ISO/DTS 7446

ISO/TC 212
ISO/CD TS 7446(en)
Secretariat: ANSI
Date: 2025-10-06
Implementation guidance for biorisk management infor laboratories
and other related organisations.organizations
ISO 35001 — Système de management des biorisques pour les laboratoires et autres organismes associés —
Guide de mise en oeuvre
ISO/CD TSDTS 7446:2025(en)
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication
may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying,
or posting on the internet or an intranet, without prior written permission. Permission can be requested from either ISO
at the address below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: + 41 22 749 01 11
E-mail: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii
ISO/CD TSDTS 7446:2025(en)
Contents
Foreword . v
Introduction . vi
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Context of the organization . 8
4.1 Understanding the organization and its context . 8
4.2 Understanding the needs and expectations of interested parties . 10
4.3 Determining the scope of the biorisk management system . 11
4.4 Biorisk management system . 12
5 Leadership . 12
5.1 Leadership and commitment . 12
5.2 Policy . 13
5.3 Roles, responsibilities and authorities . 15
6 Planning . 18
6.1 Actions to address risks and opportunities . 18
6.2 Hazard and threat identification and analysis . 21
6.3 Risk assessment . 21
6.4 Risk mitigation . 24
6.5 Performance evaluation . 24
6.6 Biorisk management objectives and planning to achieve them . 26
7 Support . 29
7.1 Resources . 29
7.2 Competence . 32
7.3 Awareness . 34
7.4 Communication and consultation . 36
7.5 Documented information . 37
7.6 Non-employees . 40
7.7 Personal security . 41
7.8 Control of suppliers . 41
8 Operation . 43
8.1 Operational planning and control . 43
8.2 Commissioning and decommissioning . 49
8.3 Maintenance, control, calibration, certification, and validation . 57
8.4 Physical security . 59
8.5 Biological materials inventory . 63
8.6 Good microbiological technique (GMPP) . 66
8.7 Clothing and personal protective equipment (PPE) . 71
8.8 Decontamination and waste management . 74
8.9 Emergency response and contingency planning . 78
8.10 Transport of biological materials . 82
9 Performance evaluation . 84
9.1 Monitoring, measurement, analysis, and evaluation . 84
9.2 Incident investigation . 84
9.3 Internal audit . 88
9.4 Management review . 95
iii
ISO/CD TSDTS 7446:2025(en)
10 Improvement . 96
10.1 General . 96
10.2 Incident, nonconformity and corrective action . 97
Annex A (informative) Identification and characterization of biorisk . 101
Annex B (informative) Selection of biorisk controls . 109
Annex C (informative) Biorisk reduction strategies . 114
Annex D (informative) Biorisk management of design and construction. 117
Annex E (informative) Biorisk management system framework . 129
Annex F (informative) Training and competency . 140
Annex G (informative) Enhanced control measures for high biorisk activities . 147
Bibliography . 154

iv
ISO/CD TSDTS 7446:2025(en)
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out through
ISO technical committees. Each member body interested in a subject for which a technical committee has been
established has the right to be represented on that committee. International organizations, governmental and
non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the
International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are described
in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the different types of
ISO documents should be noted. This document was drafted in accordance with the editorial rules of the
ISO/IEC Directives, Part 2 (see www.iso.org/directives).
Attention is drawnISO draws attention to the possibility that some of the elementsimplementation of this
document may beinvolve the subjectuse of (a) patent(s). ISO takes no position concerning the evidence,
validity or applicability of any claimed patent rights in respect thereof. As of the date of publication of this
document, ISO had not received notice of (a) patent(s) which may be required to implement this document.
However, implementers are cautioned that this may not represent the latest information, which may be
obtained from the patent database available at www.iso.org/patents. ISO shall not be held responsible for
identifying any or all such patent rights. Details of any patent rights identified during the development of the
document will be in the Introduction and/or on the ISO list of patent declarations received (see ).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation onof the voluntary nature of standards, the meaning of ISO specific terms and expressions
related to conformity assessment, as well as information about ISO's adherence to the World Trade
Organization (WTO) principles in the Technical Barriers to Trade (TBT)), see the following URL:
www.iso.org/iso/foreword.html.
