Biorisk management for laboratories and other related organisations

This document defines a process to identify, assess, control, and monitor the risks associated with hazardous biological materials. This document is applicable to any laboratory or other organization that works with, stores, transports, and/or disposes of hazardous biological materials. This document is intended to complement existing International Standards for laboratories. This document is not intended for laboratories that test for the presence of microorganisms and/or toxins in food or feedstuffs. This document is not intended for the management of risks from the use of genetically modified crops in agriculture.

Système de management des biorisques en laboratoires et autres organismes associés

General Information

Status
Published
Publication Date
11-Nov-2019
Current Stage
6060 - International Standard published
Start Date
04-Sep-2019
Completion Date
12-Nov-2019
Ref Project

Buy Standard

Standard
ISO 35001:2019 - Biorisk management for laboratories and other related organisations
English language
26 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (sample)

INTERNATIONAL ISO
STANDARD 35001
First edition
2019-11
Biorisk management for laboratories
and other related organisations
Système de management des biorisques en laboratoires et autres
organismes associés
Reference number
ISO 35001:2019(E)
ISO 2019
---------------------- Page: 1 ----------------------
ISO 35001:2019(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO 2019

All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may

be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting

on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address

below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Fax: +41 22 749 09 47
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO 2019 – All rights reserved
---------------------- Page: 2 ----------------------
ISO 35001:2019(E)
Contents Page

Foreword ..........................................................................................................................................................................................................................................v

Introduction ................................................................................................................................................................................................................................vi

1 Scope ................................................................................................................................................................................................................................. 1

2 Normative references ...................................................................................................................................................................................... 1

3 Terms and definitions ..................................................................................................................................................................................... 1

4 Context of the organization ....................................................................................................................................................................... 7

4.1 Understanding the organization and its context ....................................................................................................... 7

4.2 Understanding the needs and expectations of interested parties .............................................................. 8

4.3 Determining the scope of the biorisk management system ............................................................................. 8

4.4 Biorisk management system ....................................................................................................................................................... 8

5 Leadership .................................................................................................................................................................................................................. 8

5.1 Leadership and commitment ..................................................................................................................................................... 8

5.2 P olicy ............................................................................................................................................................................................................... 9

5.3 Roles, responsibilities, and authorities .............................................................................................................................. 9

5.3.1 Top management ..........................................................................................................................................................10

5.3.2 Senior management ...................................................................................................................................................10

5.3.3 Biorisk management committee .....................................................................................................................10

5.3.4 Biorisk management advisor .............................................................................................................................11

5.3.5 Scientific management ............................................................................................................................................11

6 Planning ......................................................................................................................................................................................................................12

6.1 Actions to address risks and opportunities ................................................................................................................12

6.1.1 Hazard and/or threat identification and analysis ............................................................................12

6.1.2 Risk assessment ...................................................................... .......................................................................................12

6.1.3 Risk mitigation ...................................................................... ..........................................................................................13

6.1.4 Performance evaluation..........................................................................................................................................13

6.2 Biorisk management objectives and planning to achieve them ................................................................13

7 Support ........................................................................................................................................................................................................................14

7.1 Resources ..................................................................................................................................................................................................14

7.1.1 Worker health programme...................................................................................................................................14

7.2 Competence ............................................................................................................................................................................................15

7.2.1 Behavioural factors and worker management ....................................................................................15

7.2.2 Personnel reliability measures .........................................................................................................................15

7.3 Awareness ................................................................................................................................................................................................16

7.3.1 Training .................................................................................................................................................................................16

7.4 Communication ...................................................................................................................................................................................16

7.5 Documented information ............................................................................................................................................................17

7.5.1 General...................................................................................................................................................................................17

7.5.2 Creating and updating ..............................................................................................................................................17

7.5.3 Control of documented information ............................................................................................................17

7.5.4 Information security ..................................................................................................................................................18

7.6 Non-employees ....................................................................................................................................................................................18

7.7 Personal security ................................................................................................................................................................................18

7.8 Control of suppliers .........................................................................................................................................................................18

8 Operation ..................................................................................................................................................................................................................19

8.1 Operational planning and control .......................................................................................................................................19

8.2 Commissioning and decommissioning ...........................................................................................................................19

8.3 Maintenance, control, calibration, certification, and validation ................................................................20

8.4 Physical security .................................................................................................................................................................................20

8.5 Biological materials inventory................................................................................................................................................20

8.6 Good microbiological technique ...........................................................................................................................................20

8.7 Clothing and personal protective equipment (PPE) ............................................................................................20

© ISO 2019 – All rights reserved iii
---------------------- Page: 3 ----------------------
ISO 35001:2019(E)

