Security Plan Guidance: RO Reporting
Section 11(c)(8) – Suspicious Activities
The security plan must describe procedures for how the RO will be informed of suspicious activity that may be criminal in nature and related to the entity, its personnel, or its select agents and toxins. Individuals with access to select agents and toxins must be aware of the protocol for reporting suspicious or criminal activity. The plan must also describe procedures for how the entity will notify the appropriate federal, state, or local law enforcement agencies of such activity. Identify who best can respond to the circumstances during the security portion of the risk assessment.
Include in the security plan the procedures for how the entity will notify the appropriate Federal, State, or local law enforcement agencies of any suspicious or criminal activity.
Suspicious activity of a criminal nature includes:
- Those activities so identified in the site-specific security risk assessment.
- Insider:
- Attempts to create additional select agent or toxin inventory not authorized or required.
- Attempts to “cover up” and not report select agent or toxin inventory discrepancies.
- Attempts to remove select agent or toxin inventory without authorization.
- Attempts by “restricted” persons to intentionally access registered areas containing a select agent or toxin.
- Outsider:
- Indirect threats against the entity receives by email, letter, telephone, or website postings.
- Unauthorized attempts to purchase or transfer a select agent or toxin.
- Attempts to coerce entity personnel into a criminal act.
- Intimidation of entity personnel based on their scientific work (for example, eco-terrorism).
- Requests for access to laboratories for no apparent legitimate purpose, or for purposes that don’t seem legitimate.
- Unauthorized attempts to probe or gain access to proprietary information systems particularly access control systems (for example, attempts by unauthorized individuals to gain physical or electronic access to systems).
- Theft of identification documents, identification cards, key cards, or other items required to access registered areas.
- Personnel representing themselves as government personnel (federal, state, local) attempting to gain access to the facility or obtain sensitive information that cannot or will not present appropriate identification.
- Use of fraudulent documents or identification to request access.
Section 11(d)(7) – Reporting to the RO
Require that individuals with access approval from the HHS Secretary or Administrator immediately report any of the following to the Responsible Official:
- Any loss or compromise of keys, passwords, combination, etc.
- Any suspicious persons or activities.
- Any loss or theft of select agents or toxins.
- Any release of a select agent or toxin.
- Any sign that inventory or use records for select agents or toxins have been altered or otherwise compromised.
- Any loss of computer, hard drive or other data storage device containing information that could be used to gain access to select agents or toxins.
- Any security breach of containment laboratory containing select agents and toxins.