This document was prepared by Technical Committee ISO/TC 212, ClinicalMedical laboratory testing and in
vitro diagnostic test systems, Working Group 5, Laboratory biorisk management.
This is the first edition of this document.
A list of all parts in the ISO 35001 series can be found on the ISO website.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www.iso.org/members.html.
v
ISO/CD TSDTS 7446:2025(en)
Introduction
ISO 35001 defines a process to identify, assess, control, and monitor the risks associated with hazardous
biological material. ISO 35001 is applicable to any laboratory or organization that is involved in any or all the
following activities with hazardous biological material: handling, storage, transportation, or disposal. This
document is intended to provide practical and easy to understand guidance for laboratories and other
organizations to implement ISO 35001 Biorisk management for laboratories and other related organizations.
It aims to support organizations and biorisk management advisors in implementing a practicable and robust
biorisk management system. The reader is encouraged to first review ISO 35001 and refer to this technical
specificationdocument in parallel.
Figure 1Figure 1 illustrates how documentation fits into the Plan-Do-Check-Act cycle of ISO 35001, although
not all listed documentation is a requirement of the standardISO 35001.

Biorisk management system
Improve
Prioritize
Adjust
Technical advisor
ACT Biorisk policies
PLAN
Audit,
Reports/actions Objectives,
Documentation
Review,
Scope,
Accident,
Leadership
Establishment of
Incident,
committees
Staff Occupational Terms of reference
Health
CHECK DO
Inventory,
Risk evaluation,
Mitigation,
Biorisk/biosafety manual
Procedures,
Training
Figure 1 — PDCA framework and its relationship to the requirements of ISO 35001.
An effective management system approach should be built on the concept of continual improvement through
a cycle of planning, implementing, reviewing, and improving the processes and actions that an organization
undertakes to meet goals. This is known as the PDCA (Plan-Do-Check-Act) principle:
— Plan: Planning, including identification of hazard and risk and establishing goals,;
— Do: Implementing, including training and operational issues,;
— Check: Checking, including monitoring and corrective action,;
vi
ISO/CD TSDTS 7446:2025(en)
— Act: Reviewing, including process innovation, and acting to make needed changes to the management
system.
vii
ISO/CD TSDTS 7446:2025(en)
Implementation guidance for biorisk management infor laboratories
and other related organisations.organizations
1 Scope
This document provides supplemental information and guidance on how to implement the requirements
listed in ISO 35001. This document does not add requirements to the standard.those in ISO 35001.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content constitutes
requirements of this document. For dated references, only the edition cited applies. For undated references,
the latest edition of the referenced document (including any amendments) applies.
ISO 20252:2019, Market, opinion and social research, including insights and data analytics — Vocabulary and
service requirements
ISO 35001:2019, Biorisk management for laboratories and other related organisations
3 Terms and definitions
For the purposes of this document, the following terms and definitions / terms and definitions given in
ISO 35001, as well as and the following apply.
ISO and IEC maintain terminologicalterminology databases for use in standardization at the following
addresses:
— IEC Electropedia: available at ISO Online browsing platform: available at https://www.iso.org/obp
— IEC Electropedia: available at https://www.electropedia.org/
3.1
biorisk management advisor
BMA
person who provides guidance on the development, implementation, maintenance, and continual
improvement of a biorisk management system
3.2
insider threat
individual or group of individuals using authorized access, wittingly or unwittingly, to do harm to the
organization'sorganization’s mission, resources, personnel, facilities, information, equipment, networks, or
systems
[SOURCE: Cybersecurity Infrastructure Security Agency, https://www.cisa.gov/topics/physical-
security/insider-threat-mitigation/defining-insider-threats]
3.3
scientific management
individual, or group of individuals, responsible for managing the scientific programme within the organization
ISO/CD TSDTS 7446:2025(en)
3.4
critical systems
equipment, hardware, software, and human interactions impacting one or more biosecurity or biosafety
functions, in which failure would cause a significant increase in biorisk for the organization, people, or
environment
3.5
calibration
set of operations that establish, under specified conditions, the relationship between values indicated by a
measuring instrument and the corresponding known values
Note 1 to entry: The standard emphasizes the importance of calibration inCalibration is an important part of ensuring
conformity to specified requirements.
