and you have collected the information is to analyze, which is to identify opportunities to improve the existing system. So now that you have the data, you're going to take a look at the data. You're going to brainstorm some ideas that could– we don't call them gaps. We call them opportunities. So you'll identify opportunities to improve your existing system. And then you're going to brainstorm project ideas to match those opportunities. And then you might come up with 10, 15, 20 different ideas.

And you will then prioritize those ideas and do what we call kind of a cost benefit analysis. So you'll be looking at which ideas are going to be the most effective. But also you have to look at what will provide the most benefit but also how much work, cost, time, effort, and resources will it take to implement it. And so we'll teach you a simple process for prioritizing your ideas.

And then the last step is to plan. So now that you've identified, say, a bunch of project ideas that you could do, choose one project idea and then follow a process called GORRPI. That is goals, objectives, resources, responsibilities, and performance indicators. I'll get into the details of that at the end of the lecture.

But you plan a project, you implement a project, you validate, verify, and check the results, and then rinse and repeat. Choose another project and plan it and implement it and then another project. So basically what it means is you have a bunch of ideas to improve your system. From step three, you're going to break them up into bite sized chunks and then just eat one bite at a time.

All right, this is another way of looking at the project planning and development. I think of it as a pyramid. It starts at the top. We start with our reference or resource at the top. We break that resource down into the systems elements and then we evaluate our laboratory against how is our training program? How is our PPE program? How is our waste management program? And then we compare. We take a look at each of these elements one at a time.

As we look at each of those elements, we identify opportunities for improvement. These are our brainstorming our ideas. Then we prioritize those ideas. Then we choose one idea. We develop a goal. We create objectives. We break objectives into tasks. And as we continue down the pyramid, this becomes more and more complex and we add in more detail. And we can break our steps into step one, which is our preparation, our mapping, our analysis. And then our last step is the planning.

So what I'm going to do is go through each of these steps one at a time, the four steps. And I'm going to share with you what we did at Sandia as one case study. But I'm also going to– so Sandia is a research laboratory. Most of you probably work in public health laboratories. So I'm going to share with you a real case study that was done following a stepwise process in a diagnostic public– well, actually, it's an animal disease diagnostic laboratory. But I'm sure they have a very similar challenges and issues as, say, a human public health laboratory.

All right. So let me first introduce the National Animal Disease Diagnostic Laboratory. We've changed the name. But for our case study, this is an animal disease diagnostic lab. It's one of the main labs for their country for animal disease diagnostics. It's a national reference laboratory. They have 28 staff. They are responsible for investigating major animal disease outbreaks in the country. They're also responsible for import and export. So they review import of animal materials and export.

And they do testing for animal health for imports coming into the country for large projects. They support a lot of the regional laboratories and local laboratories. They're kind of the reference laboratory. They get the big cases sent to them. They work with the public health side with the Ministry of Health to ensure a public health assurance through control of zoonotic diseases.

And also they help ensure public health through food production, making sure that that's safe throughout the country. They're divided into they have different laboratories for virology, bacteriology, histo and pathology. They also do vaccine efficacy testing. And they have a separate foodborne pathogen lab.

So compared to labs in the U.S., maybe a small lab for a national lab. They only have 28 staff. But they work up to biosafety level three containment at their laboratory. So that's their lab.

And I also want to mention a little bit about Sandia. So I was the corporate biosafety officer. I only wore that hat for a couple years. I've since passed that on. So Sandia has several research laboratories focused on bioresearch. Since Sandia is a national lab, all of the labs that we have are– we focus on national government directed research.

And so a lot of the work we do is related to energy, energy production. So in biotech, that means algae and those types of genetically modified research in energy production. But we also have labs that do work in protecting soldiers in the field, detecting bioweapons, and protecting soldiers and protecting military and also civilians in exposure to certain pathogens and things like that.

So we have a number of research projects funded by the national government. A lot of it focused on security and energy related to biorisk. At Sandia, we do not have any biosafety level three labs. Our highest level is biosafety level two. And we are restricted from doing any containment type research. So most of the research is moderate to low risk.

But one of the challenges was that Sandia had two separate biosafety programs. We have a laboratory in California, a laboratory in New Mexico. And each of these laboratories developed their own biorisk management systems kind of independent of each other. And in 2017, 2018, somewhere around there, we got new management taking over for our laboratory. And so when the new management came in, they looked at all the management systems throughout the lab.

