Security Plan Guidance:
Security Plan Roles and Responsibilities
The security program should define each individual’s roles and responsibilities and solicit their input for improvements.
An entity should be aware of, and collaborate with, the personnel responsible for and/or impacting security. This may include:
- Responsible Official (RO) / Alternate Responsible Official (ARO)
- Facility key control and/or access control personnel
- Alarm companies
- Campus security personnel
- Security personnel who observe video
- Local law enforcement or other response forces
- FBI – Weapons of Mass Destruction (WMD) coordinator
Key Entity Leadership
Certain parties should be involved in the process of designing and implementing the security plan. These include but are not limited to:
-
- Owner/Controller
- Principal Investigator (PI)
- Responsible Official (RO)
- Alternate Responsible Official (ARO)
- Human Resources
- Biosafety staff
- Security staff
- Institutional Biosafety Committee
- Laboratory Management
Security Plan Team
Each person brings an important perspective as a subject matter expert in their own specialty. This group should collaborate to develop a site-specific security plan. Plans also include agreements or arrangements with extra-entity organizations such as local law enforcement.
Entities should form a team of entity subject matter experts (SMEs), supporting security professionals, and stakeholders. The team should include entity professionals who are experts on the potential consequences of a theft, loss, or release of a select agent or toxin and the daily operations of the entity. Entities are also encouraged to include federal partners (i.e., the FBI) as well.
Entity personnel should provide knowledge of:
- SOPs, policies, and other organizational controls which can reinforce or be affected by security measures
- Public health consequences of the select agents and toxins
- Biosafety
- Operational requirements
- Value of the select agent or toxin work to the organization
- Current security systems
Facility and support personnel should provide knowledge of:
- Facility wide security measures
- Personnel hiring practices (background checks, reference checks, education verification)
- Planned upgrades to the facility
- Constraints which affect security (biosafety, fire code, ordinances, federal laws)
Local, state, and federal law enforcement and security personnel members may be able to provide knowledge of:
- Known threats to the entities
- Assistance with identifying vulnerabilities
- Assistance with designing or vetting the mitigating factors
- Economic and psychological impacts of the select agents or toxins
Once the team is formed, members should be consulted on a regular basis, including during the plan development and implementation. The team should meet annually as part of the security plan review.