[1]
Note 2 to entry: Adapted from ISO/IEC 17025:2017 [SOURCE: ]
.
3.6
certification
third-party attestation related to products, processes, systems, or persons
Note 1 to entry: The standard setsStandards set out the general principles and requirements for bodies providing
certification of conformity.
[2]
[SOURCE: ISO/IEC 29110-2-1:2015 ]
3.7
commissioning of a containment facility
process, modified — The original Notes to verify systems are working as intended
entry were removed and a new Note 1 to entry: Sustainable commissioning should demonstrate median
savings of 15% in existing buildings; laboratories have shown an average payback of retro-commissioning
costs of one year or less. was added.]
Note 2 to entry: Facility Managers might consider retro-commissioning, starting with an audit to assess energy and water
consumed in the laboratory. When auditing, include retro-commissioning of equipment when possible.
Note 3 to entry: Systematic evaluation of equipment can identify problems that developed as equipment aged or as
building uses changed. For example, recalibrating a temperature sensor is inexpensive but improves diagnostics and/or
monitoring. Correcting a variable-frequency drive motor controller that operates at an unnecessarily high-speed saves
energy and money over time without incurring significant first-cost.
3.103.7
context of the organization
combination of internal and external issues that can have an effect on an organization’s approach to
developing and achieving its objectives
Note 1 to entry: The organization’s objectives can be related to its products and services, investments, and behaviour
towards its interested parties.
Note 2 to entry: The concept of context of the organization is equally applicable to not-for-profit or public service
organizations as it is to those seeking profits.
Note 3 to entry: In English, this concept is often referred to by other terms such as “business environment”,
“organizational environment” or “ecosystem of an organization”.
ISO/CD TSDTS 7446:2025(en)
Note 4 to entry: Understanding the infrastructure can help to define the context of the organization.
[3]
[SOURCE: ISO 9000:2015 ], 3.2.2]
3.113.8
senior management
individuals with operational, budgetary, and human resources authority at the departmental level with
decision-making authority
Note 1 to entry: Senior management is normally the level of managers hierarchically lower in rank than top management,
e.g. middle managers, groups, individuals that will receive delegated authority from top management.
Note 2 to entry: seniorSenior management is responsible, among others, for allocating financial and human resources.
3.123.9
outsourced service providersprovider
providersprovider of defined services where an external organization performs part of an organization’s
function or process
Note 1 to entry: While an external organization is outside the scope of the management system, the outsourced function
or process is within the scope.
3.13
communications planning
process of defining how to meet the information and communication needs of the stakeholders
Note 1 to entry: Communications planning defines who needs what information, when they need it, and how it will be
provided.
[SOURCE: Modified ]
3.173.10
formal
following an agreed or official way of doing things
3.183.11
needs assessment
structured analysis to determine what of the purpose the proposed building and its systems are required to
serve based on all planned activities to be carried outfor a proposed space
[SOURCE: ]
3.203.12
approved plan
programme of work (3.39) for facility design and construction, containing organizational input from,
(including but not limited to,) management, workers, biorisk management advisors, architects, engineers, and
surveyors
3.213.13
commissioning
systematic documented review processes verifying that organizational requirements and specifications have
been met and components, systems, and integrated systems and facilities are correctly constructed and
installed, inspected, tested, and function as intended
ISO/CD TSDTS 7446:2025(en)
3.223.14
decommissioning
systematic documented review processes to remove a component, system, or facility from active service
3.233.15
conflict of interest
situation where business, financial, family, politicalin which an interested party has personal interest or
personal interests couldorganizational interest, directly or indirectly, that can compromise, or interfere with,
the judgment of personsability to act impartially in carrying out their duties forin the best interest of the
organization
Note 1 to entry: There can be different types of personal interests: business, financial, family, professional, religious or
political.
Note 2 to entry: Organizational interest relates to the interests of an organization or part of an organization (e.g. team or
department) rather than an individual.
