Drills and Exercises Guidance: Best Practices

To meet the select agent regulation requirements for Security (42 CFR § 73.11external icon, 9 CFR § 121.11external icon and 7 CFR § 331.11external icon), Biosafety (42 CFR § 73.12external icon, 9 CFR § 121.12external icon and 7 CFR § 331.12external icon), and Incident Response (42 CFR § 73.14external icon, 9 CFR § 121.14external icon and 7 CFR § 331.14external icon), entities must perform drills and exercises to test their security, biosafety, and incident response plans. There are a number of ways to meet this requirement and ensure the effectiveness of these plans. Best practices for fulfilling the drill/exercise requirements according to regulation include:

  • Create a consistent approach that fulfills the specific needs of the entity. Some methodologies include:
    • Develop a drill and exercise program internally.
    • Hire outside organizations to help in developing drills and exercises.
    • Coordinate activities with other entities and/or state groups (e.g., local responders)
    • Decide whether to conduct each drill and exercise separately or combine them.
  • Conduct drills and exercises at least once a year that, individually or simultaneously, address the security plan, the biosafety plan, and the incident response plan. These drills and exercises can be tailored to fit the specific needs of the entity. Options include:
    • Discussion-based – workshops, tabletop exercises, etc.
    • Practical – functional exercises and full-scale drills.
  • Conduct drills and exercises that cover several policies or procedures from the security, biosafety, and incident response plans.
  • Avoid conducting the same exercise each year. Exercise multiple events to evaluate the effectiveness of the entity’s overall plans.
  • Develop a schedule that accommodates the BSAT program, facility, and the entity.
  • Use actual incidents or negative experiences that have occurred to meet the drill or exercise requirement.
Page last reviewed: September 9, 2020