So we had a separate– we had one IBC, a separate Institutional Biosafety Committee in California, a separate IBC in New Mexico with different procedures. We had a biosafety officer in California, a biosafety officer in New Mexico. They each had their own programs. They each did things differently. And when the new management took over, they said, why do we have two separate biosafety programs? Why do we have two separate IBCs? We're one company. We need to combine.

And so I had been on the IBC for many years. So they came to me and said, Eric, we need one– so New Mexico said, well, California needs to adopt our system. And California said no, New Mexico needs to adopt our system. And so corporate came to me and asked me to set up or work with both to establish one. I worked with a team to establish one IBC.

And so one of the things that I did was in 2019, that's when the ISO standard became available. And so I proposed to the team that why don't we use the ISO 35001? Not that we're going to go for accreditation or certification. But we could use the ISO 35001 as a tool to be able to compare California's program with New Mexico's program. And if we have one framework to compare two separate systems, perhaps we can use that to identify opportunities to improve and create a single system. And so that's the challenge I was faced at Sandia.

All right. So from that, this is kind of how I did it at Sandia. But I'm also going to share what we've been using over the past many years to help laboratories throughout the country do kind of the same process. So the first step in it is choosing an appropriate standard or guidelines or rules or framework that you want to base your implementation or improvement process on.

So in this case at Sandia, we used the ISO 35001 as our main framework for improvement, for mapping, for analysis. And so my first step was reading through the framework. I realized that there was a lot of language in the ISO that my colleagues were not familiar with. And so I had to rewrite the– not rewrite, but translate or create a tool that would allow us to analyze our systems against the ISO. So that's kind of the first step.

And here are some examples of what you could use as a standard. The 35001, the CWA, the BMBL, the WHO, or others. I know there are other quality management system standards such as the ISO 17025 or ISO 14001, the EH&S kind of standard. But whatever it is, you take that standard and then you can translate the material into a mapping tool.

Now, I'm going to share with you two different tools that I've created to do this process. The first is this biorisk management system survey tool. And so I'm going to ask if for George, if you could post in the chat that survey tool. And make this available to everyone. You're welcome to use this same survey tool. And what it does is it looks at the 11 elements and it does a kind of a deep dive into those 11 elements.

And so you're welcome to use this biorisk management system survey tool that I created. This was the tool that our laboratory in the case study used. I'll also share with you Sandia's question set. So I'm going to have George put that in the analysis or in the chat as well. And so the ISO analysis question set. This is what we developed at Sandia, and I'll talk about that.

So this was the process we used at Sandia. The first thing is I created this analysis, these questions. We broke the questions up into seven parts and then we set a goal for us to look at each question set, one per week. And then we would basically answer the questions and then do a new question set every week. We created what we call a confluence site. So this is an example of our confluence site.

Within this, people could upload their questions. So we would send everyone the question sets. They would fill out their questions. They would upload them. And then we would take their answers and put them and collate them into a single what we call the confluence site or document. This is an example of the question sets.

So we would ask, for example, what are the policies that govern biorisk management at Sandia? And you'll notice here we have section 5.2. That is the specific reference in the ISO regulations. I do have with this question set an entire– it's like a reference document that goes with it. The reference document has all the standards that we're addressing.

And so unfortunately, because the reference document is basically cut and paste from the ISO standard, I'm unable to share that reference document with you because the ISO document, the ISO reference is copyrighted, and you would have to purchase that. So I can't share that. But here's the questions that I created based on– this was based on Section 5.2 of the ISO. And this were the instructions.

I asked the team to gather any documents, links, connections to biosafety biosecurity specific policies at Sandia. And if there are no specific or separate biosafety biosecurity policy, then perhaps the policy is embedded in or described in general EH&S policies. So I had them list all the policies here. And then I had them include any evidence supporting documents, links, connections here. And then the second question was related to section 4.1, 4.2, and 4.3 of the ISO and so on.

And so once a week we went through– so let me also– sorry. OK. So then once a week, we would get together the team. We'd go over the information that was gathered and we would add that to the confluence doc.

This is the biorisk management systems survey tool. And so just to show you what this looks like, there's a template that George has now put into the chat. You can download that. So the system tool asks about 80 or 90 questions. And each question, so it's based on a specific element.

