Security Plan Guidance:
Unauthorized or Suspicious Persons
Section 11(c)(4) – Reporting and Removing Unauthorized or Suspicious Persons
An “unauthorized person” is not approved to have access to select agents and toxins or is not authorized by the entity to be in a particular area or be involved in particular conduct. A “suspicious person” is any individual who has no valid reason to be in or around the areas where select agents and toxins are possessed or used.
The security plan must describe the process for identifying and removing unauthorized and suspicious persons. It must also require follow-up actions such as reporting the information to the RO; and the RO reporting the information to entity security personnel, and possibly contacting local law enforcement agencies or FSAP, as appropriate.
Unauthorized and suspicious persons attempting to gain entry into registered areas without proper credentials should be identified, challenged and removed immediately. The RO must be notified immediately (see Section 11(d)(7) for more details).
The entity should consider:
- Integrating an access control measure (e.g., card key) into an alarm system which notifies a responder when an unauthorized person attempts to gain access (similar to an IDS, but does not involve an actual break in).
- Having a badge system which clearly identifies who does and does not have approved access to select agents and toxins.
- Provide training on how to remove unauthorized personnel (e.g., procedures for notification of security personnel and/or local law enforcement).
See RO Reporting for more detailed instructions for what activities should be reported to the RO.