alexa CWA 15793: When the Biorisk Management is the Core of a Facility

ISSN: 2574-0407

Medical Safety & Global Health

  • Review Article   
  • Biosafety 2014, Vol 3(2): 119
  • DOI: 10.4172/2167-0331.1000119

CWA 15793: When the Biorisk Management is the Core of a Facility

Xavier Abad*
Centre de Recerca en Sanitat Animal, CReSA, UAB-IRTA, Campus of Universitat Autonoma de Barcelona 08193, Bellaterra, Catalonia, Spain versity of New York at Buffalo, USA
*Corresponding Author: Xavier Abad, Centre de Recerca en Sanitat Animal, CReSA, UAB-IRTA, Campus of Universitat Autonoma de Barcelona 08193, Bellaterra, Catalonia, Spain, Tel: +34 935814564, Email: [email protected]

Received Date: Mar 24, 2014 / Accepted Date: Apr 05, 2014 / Published Date: Apr 10, 2014

All facilities that have biorisk as a core of their activities when working in production and research, using pathogenic bacteria or viruses infecting humans or animals beings (or even plants), have now an agreement document as a guidance for their activities: the CWA 15793 [1]. This standard, voluntary and without the force of regulation (for the moment), is based on a management system approach. The purpose of such system is the improvement of the organization’s effectiveness and efficiency by means of identifying, understanding and managing a system of interrelated processes in which biosafety plays a big role. A successful biorisk management system depends on the solid commitment by top management, which shall provide the adequate resources and priorities and shall make continual improvement an objective for every individual in the organization (this includes periodic assessment, promoting prevention activities and training and recognizing or rewarding this improvement). This biorisk management agreement is compatible with the EN ISO 9001:2008 (Quality), ISO 14001:2004 (Environmental) and OHSAS (Occupational Health and Safety) standards. For further comments see “Biosafety and Quality issues must go hand in hand” [2].

This document is focused on the “generic” management of the risk, but it does not employ a biological agent risk classification or facility containment/biosafety levels. For the organization, the greater challenge is the continual improvement in the control of biorisks (following a Plan-Do-Check-Act [PDCA] approach); the organization should identify opportunities of improvement (e. g., training, preventive actions, effectiveness of follow-up actions, etc.) and act according to the available resources and potential gains in terms of improved control of risk.

This CWA may enable organizations to:

• Establish and keep a biorisk management system to control and minimize risk to acceptable levels.

• By means of tools and systems, provide assurance that the requirements are in place.

• Request and achieve a certification or verification of the management system by an independent third party.

• Provide a basis for training and raising awareness of biosafety and biosecurity guidelines.

• Due to the extension of the agreement, this article will focus on its key points, which are extracted from section 4.3 to 4.5. The remaining points could be thoroughly developed in other articles:

• There is no biorisk management system without the assignment of trained and qualified personnel, who need the freedom and authority within the center, and enough materials and means (, to initiate in an autonomous manner, a preventive or corrective action followed by its resolution.

• The hazard management should be prior (proactive) to a great number of activities or procedures (, including: starting of work with new pathogens, work with usual pathogens in new areas or alterations to workflow or volume, unexpected events in research activities, significant alterations to waste management-based procedures, entry or exit of materials, new PPEs...

One framework to be followed in the decision-making of all activities carried out in the facility is outlined in Figure 1.


Figure 1: Framework to be followed in decision-making of all activities carried out in the facility.

• Associated hazards should be identified and reported, regardless of how likely they might be, and should be assessed in relation to their impact on employees and the community, as well as on animals and the environment ( To that end, the involvement of the entire team (,, and in this process will be necessary. This hazard identification will need to be reported in order to revise the process (continual improvement) and allow a subsequent assessment of the hazard, with suitable methodologies and records ( This assessment will identify the hazards that need to be eliminated and controlled based on a relation between likelihood and consequence [3]. Assessments can be qualitative, semi-quantitative or quantitative. After each hazard assessment and the implementation of control measures, remaining risks should be reviewed in order to decide if they are acceptable or whether additional treatment need to be implemented.