8.8 Decontamination and waste management ..................................................................................................................20

8.9 Emergency response and contingency planning ....................................................................................................21

8.9.1 Emergency scenarios ................................................................................................................................................21

8.9.2 Emergency plan training ........................................................................................................................................21

8.9.3 Emergency exercises and simulations .......................................................................................................21

8.9.4 Contingency plans........................................................................................................................................................21

8.10 Transport of biological materials .........................................................................................................................................21

8.10.1 Transport security .......................................................................................................................................................22

9 Performance evaluation ............................................................................................................................................................................22

9.1 Monit oring, measurement, analysis, and evaluation...........................................................................................22

9.2 Int ernal audit .........................................................................................................................................................................................22

9.3 Management r eview ........................................................................................................................................................................23

10 Improvement .........................................................................................................................................................................................................23

10.1 General ........................................................................................................................................................................................................23

10.2 Incident, nonconformity, and corrective action .......................................................................................................24

10.3 Continual impr ovement ...............................................................................................................................................................24

Bibliography .............................................................................................................................................................................................................................26

iv © ISO 2019 – All rights reserved
---------------------- Page: 4 ----------------------
ISO 35001:2019(E)
Foreword

ISO (the International Organization for Standardization) is a worldwide federation of national standards

bodies (ISO member bodies). The work of preparing International Standards is normally carried out

through ISO technical committees. Each member body interested in a subject for which a technical

committee has been established has the right to be represented on that committee. International

organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.

ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of

electrotechnical standardization.

The procedures used to develop this document and those intended for its further maintenance are

described in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the

different types of ISO documents should be noted. This document was drafted in accordance with the

editorial rules of the ISO/IEC Directives, Part 2 (see www .iso .org/ directives).

Attention is drawn to the possibility that some of the elements of this document may be the subject of

patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of

any patent rights identified during the development of the document will be in the Introduction and/or

on the ISO list of patent declarations received (see www .iso .org/ patents).

Any trade name used in this document is information given for the convenience of users and does not

constitute an endorsement.

For an explanation on the voluntary nature of standards, the meaning of ISO specific terms and

expressions related to conformity assessment, as well as information about ISO's adherence to the

World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see the following

URL: www .iso .org/ iso/ foreword .html.

This document was prepared by Technical Committee 212, Clinical laboratory testing and in vitro

diagnostic test systems.

Any feedback or questions on this document should be directed to the user’s national standards body. A

complete listing of these bodies can be found at www .iso .org/ members .html.
© ISO 2019 – All rights reserved v
---------------------- Page: 5 ----------------------
ISO 35001:2019(E)
Introduction
The biorisk management system:

— establishes the biorisk management principles that enable laboratories and related facilities to

achieve their biosafety and biosecurity objectives;

— defines the essential components of a biorisk management system framework to be integrated into a

laboratory or other related organization’s overall governance, strategy and planning, management,

reporting processes, policies, values, and culture;

— describes a comprehensive biorisk management process that mitigates biorisks (biosafety and

biosecurity risks); and

— provides guidance on the implementation and use of the standard, where appropriate.

The biorisk management system is based on a management system approach, which enables an

organization to effectively identify, assess, control, and evaluate the biosafety and biosecurity risks

inherent in its activities. As such, this document is intended to define requirements for a biorisk

management system that is appropriate to the nature and scale of any organization. The biorisk

management system is built on the concept of continual improvement through a cycle of planning,

implementing, reviewing, and improving the processes and actions that an organization undertakes to

meet its goals. This is known as the Plan-Do-Check-Act (PDCA) principle:

The PDCA model is an iterative process used by organizations to achieve continual improvement of

processes and products. It can be applied to a biorisk management system, and to each of its individual

elements, as follows:

— Plan: establish objectives, programmes, and processes necessary to deliver results in accordance

with the organization’s biorisk management policy;
— Do: implement the processes as planned;

— Check: monitor and measure activities and processes with regard to the biorisk management policy

and objectives, and report the results;

— Act: take actions to continually improve the biorisk management performance to achieve the

intended outcomes.

Figure 1 illustrates the PDCA framework and how it relates to other requirements of this document.

NOTE Figure 1 is adapted from ISO 45001 Occupational health and safety management system — Requirements

with guidance for use.
vi © ISO 2019 – All rights reserved
---------------------- Page: 6 ----------------------
ISO 35001:2019(E)
Figure 1 — Top down pyramid view of a biorisk management system model

Improving biorisk management requires attention to and understanding of the causes of

nonconformities and incidents. Systematic identification and correction of system deficiencies leads to

improved performance and control of biorisks.

