Security Plan Guidance
Changes and Highlights
This is a living document subject to ongoing improvement. Feedback or suggestions for improvement from registered select agent entities or the public are welcomed. Submit comments directly to the Federal Select Agent Program (FSAP) at:
- October 12, 2012: Initial posting
- April 11, 2013: The revisions are primarily changes to correct editorial errors from previous version.
- July 3, 2013: Appendix added to document.
- September 2017: Added Tier 1 requirements.
- February 2020: Revised Inventory language to match Inventory Guidance and to correct editorial errors from previous version.
Section 11 of the select agent regulations (42 CFR § 73.11external icon, 7 CFR § 331.11external icon, and 9 CFR § 121.11external icon) requires a registered entity to develop and implement a written security plan that is:
- Sufficient to safeguard the select agents or toxins against unauthorized access, theft, loss, or release, and
- Designed according to a site-specific risk assessment, providing graded protection.
The purpose of this guidance document is to assist an entity in developing and implementing its site-specific security plan. As used in this document, the word “must” means a regulatory requirement. The use of the word “should” or “consider” is a suggested method to meet that requirement based on generally recognized security “best practices.” Implementation is performance-based and entities may find other ways to meet a regulatory requirement.
This document addresses the select agent regulations (SAR) with regard to security with one exception: Entities with Tier 1 BSAT have pre-access suitably and ongoing suitability assessment requirements which are addressed in the Guidance for Suitability Assessments.