Incident Response Plan: Requirements
Incident Response Plan Requirements
Section 14 of the select agent regulations states that every registered entity must develop and implement a written incident response plan.
The incident response plan must fully describe the entity’s response to the following events:
- Loss, theft, or release of a select agent or toxin
- Inventory discrepancies
- Security breaches (including information systems access controls to BSAT)
- Severe weather and other natural disasters
- Workplace violence
- Bomb threats and suspicious packages
- Emergencies such as fired, gas leak, explosion, or power outage
- Other natural or man-made events that may threaten the entity
The incident response plan must account for the hazards associated with the select agents and toxins. The plan must outline containment procedures for all select agents and toxins including infected animals and plants.
Incident Response Plan Information
According to section 14(d), the incident response plan should contain the following information as applicable for the entity’s organization:
- Contact information for the Responsible Official and alternate Responsible Official(s) (RO and ARO(s))
- Contact information for building owner/manager, where applicable
- Contact information for facilities manager, where applicable
- Tenant office contact information, where applicable
- Contact information for entity’s physical security official, where applicable
- Personnel roles and lines of authority/communication
- Planning and coordination with local emergency responders
- Procedures to be followed by employees performing rescue or medical duties
- Emergency medical treatment and first aid
- A list of personal protective and emergency equipment and their locations
- Site security and control
- Procedures for emergency evacuation
- Evacuation type
- Exit route assignments
- Safe distances
- Places of refuge
- Decontamination procedures
You may also consider creating a quick view guide on the immediate responsibilities for a variety of incidents. See Appendix I: Sample Incident Immediate Responses for a list of immediate responsibilities to consider in the event of a number of incident types.
Tier 1 Incident Response Plan Requirements
Entities that possess or use Tier 1 select agents and toxins must comply with additional incident response planning requirements:
- Fully describe the response procedures for failure of intrusion detection (IDS) or alarm system
- Describe notification procedures for the appropriate Federal, State, or local law enforcement agencies for suspected criminal activity related to the entity, its personnel, or its select agents and toxins