Suitability Assessment Program Guidance: Suitability Assessments
The purpose of a suitability assessment program is to reduce the risk of an insider threat, which is an individual or group with authorized access to Tier 1 BSAT as part of their job who has the potential to misuse Tier 1 BSAT. Examples of an insider threat include:
- An individual with malevolent intent who infiltrates a research facility under the guise of a legitimate researcher in order to steal, release or divert select agents or toxins.
- An individual with access to select agents or toxins who is coerced or manipulated into providing access or expertise to unauthorized individuals with malevolent intent.
- An individual whose job duties require legitimate access to select agents or toxins but who may misuse, release or divert select agents or toxins as a result of a significant life changing event.
Suitability Assessment Program Leadership Requirements
The suitability assessment program can be divided into two sections. The pre-access suitability assessment determines whether an individual has the appropriate credentials and background to be allowed access to Tier 1 BSAT. The ongoing suitability assessment allows the entity to monitor the behavior of the individual through observation, self-reporting, and peer-reporting to ensure that the individual continues to be suitable for Tier 1 BSAT access.
While the Responsible Official is responsible for ensuring the development and implementation of the suitability assessment program, entity leadership should provide support and resources to ensure that the program is effective. Leadership may include the Owner/Controller, CEO, Ranking Official, Department Chair and other senior leadership personnel. Entity leadership can support the development and implementation of the suitability assessment program as follows:
- Collaborating with the RO to develop and implement a suitability assessment program for personnel access to Tier 1 BSAT.
- Providing resources for the RO to establish a suitability assessment program. This may include direct financial support or promoting connections between the RO and existing institutional resources (e.g., entity leadership, Human Resources (HR), security personnel, legal counsel, occupational health program, etc.).
- Supporting the RO in the establishment of policies and administrative procedures to execute an effective suitability assessment program. Essential program components may include:
- Routine pre-access and ongoing suitability assessment protocols.
- Policies that allow an individual to voluntarily “opt out” of Tier 1 BSAT work (coordination with human resources, supervisors, etc.).
- Policies that address the temporary or permanent denial of access to Tier 1 BSAT.
- Policies and procedures to manage appeals of administrative actions that may result from suitability assessments.
- Supporting efforts to protect from retribution those individuals reporting adverse or derogatory information, i.e. a plan for appropriately handling false reports.
- Establishing communication channels for the sharing of suitability program information, as appropriate, among relevant stakeholders and the RO. At a minimum, this involves the timely communication to entity personnel (administrators, supervisors, laboratorians, security, etc.) of the development, implementation, expected support, and personnel rights and responsibilities associated with the entity’s personnel suitability program.
- Promoting a culture of reliability, safety and security in all matters dealing with access to Tier 1 BSAT.
- Ensuring the authorized need, anonymity and confidentiality of personal information when shared.
Promoting a shared sense of responsibility for the safe and secure use of Tier 1 BSAT by all stakeholders will serve to strengthen the culture of reliability, safety and security at the registered entity.