Key factors in establishing and implementing a biorisk management system include:

— Commitment by top management to:
— provide adequate resources;
— prioritize and communicate biosafety and biosecurity policy;

— establish performance expectations and integrate biorisk management throughout the

organization;
— determine causes of incidents and nonconformities and prevent recurrence; and
— identify opportunities for improvement and prevention.
— Focus on continual improvement to:

— make continual improvement a priority for every individual in the organization;

© ISO 2019 – All rights reserved vii
---------------------- Page: 7 ----------------------
ISO 35001:2019(E)

— use periodic assessment against risk criteria established by the organization to identify areas

for potential improvement;
— continually improve the effectiveness and efficiency of processes;

— take corrective action for unsafe or unsecure practices, and promote preventive activities;

— provide workers in the organization with appropriate education and training to support biorisk

management, including the methods and tools of continual improvement;
— establish measures and goals for improvement; and
— recognize improvement.

A biorisk management program can assist an organization to fulfill its legal requirements and other

requirements.
viii © ISO 2019 – All rights reserved
---------------------- Page: 8 ----------------------
INTERNATIONAL STANDARD ISO 35001:2019(E)
Biorisk management for laboratories and other related
organisations
1 Scope

This document defines a process to identify, assess, control, and monitor the risks associated with

hazardous biological materials. This document is applicable to any laboratory or other organization

that works with, stores, transports, and/or disposes of hazardous biological materials. This document

is intended to complement existing International Standards for laboratories.

This document is not intended for laboratories that test for the presence of microorganisms and/or

toxins in food or feedstuffs. This document is not intended for the management of risks from the use of

genetically modified crops in agriculture.
2 Normative references
There are no normative references in this document.
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.

ISO and IEC maintain terminological databases for use in standardization at the following addresses:

— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at http:// www .electropedia .org/
3.1
organization

person or group of people that has its own functions with responsibilities, authorities, and relationships

to achieve its objectives (3.11)

Note 1 to entry: The concept of organization includes, but is not limited to, sole-trader, company, corporation, firm,

enterprise, authority, partnership, charity, or institution, or part or combination thereof, whether incorporated

or not, public or private.
3.2
interested party
stakeholder

person or organization (3.1) that can affect, be affected by, or perceive themselves to be affected by a

decision or activity
3.3
worker

person performing work or work-related activities under the control of the organization (3.1)

Note 1 to entry: Persons performing work or work-related activities under various arrangements, paid or unpaid,

such as regularly or temporarily, intermittently or seasonally, casually, or on a part-time basis.

Note 2 to entry: Workers include top management (3.8), managerial, and non-managerial persons.

Note 3 to entry: The work or work-related activities performed under the control of the organization (3.1) may be

performed by workers employed or contracted by the organization (3.1), or by a subcontractor.

[SOURCE: ISO 45001:2018, 3.3]
© ISO 2019 – All rights reserved 1
---------------------- Page: 9 ----------------------
ISO 35001:2019(E)
3.4
requirement
need or expectation that is stated, generally implied, or obligatory

Note 1 to entry: “Generally implied” means that it is custom or common practice for the organization (3.1) and

interested parties (3.2) that the need or expectation under consideration is implied.

Note 2 to entry: A specified requirement is one that is stated, for example in documented information (3.30).

3.5
management system

set of interrelated or interacting elements of an organization (3.1) to establish policies (3.10), objectives

(3.11), and processes (3.31) to achieve those objectives (3.11)

Note 1 to entry: A management system can address a single discipline or several disciplines.

Note 2 to entry: The system elements include the organization’s (3.1) structure, roles and responsibilities,

planning and operation.

Note 3 to entry: The scope of a management system may include the whole of the organization (3.1), specific and

identified functions of the organization (3.1), specific and identified sections of the organization (3.1), or one or

more functions across a group of organizations.
3.6
biorisk management

coordinated activities to direct and control an organization (3.1) with regard to biorisk (3.17)

[SOURCE: ISO Guide 73:2009, definition 2.1, modified — “risk” has been replaced by “biorisk.”]

3.7
biorisk management system

management system (3.5) or part of a management system (3.5) used to establish biorisk management

(3.6) policies (3.10), objectives (3.11), and processes (3.31) to achieve those objectives (3.11)

Note 1 to entry: A biorisk management system addresses the control of biorisk(s) (3.17).

3.8
top management

person or group of people who directs and controls an organization (3.1) at the highest level

Note 1 to entry: Top management has the power to delegate authority and provide resources within the

organization (3.1).

Note 2 to entry: If the scope of the biorisk management system (3.7) covers only part of an organization (3.1), then

top management refers to those who direct and control that part of the organization (3.1).