So for example, here we have element number one, which is the institutional commitment to biorisk management. And it breaks that element up into a series of questions. And you'll notice the color. We have green and we have yellow. So the green is for questions that are specific for biosafety and the yellow are questions that are specific for biosecurity.

And so I broke it up. Question 1.1 and 1.2 are almost identical questions. But one is focused on biosafety and one is focused on biosecurity. And the idea is by separating it out into our biosafety and biosecurity specific programs, we can get an average score for our safety and an average score for our security.

Then what I do is for each of these questions, I ask people to rank based on their perceptions, based on their experience from a score from 0 to 100. So we have this slider 0 to 100. Or you could just simply input a number here. So the question would be, does your organization have a written document, statement, or policy that outlines your organization's commitment and standards to reduce unintentional release?

So I asked them to score 0 meaning we have no such thing. Nothing exists in our lab. To 100, meaning we have the perfect policy. It's written, it's documented. Everyone knows what it is, and it's well established. And that would be 100.

So what I tell people is this is based on your own rubric. So you can't really use this survey to compare one lab to another, because each person who uses this will use their own rubric. And so it doesn't mean you're doing well or doing poorly. But what this does help you do is identify areas that maybe you could improve.

And the other thing when I tell people when you're filling out this survey is do it in kind of a comparative way such that if the question number one is better than question number two, give a higher score to one and a lower score to two.

So this is the biorisk management system survey. And this tool can also be used to help you map or identify opportunities. Whoops. Pushed the wrong button there. Go back to this. This can help you map or identify opportunities for improving your system.

All right. So the next step is now that you have the tool, you've created your tool for gathering the data, you've determined what the scope of your assessment is going to be, then it's to assemble a team of people to help you. And one of the things that's really important is you need diverse perspectives. And so everyone knows the story of the blind men and the elephants. They were all looking at the same animal, but each person had a different perspective so came to a different conclusion.

And so if you only have your biosafety officer filling out this form or gathering the data, you're going to get a very limited perspective on the whole system, and you can come to incorrect conclusions. You might determine, oh, our biorisk management system is fantastic. It's working really well. But you're blind to other areas.

And so when you think about what stakeholders, what groups, what do you think you need in your labs to be involved in creating the map? So I'd be interested. If you guys want to throw into the chat some of the roles of various people. So you don't need their names. But of course, you want your biosafety officer. But who else should be involved in this kind of mapping exercise? So throw some ideas in the chat. Who would you invite to help you in this mapping process?

So I'm going to ask you to throw into the chat the people, the roles that you would invite. So quality assurance. Good, thanks Elizabeth. Who else should we involve? Bench workers. Perfect. Good. You need their perspective for sure. Leadership team, scientists, PIs. Absolutely. Facilities and engineers. Good.

Lab director, technical supervisors, quality assurance. Good. The responsible official, the RO. All right, good. So protocol committee, chairs, somebody from the IBC. So fantastic. So the idea is if we get everyone's perspective and everyone is involved in this description, then we can build a picture or map of what our system really is.

All right. So at Sandia, this is an example of the confluence document. So what we have here is in different colors of text, we have different people's inputs. So blue was maybe for the biosafety officer in California. Orange might be the biosafety officer from New Mexico, et cetera, et cetera. And so we created this confluence document to collate all the answers and perspectives from people around the lab.

And then we also had you can see down here at the bottom any documents or things that were connected to that specific requirement we attached right to the confluence page. So this was a shared web page so that the people in California, the people in New Mexico, and all the people on the team could collate and put all the data that we were collecting from our analysis as we went.

So this is essentially what we did at Sandia. We listed all of the elements, the requirements on one side. We looked at New Mexico's practices. We looked at California's practices. We also included any local regulations or requirements. So if there were different legal requirements that California had from New Mexico, we included that. Then we identified gaps or differences. Another word we used would be opportunities. We identified that there.

And then we made recommendations. So these are projects or plans that we could do. So this was essentially we created this big table. And this is what the table kind of looked at as we created it. So we have here on our table, we started with our considerations or our recommendations. We had the related clauses or sections of the ISO.

And then we were asked to give it a priority. And we based our priority based on the difficulty it would take to implement or improve this area and then the impact it would have on safety. One of the things if it's difficult to implement and it's going to have a low impact on safety, then it's probably going to be a low priority for us. And then some of the things that are easy to implement might have a higher priority.