[4]
[SOURCE: ISO 37001:2025 ]
3.243.16
handover
process of surrendering possession of a new or renovated component, system or facility to an organization
upon the completion of commissioning (3.13)
[5]
Note 1 to entry: Adapted from ISO 6707-2:2017 [SOURCE: ]
.
3.253.17
value engineering
approach used to optimize project life cycle costs, save time, improve quality, solve problems, and/or use
resources more effectively
[6]
[SOURCE: ISO/IEC/IEEE 24765:2017 [SOURCE: ]
, 3.4505, modified — “increase profits” and “expand market share” were removed from the definition.]
3.263.18
internet of things
IoT
infrastructure of interconnected entities, people, systems and information resources together with services
which processes and reacts to information from the physical world and virtual world
[7]
[SOURCE: ISO/IEC 20924:2024 , , 3.2.18]
3.273.19
acceptance criteria
defined limits placed on characteristics of components, systems and facilities to perform the intended function
Note 1 to entry: The criteria can be qualitative, quantitative, or a combination of both.
Note 2 to entry: Acceptance criteria can be evidence that requirements have been fulfilled.
3.283.20
planned maintenance
maintenance carried out in accordance with a specified time schedule
ISO/CD TSDTS 7446:2025(en)
[8]
[SOURCE: IEC 60050-192:2015/AMD1:2016 , 192-06-12, modified] — The preferred term “scheduled
maintenance” was removed; Note 1 to entry was removed.]
3.293.21
unplanned maintenance
corrective maintenance
activities undertaken to detect, isolate and rectify a fault so that the failed equipment, machine or system is
restored to its normal operable state, also referred to as corrective maintenance.
[9]
[SOURCE: ISO 6707-4:2021 , 3.5.14], modified — The preferred term “unplanned maintenance” was added.]
3.303.22
graded protection
layers or concentric rings of increasing security spanning from outside to inside the facilitymeasures around
a valuable asset
Note 1 to entry: A structured risk assessment enables prioritization of risks in a graded fashion such that greater security
measures are applied to higher risk assets.
[SOURCE: ]
3.323.23
risk group
RG
hazard group
classification of biological agents based on severity of disease (3.34upon each agent’s characteristics) and
epidemiological profileease of transmission in humans or animals
Note 1 to entry: The higher the risk or hazard group the higher the likelihood that the agent will cause and spread
infection in humans or animals in the country, and/or the more severe the consequences of that infection will be to
individual and public health, if it were to occur.
Note 2 to entry: Risk Group 1 (no or low individual or community risk): A microorganism that is unlikely to cause human
or animal disease.
Note 3 to entry: Risk Group 2 (moderate individual risk, low community risk): A pathogen that can cause human or
animal disease but is unlikely to be a serious hazard to laboratory personnel, the community, livestock or the
environment. Laboratory exposures can cause serious infection, but effective treatment and preventive measures are
available and the risk of spread of infection is limited.
Note 4 to entry: Risk Group 3 (high individual risk, low community risk): A pathogen that usually causes serious human
or animal disease but does not ordinarily spread from one infected individual to another. Effective treatment and
preventive measures are available.
Note 5 to entry: Risk Group 4 (high individual and community risk): A pathogen that usually causes serious human or
animal disease and that can be readily transmitted from one individual to another, directly or indirectly. Effective
treatment and preventive measures are not usually available.
[SOURCE: ]
3.34
curation
action or process of selecting, organizing, and looking after the items in a collection or inventory
ISO/CD TSDTS 7446:2025(en)
3.373.24
provenance
information on the place and time of origin, derivation or generation of a data set, proof of authenticity of the
data set, or a record of past and present ownership of the data set
[10]
[SOURCE: ISO/IEC 11179-33:2023 ], 3.11]
3.383.25
good microbiological technique
good microbiological practice and procedures
GMPP
set of practices and procedures that ensures the quality of science e.g., cross contamination prevention, correct
identification of work materials, and data accuracy, and safeguards to mitigate the identified biorisk
EXAMPLE Cross contamination prevention, correct identification of work materials, data accuracy.
Note 1 to entry: Good microbiological techniques apply to laboratory or related facility operation, not only to
microbiology.