• All this work has no sense without the allocation of actions, including timelines, responsible persons and available means, as well as associated information, approval and revision mechanisms (

• The organization shall establish objectives and targets in the biorisk control and, thus, procedures for monitoring the effectiveness of these controls will be needed (4.3.3).

• The risk management system will work only if the top management takes this ultimate responsibility ( by assigning appropriate personnel, technological and financial resources.

• A standard structure with non-proprietary names would include, but is not limited to, a Senior Management (, a biorisk management committee (, a Biological Safety Officer (, a Scientific Management ( and a facility manager ( Senior Management has an operational responsibility to establish, maintain and promote the biorisk management system, and reports to the top management. The Senior Management representative could be an individual with operational and budgetary authority. In order to support the Senior Management a Biorisk Management Committee (or Biosafety Committee) is constituted. This is a group of experts, meeting at least at defined regularity, with documented criteria and methodologies to record all actions undertaken with tracking. The committee also reviews issues addressed and incidents/accidents, and approves proposals for new or modified activities (see The Biosafety Officer must be a competent individual with the authority to stop activities or works if necessary. This role is independent of those responsible for implementing of programme of work. The agreement provides that this function should not necessarily be regarded as a managing position (risk management would be executed by a laboratory director, a group leader, a department head, etc.), but an advisory position. The responsibilities include: follow-up of incidents/accidents; flow of risk management information, delivery of training, verification that the management procedures are addressed in conjunction with the personnel involved, etc. Scientific Management is better when only constituted by one person; if more than one individual may hold similar roles, the responsibilities should be clearly defined. Scientific Management should ensure that regulatory issues and authorizations are in force, that the risk assessments have been performed, reviewed and approved and that all employees have been properly informed and are supervised. Moreover, Scientific Management should also plan activities ensuring adequate staffing levels, equipment, time and space. The Facility Manager, with indeep knowledge of the facility and containment systems, would provide input into risk assessment from a facility perspective and maintenance work. Although the agreement does not read it, these contributions would probably be sent to the Scientific Management or Biosafety Committee. It is also convenient that the Security Management, liaised with the Biosafety Officer, would be more related to biosecurity issues.

• Personnel management. The organization shall ensure that personnel managing biorisks in the workplace are competent to do so. Competence levels should be judged on terms of the quality and quantity of the management risk (4.4.2). New hires or job reassignments within the organization should be assessed in terms of skills and abilities related to biorisks. While acquiring competence (training), supervision is required ( No employee should be exempt from demonstrating competence irrespective of rank, experience, etc. The organization shall ensure contingency and backup measures to address the succession for personnel (vacations, sick leaves) that do not compromise the integrity of risk management (

• Personnel training. The organization shall ensure that procedures for biorisk continuous training are actively maintained. These procedures include the definition of unmet needs, the evaluation and recording of effectiveness of training and the restriction of activities on personnel to ensure that they do not perform tasks for which they are not trained or tasks of the training they have not passed.

Communication of updated information to and from employees relating to all biorisk management activities should be carried out in meetings or briefings at regular intervals (4.4.3).

• There should be a managing control of the facility safety in order to adopt a preventive approach of accidents or incidents (fire, use of chemicals, power interruption, situations of asphyxiation, equipment under pressure or use of laboratory animals) which are likely to exacerbate or impact on biorisk management (

• As a primary guide source of hazards, the organization shall ensure that an accurate and updated biological agents and toxins inventory is always maintained ( It shall ensure that transfers of biological agents and toxins into and out of the facility are also controlled according to the level of the risk. The inventory will have a restricted access, by means of implementing access controls and alarms, maintaining a reliable sample identification system and segregating in case of incompatibility; for certain biological agents, the stored volumes, consumption and destruction of material should be recorded. Shipment tracking and verification of the receipt are important considerations when sending biological agents to another facility [4].