So we basically broke it down into three levels of priority high, moderate, and low priority. And then we had our difficulty as hard or easy. We basically did a is this going to be hard or easy. And then for impact, we did low or high. And so we kept it really simple. Low, high, hard, easy. And then we had three priority levels. And this is what our management leadership asked us to do as we did this.

This is the mapping results from our case study lab. And so what they did is they used the biorisk management system survey that I shared. And from that, as they used that survey, they brainstormed ideas. And they came up with 19 different ideas. These were the ideas that they came up with. And then for each of those ideas, they assigned a level of impact. We can see that here. And a level of effort. And then it's hard to see the numbers, I know.

But for example, here's number six right here. So number six would correspond with developing a system for incident and accident reporting. And so according to their analysis, it would have a very high impact. And it would have a very– it would take a low level of effort. And so this became kind of their high priority. So anything kind of in this quadrant, this is easy to do and will have a big impact. So these are the projects that they wanted to focus on here, whereas projects that are down in this quadrant are hard to do and have little impact. These are projects we probably won't do for a while. All right.

Aufra Araujo: Eric.

Eric Cook: Yeah?

Aufra Araujo: Sorry to interrupt, but we are close to the end. And I wanted to point out that there is one question in the chat. Joseph is asking, how did you address the community representation required by the NIH guidelines since you have a significant geographical separation between the two sites? And I think after that, we'll have to wrap it up. And I'd love to invite you to come back to present another session, because this is a wealth of information and clearly relevant information. But we are running out of time.

Eric Cook: OK, thank you, Aufra. So I want to mention you can read through these slides. It gives you a simple– we've given you a rubric for prioritizing your ideas and then some examples of mapping it out.

And then the last thing is the PDCA process. And this is where I'm going to finish my project, because later on in future sessions, you're going to talk more about how do you specifically plan and implement projects. And so this is the PDCA process. This is our GORRPI process that we talked about. And I think in the future, we'll have– GORRPI stands for Goals, Objectives, Roles, Responsibilities, and Performance Indicators. And in the future, I think you'll have more sessions on project planning and implementation.

I wanted to also share just a summary. And also in the chat, if I could ask George to include, we actually have a project plan and a Gantt chart that was created by our model laboratory in our case study. So they chose one project. They planned it out. So you can see a copy of their project plan. And you can see a copy of the Gantt chart that they created as this project planning process. And now as we speak, this laboratory is currently implementing this project plan and working through that now.

All right. So I will finish with that. And I'm going to answer Joe's question. Because how do we combine an IBC and include community members? That's separate from this. So I'm going to end here, but I'm going to stay on for those that want to stay on to answer questions but turn it back to Aufra to wrap us up.

Aufra Araujo: Yes, please go ahead and answer Joseph's question, and then we go from there.

Eric Cook: OK. Thank you. So for those that do have Institutional Biosafety Committees, the NIH guidelines require you to have a community member as part of your committee. I will say that we did not include a community member in our ISO mapping and analysis. But once we came up with our biorisk management system improvement ideas, we shared that with the IBC and got IBC approval for our– or IBC input on our final analysis. And so community members participated in that.

In our IBC programs at Sandia, this kind of gets in the technical requirements for IBCs. But the NIH requires local community members that live in the area. And so we actually while we function as one IBC, we have one combined IBC. We approve protocols for both New Mexico and California. We have a IBC meeting every two months. Our IBC meetings are through Zoom.

And while we have one functioning IBC, we actually have two separate registered IBCs with the NIH. The NIH requires the IBC to be– the registered IBC to– so we have actually two IBCs registered with the NIH. And we jointly combine our meetings into one. And we have representation from the community from both California and representation from New Mexico.

So we have community members in New Mexico and community members in California that participate in that joint meeting. So that's how we do it at Sandia. I hope that answers your question, Joe. If you want to unmute your mic and validate or let me– if I answered your question.

Joseph Kozlovac: You did. We had the same challenge when we tried to set up area IBCs for ours. Of course, we have a lot more laboratories than you guys do.

Eric Cook: Yeah. I can't imagine if we had three or four. So essentially, what we do, Joe, is register each site as a separate IBC with the NIH. And we have community members for each of those sites. And then when we have our joint meetings, that's where everyone's together.

Aufra Araujo: Thank you so much, Eric, for your presentation and the excellent resources you provided and the discussion as well. Thanks, everyone for participating in the discussion. I forgot to mention earlier, Eric is calling from Malaysia. So it's like 1:00 in the morning now or maybe 2:00.