3.393.26
biological safety cabinet
BSC
biosafety cabinet
ventilated enclosure, intended to offer protection to the user and the environment from the aerosols arising
from handling of potentially hazardous microorganisms, with means for filtering air discharged to the
atmosphere
[11]
[SOURCE: ISO 15190:2003 , 3.3 modified and , 3.5]
3.40
heightened control measures
risk control measures applied when the outcome of a biorisk assessment indicates the biological agents or
activities have risk that cannot be brought below the risk tolerance level without specialized biocontainment
consideration
[SOURCE: World Health Organization, Laboratory Biosafety Manual. Fourth Edition. ]
3.443.27
enhanced containment measures
highly detailed and stringent risk control measures considered necessary where a biorisk assessment
indicates activities pose very high risks to laboratory personnel, the wider community and/or the
environment
Note 1 to entry: These are especially needed for certain types of work with biological agents that can have catastrophic
consequences if an exposure or release were to occur.
3.453.28
waste stream
complete stream or flow of waste from its creation source to final disposal
Note 1 to entry: Waste can be gaseous, liquid, or solid.
Note 2 to entry: Biological waste stream refers to any waste materials that are generated from biological sources such as
living organisms, microbiological cultures and other biological materials. This type of waste stream can include items like
biological tissues, laboratory animal bedding, cell cultures, blood, body fluids, and any other waste that contains
potentially infectious materials.
ISO/CD TSDTS 7446:2025(en)
Note 3 to entry: Biological waste is often considered to be hazardous waste due to its potential to spread diseases and
infection. It needs to be treated and disposed of properly to minimize any potential risks to human health and the
environment. Special precautions and procedures can be required for handling, storing, and disposing of biological waste
streams.
3.463.29
business continuity plan
documented information that guides an organization to respond to a disruption and resume, recover and
restore the delivery of products and services consistent with its business continuity objectives
[SOURCE: , 3.27, modified]
3.47
near-miss
unplanned event that has the potential to cause harm but does not
3.48
audit scope
extent, focus, and boundaries of an audit
Note 1 to entry: The audit scope generally includes a description of the physical locations, organizational units, activities
and processes, as well as the time period covered.
[SOURCE: , 3.9.13, modified]
3.523.30
control plan
documented intention that outlines processes, steps, and actions to mitigate or eliminate biorisk
3.533.31
sharps
objectssharp
object capable of cutting or penetrating skin
EXAMPLE Needles of various types, syringes, scalpels, broken glass, culture slides, culture dishes, broken capillary
tubes, broken rigid plastic, exposed ends of dental wires.
[1612]
[SOURCE: ISO 23907-1:2019 , 3.15]
Field Code Changed
3.543.32
biorisk mitigation
comprehensive approach to reducing the risks associated with biological materials, such as pathogens and
toxins
Note 1 to entry: Biorisk mitigation focuses on implementing a combination of strategies and measures to eliminate or
minimize the risk of unintentional release, unauthorized access, loss, theft, misuse, or intentional release of biological
materials.
3.553.33
medical surveillance
medical examinations and tests designed to detect and monitor potential health effects from
hazardous exposures that require targeted prevention.
ISO/CD TSDTS 7446:2025(en)
3.563.34
disease
sickness, illness or condition, irrespective of origin or source, that presents or could present significant harm
to humans, animals and plants
3.573.35
social networking
building of relationships with other people who share similar personal or career content, interests, activities,
backgrounds or real-life connections
3.583.36
social media
online technologies and practices that people use to share opinions, insights, experiences and perspectives
with each other, transforming traditional one-to-many interactions into many-to-many interactions
[SOURCE: ISO 20252:2012, 2.63]ISO 19731:2017(en),2019, 3.3395]
3.593.37
standard operating procedure
SOP
set of instructions for the completion of a process
3.603.38
high efficiency particulate air
HEPA
filter ensuring that 99.97% of dust, pollen, mold, bacteria, and any airborne particles larger or smaller than
0.3 microns (µm) are removed from the air
3.613.39
programme of work
detailed plan outlining the sequence, method, and timing of a project'sproject’s execution, including all
associated narratives and information
3.623.40
business continuity management system
BCMS
structured process that helps organizations ensure their critical business functions continue to operate during
disruptions, minimizing impact and facilitating a swift recovery
Note 1 to entry: Development of the system involves identifying threats, assessing their impact, and developing
strategies to maintain operations during and after a disruption.