3.9
effectiveness
extent to which planned activities are realized and planned results achieved
3.10
policy

intentions and direction of an organization (3.1) as formally expressed by its top management (3.8)

3.11
objective
result to be achieved
Note 1 to entry: An objective can be strategic, tactical, or operational.

Note 2 to entry: Objectives can relate to different disciplines (such as financial, health and safety, and

environmental goals) and can apply at different levels [such as strategic, organization-wide, project, product and

process (3.31)].
2 © ISO 2019 – All rights reserved
---------------------- Page: 10 ----------------------
ISO 35001:2019(E)

Note 3 to entry: An objective can be expressed in other ways, e.g. as an intended outcome, a purpose, an

operational criterion, or by the use of other words with similar meaning (e.g. aim, goal, or target).

Note 4 to entry: In the context of biorisk management systems (3.7), objectives are set by the organization (3.1),

consistent with the organization’s policy (3.10), to achieve specific results.
3.12
environment

surroundings in which an organization (3.1) operates, including air, water, land, natural resources,

flora, fauna, humans, and their interrelationships

Note 1 to entry: Surroundings can extend from within an organization to the local, regional, and global system.

Note 2 to entry: Surroundings can be described in terms of biodiversity, ecosystems, climate, or other

characteristics.
[SOURCE: ISO 14001:2015, 3.2.1]
3.13
biological agent

any microbiological entity, cellular or non-cellular, naturally occurring or engineered, capable of

replication or of transferring genetic material that may be able to provoke infection, allergy, toxicity or

other adverse effects in humans, animals, or plants
EXAMPLE Bacteria, fungi, viruses, viroids, endo-, and ectoparasites.

Note 1 to entry: The definition of biological agents covers commonly used terms, such as pathogens, quarantine

microorganisms, microorganisms of dual-use potential.

Note 2 to entry: For the purpose of this document, prions are regarded as biological agents.

Note 3 to entry: The term “engineered” includes biological agents that are synthetically derived.

3.14
biological materials

any material comprised of, containing, or that may contain biological agents (3.13) and/or their harmful

products, such as toxins (3.15) and allergens

Note 1 to entry: Biological materials may be blood, secretions, or tissues of human or animal origin. Other

biological materials include debris ororganic material from nature, culture, or preservation media, and/or cell

cultures from human, animal, and plants.

Note 2 to entry: Animals and plants or parts thereof handled in relevant laboratories that may contain biological

agents (3.13) or toxins (3.15) or biological agent vectors, such as arthropods, nematodes, and mites, are

considered biological materials.
3.15
toxin

substance, produced by plants, animals, protists, fungi, bacteria, or viruses, which in small or moderate

amounts produces an adverse effect in humans, animals, or plants

Note 1 to entry: This definition includes substances and materials, natural or as a result of biotechnology, that

may contain toxins (see also biohazard (3.20)), any poisonous substance or any poisonous isomer, homologue, or

derivative of such a substance.

[SOURCE: CEN Workshop Agreement 15793:2011, Laboratory biorisk management, 3.46, modified —

clarified biological sources of toxins and added Note 1 to entry.]
3.16
risk
effect of uncertainty

Note 1 to entry: An effect is a deviation from the expected — positive or negative.

© ISO 2019 – All rights reserved 3
---------------------- Page: 11 ----------------------
ISO 35001:2019(E)

Note 2 to entry: Uncertainty is the state, even partial, of deficiency of information related to understanding or

knowledge of, an event, its consequence, or likelihood.

Note 3 to entry: Risk is often characterized by reference to potential “events” (as defined in ISO Guide 73) and

“consequences” (as defined in ISO Guide 73), or a combination of these.

Note 4 to entry: Risk is often expressed in terms of a combination of the consequences of an event (including

changes in circumstances) and the associated “likelihood” (as defined in ISO Guide 73) of occurrence.

3.17
biorisk

effect of uncertainty expressed by the combination of the consequences of an event (including changes

in circumstances) and the associated “likelihood” (as defined in ISO Guide 73) of occurrence, where

biological material (3.14) is the source of harm (3.18)

Note 1 to entry: The harm (3.18) can be the consequence of an unintentional exposure, accidental release, or loss,

theft, misuse, diversion, unauthorized access, or intentional unauthorized release.

3.18
harm

adverse effect on the health of people, animals, or plants, on the environment (3.12), or on property

3.19
hazard
source or situation with a potential for causing harm (3.18)
3.20
biohazard
potential source of harm (3.18) caused by biological materials (3.14)
3.21
threat

potential cause of an incident (3.39), which may result in harm to individuals, assets, a system,

...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.