Eric Cook: 2:30.

Aufra Araujo: 2:30 in the morning.

Eric Cook: I teach all day too. So I've been teaching a biorisk management course all day.

Aufra Araujo: I'm just amazed how you can be that energetic at 2:00 in the morning. Anyways, thank you so much, Eric. I'd like to give a chance to Commander Sabrina DeBose, who is the Safety Team Lead in the CDC Division of Laboratory Systems, to provide a summary of the discussion from today's session. Sabrina.

Sabrina DeBose: Yes. Thank you, Aufra. Can you all hear me OK? Let's turn this up just a little bit. Perfect. Well, first we want to say thank you, Eric, and we really do appreciate it. And also thank the participants for the, as always, a robust discussion related to the presentation today. And the presentation is stepwise process to improve biorisk management systems.

So as Aufra mentioned, I will provide a summary of the participants' discussion that we observed from the chat. One of the first questions that Eric asked was what is a management system? And in the chat, three definitions were placed and one was identified as a way to organize risk, resources, and practices to make sure the risks are managed acceptably. One was also noted as it's defined policies, processes, procedures, work instructions used by the institution to manage the tasks needed to meet its objective. The other definition was a dynamic approach, a dynamic, standardized, and systematic approach to successfully accomplish specific outcomes.

Related to the case study, the Cataract Hospital scenario, the discussion revealed that there was a lack of training, waste management policies was not sufficient, work practices was insufficient, noting that staff had not received any formal training on waste management, and good microbiological techniques was deficient. In the chat, we received several CWA references that related to each one of the identified areas of concern.

Another information that we got in the chat, and this was in response to who should be involved in your biorisk management processes. Responses noted were make sure you include the facilities and engineers, all of the principal investigators, responsible officials, your technical supervisors, security managers, and protocol committee chairs. We also want to thank Eric for sharing several resources that we will make available on the ECHO website. And that is it as far as the summary from the participants. So I will turn it back over to Aufra. Thank you.

Aufra Araujo: Thank you, Sabrina. Eric, is there anything you'd like to add from the discussion today?

Eric Cook: Just the one thing I would add is sometimes when we look at biorisk management systems, they're very complex. You have hundreds of little pieces that are inter moving. And just to remind people that we in our positions and roles can only see part of the system as a whole. And so it's important to involve and get perspectives from a range of people as you're looking at your systems.

And then once you identify issues, don't think of them as gaps. Think of them as opportunities for improvement. And then once you identify these opportunities, you don't have to fix everything at once. And just break it up into small bites and just take one bite at a time. It's how they say. How do you eat an elephant? You cut it up into small pieces and take one bite at a time.

And really these types of programs at Sandia, when we identified all of these issues, we estimated if we tackled all of them, It would take us five years, which is great, because it means that it keeps me employed for another five years helping plan and implement and improve these. So you just do one step at a time. And safety improvement never ends. So this is just one way to help organize it. Thank you.

Aufra Araujo: Thanks, Eric. Thanks, Sabrina, for the summary, Eric for your terrific presentation, and thanks the audience for your participation as well. Now I'd like to talk about the post session survey. In the chat is the link to the survey for today's ECHO Biosafety session. It will take you directly to the Qualtrics survey.

This survey should take no more than two minutes to complete, and your participation is voluntary, but it's strongly encouraged so we can continue improving the ECHO Biosafety Program and achieve better outcomes with this community of practice. We appreciate your time in completing the survey. If you have any questions about the survey, the ECHO Biosafety sessions, or if you have a real laboratory biosafety case or challenge that you'd like to present during the ECHO biosafety session, please reach out to us at dlsbiosafety@cdc.gov.

Now really quick I would like to share one quick slide with our presenter for the ECHO session in March, which is– OK, you all should be able to see. We are excited to have our next session on Tuesday, March 26 at noon PM Eastern time. The topic will be Leadership: Roles, Responsibilities, and Authorities, presented by Joseph Kozlovac, who is the Agency Biosafety Officer at the United States Department of Agriculture.

As a reminder, you can access the transcripts, audio recording, and presentation slides from previous ECHO Biosafety sessions on the DLS ECHO Biosafety website. Now we will adjourn. Thank you for attending, and I hope you are intentional about having a safe and fantastic day. Bye everyone.

Additional resources and related publications