4 Context of the organization
4.1 Understanding the organization and its context
4.1.1 General
ISO 35001 is applicable to a wide variety of laboratories and other organizations that handle, store, transport
or dispose of hazardous biological materials. The intended audience for this document is broad. Laboratory
purposes can include laboratories within structures, enclosed containment or isolation systems or operations
outside in the environment.
Organizations can include hospitals and medical facilities, laboratories, production facilities, experimental
farms and fields, insectaries, arboretums, vivaria, research animal facilities, aquaria and aquaculture facilities,
clinical research laboratories and others.
ISO/CD TSDTS 7446:2025(en)
Activities are not limited to, but can include purposes such as human, animal, plant or microbial research;
medical, veterinary, or phytosanitary treatment; pathogen diagnosis, pest and disease control,; biological
therapeutics development, and; vaccine development.
The organization should define and endorse its biorisk management policy;, ensure that the organizational
culture is aligned with the biorisk management policy and determine objectives and key results that align with
those of the organization.
In a biorisk management context, whether found in the environment or in a laboratory, hazardous biological
material can potentially affect clean water and sanitation, food security, good health and well-being, climate
action, sustainable cities and communities, decent work and economic growth, life below water, and life on
land. In this context, international, national, local, organizational and laboratory authorities, and related
organizations are developing and promulgating appropriate and actionable regulations, standards, and
related requirements applicable to work involving hazardous biological materials. These are within the
context and responsibility of the organization and its biorisk culture and should be understood and addressed
in developing the organization’s biorisk management plan.
Within the organization’s particular area of activity, objectives can include providing a safe working
environment, an effective biorisk culture and adoption of appropriate physical security countermeasures in
an open and trusting environment by individuals throughout the organization who work together to support
or enhance best practice for laboratory biosafety and biosecurity. Voluntary, anonymous, non-punitive
reports of exposure or occupationally related disease developed as part of the biorisk culture are good
examples of the documentation and communication of objectives.
An organization’s ability to achieve biorisk management objectives depends on its ability to determine and
ultimately resolve issues. The organization can assess internal and external influences affecting both its ability
to resolve and prioritize pertinent issues and its ability to ameliorate biorisk. Such influences can be national
and international legislation and obligations and, internally, can be worker and skills availability. Examples of
potential issues include transferring or transporting hazardous biological material, biosafety issues, ethical
issues, and emerging issues. External influences can include the local environment, management oversight,
regulations, etc.
By implementing ISO 35001 the organization provides direction to its: workers, stakeholders, workers, sub-
contractors, etc. on how it will integrate biorisk-based decision making into their governance, planning,
management, reporting, policies, values, and culture. The overarching goal is to develop a biorisk management
culture where workers and stakeholders are aware of the importance of monitoring and managing biorisk.
Implementing ISO 35001 can help organizations to see both the risks and benefits associated with biorisk
management. Implementing ISO 35001 allows for more informed and effective decision making and resource
allocation, and for prioritising and planning risk management strategies.
The organization should have a clear vison and mission statement that guides its purpose and defines its
existence. organizationalOrganizational goals should be written in alignment with the vision and mission to
move activities in a focussed direction. Goals should be easily understood. Written and communicated
organizational boundaries define the perimeter of work, what the organization is doing and what it is not.
External issues that are relevant to the organization and its biorisk management system include, but are not
limited to, compliance and regulatory frameworks on the local, regional, national and international levels. To
meet their statutory requirements an organization should identify what it is subject to and keep that
information current. Other external issues can involve the community and its relationship with the
organization, its work and past interactions. This is especially important for containment laboratories. Other
issues can relate to specific stakeholder requirements linked to funding, collaboration, and public opinion.
Internal issues that can affect the biorisk management system can include worker and labour group relations,
condition of laboratories, equipment and infrastructure, work ethics, and resource allocation. Resolution of
ISO/CD TSDTS 7446:2025(en)
these internal issues can be handled by addressing personnel, maintenance and equipment replacement, and
the biorisk management culture.
4.1.2 The organization'sorganization’s external context
The organization'sorganization’s external context includes:
— the scientific, political, legal, regulatory, financial, technological, economic, natural, and competitive
environment, whether international, national, regional, or local,;
— key drivers and trends having impact on the objectives of the organization and;
— relationships with, and perceptions and values of, external stakeholders where these impact scientifically
sound biorisk management.
4.1.3 The organization'sorganization’s internal context
Evaluating the organization’s internal context can include, but is not limited to:
— governance, organizational structure, roles, and accountability,;
— policies, objectives, and the strategies that are in place to achieve them,;
— capabilities, understood in terms of resources and knowledge, e.g.,. capital, time, people, processes,
systems, and technologies,;
— information systems, information flows and decision-making processes (both formal and informal),);
— relationships with, and perceptions and values of, internal stakeholders where these impact scientifically
sound biorisk management,;
— the organization’s biorisk management culture,;
— standards, guidelines, and models adopted by the organization, and;
— the form and extent of contractual relationships.
4.2 Understanding the needs and expectations of interested parties
The organization’s biorisk management system should identify its biorisk needs and expectations for work
undertaken whether stated, generally implied or obligatory, e.g.,. a diagnostic laboratory receiving a sample
that requires additional containment measures. Furthermore, the organization should identify the interested
parties, e.g.,. labour unions;, funding and regulatory agencies, community, public relations, legal, or other
internal and external representatives, that can affect, be affected by, or perceive themselves to be affected by
a decision or activity of the organization.
The organization should define a process to identify, assess, control, and monitor the risks associated with
hazardous biological materials work as it applies to their operations. An organization needs to demonstrate
its ability to consistently manage biorisk in a manner that meets stakeholder and applicable statutory and
regulatory requirements, e.g.,. surveys, assessments, and analysis of its biorisk management activities.
When the organization identifies interested parties related to the biorisk management system, it should
consider external and internal stakeholders like:, such as
— regulatory agencies,
ISO/CD TSDTS 7446:2025(en)
— funding agencies,
— community organizations,
— environmental advocates,
— workers,
— suppliers and contractors, and
— organized labour.
ISO 35001 does not require the organization to consider interested parties that are not relevant to its biorisk
management system. The organization should determine if a particular requirement of a relevant interested
party is relevant to its biorisk management system.
Relevant requirements of interested parties should be determined through engagement and consultation
before the biorisk management system is being established.
4.3 Determining the scope of the biorisk management system
4.3.1 General
The scope of an organization’s biorisk management system should ensure the organization’s ability to:
— establish biorisk management principles enabling interested parties to comply with the requirements of
the organization’s biorisk management objectives;
— define required components of a biorisk management system and integrate them into the organization’s
overall governance, strategy and planning, management, reporting processes, policies, values, and culture;
— define and document a comprehensive biorisk management system that mitigates biorisk;
NOTE The scope define the boundaries within the organization and include the types of biological materials,
activities, processes, facilities, operations, and regulatory requirements. The organization can apply the biorisk
management system to specific facilities characterized by the type of biological material handled or any material that
involves specific biosecurity concerns. See Annex A for additional information.
A well-defined, documented and communicated scope will greatly assist in the implementation, maintenance,
and improvement of the system. The system should be reviewed regularly to verify existing assumptions and
decisions. These can include relationships with the community and their perceptions in case of containment
facilities, environmental concerns for agriculture related facilities, and financial support based on funding
agencies.
4.3.2 Documenting the biorisk management system scope
The scope of the organization’s biorisk management system, i.e.,. the range of activities carried out by the
organization to address biorisk, should be available and maintained as documented information. This can be
in a policy or mission statement and referenced in appropriate policies and manuals. Coordination can include
multi-discipline working and consistent messaging. The scope of the biorisk management system sets the
organizational boundaries included to meet the requirements of ISO 35001, including:
— defining the organization and management structure, its place in any parent organization, and the
relationships between management, technical operations, and support services;
ISO/CD
...