• Work programme and change management (personnel policies and visits, methodologies and disinfection, changes in buildings or equipment, etc.). The changes should be reviewed and approved as appropriate, especially alterations which may have an effect on biorisk management (

• Work practices (

1. Good microbiological techniques carried out by competent personnel with appropriate resources (

2. Inactivation of biological agents or toxins to ensure that appropriate procedures are effectively implemented ( Redundant methods of inactivation/decontamination for both samples and solid and liquid waste are necessary. These are executed in a planned and tracked way. It is important to record the eligibility of the selected methodologies put in place, in the conditions of use.

3. Waste management. The organization should validate procedures for the inactivation of waste products. This management needs to be documented and traceable. It is important to ensure that the programme minimizes the waste production, for example by prior segregation.

4. Clothing and Personal Protective Equipment (PPE, PPE must be adequate (for use during both normal and emergency working conditions), and should be made available. Appropriate programme should be conducted to ensure that routine checks and maintenance of PPE are carried out. User’s feedback, particularly in relation to the impaired dexterity or visibility should be given due consideration.

• Worker health programme ( The organization shall ensure the effective management of risk to workers health (but also visitors and external technical services) with protection and preventive measures (including a vaccination policy [4.4 .4.6.1]). Relevant personnel that may be consulted by the programme include: Scientific Management, human resources representatives, employee representatives and Biosafety officer representatives and internal or external health consultant.

• Control of workers and external personnel ( The organization shall maintain biosafety associated with human behavior (conflict management, ergonomics, and respect for privacy) and shall ensure personnel reliability (, as well as temporary or permanent exclusion procedures from biorisk areas.

• Infrastructure and operational management (

1. Planning, design and verification must be always documented and filed in a traceable way. The organization shall ensure that all designs or modifications are adopted for the facilities, equipment and processes based upon the biorisk management.

2. Commissioning and decommissioning of the facility, by structures and documented process with milestones in order to proceed to the next steps; the decommissioning process should identify the decontamination procedures and their subsequent standards of acceptance.

3. Maintenance, control, calibration, certification and validation ( of the equipment and facility elements that may impact on biorisk management. The organization shall follow the planning with a particular frequency, which will be documented, as well as store spare parts to deal with failures. The repair of equipment needs to meet some decontamination requirements, and must be recorded.

4. Physical security. Measures should be set in place to prevent leakages or the removal of biological agents, always in accordance with biosecurity measures to minimize conflicts.

5. Information security (as valuable and/or dangerous as biological agents), with a policy and a procedure to identify sensitive information, computer security and information storage systems management.

6. Control of supplies ( (laboratory equipment, cleaning services and maintenance, waste managers). These supplies must meet the specifications set by the facility, in regard to biorisks.

• Transport of biological agents and toxins (, with written and traceable procedures on safe transport of cultures, samples and contaminated material, with particular reference to: packaging, identification, associated documents, authorized carriers. The transfer is only possible when justified and after completing transfer forms, also legally authorized. A specific approach has been previously discussed (Abad, 2012).

• Emergency response and contingency plans (4.4.5). The organization shall establish plans or procedures to identify the possibility of incidents and emergencies involving biological agents, to prevent and to mitigate their occurrence. All foreseeable and/or credible (not all imaginable) emergency scenarios ( should be identified, e. g., accidents or illness to workers, explosion, fire, utility failure (water, electricity, gas), failure of disinfection regimes, aerosol release, unexpected virulence, act of terrorism or deliberate vandalism, theft or loss of biological agents, etc.

• These protocols are structured in emergency plans that must address at least: the identification of those responsible for control measures; mechanisms of response 24/365; the need for emergency exit routes (optimally diverse); the provision for safe removal, transfer, treatment and accommodation of contaminated persons and objects. Emergency plans may require the involvement of external agencies (police, fire services, medical services, environmental authorities), in such cases, reaching written agreements or memorandums of action that ensure that their actions would not increase the risk associated with the emergency; contact persons of those parts should be known. All this information should be forwarded to the responsible emergency management staff from the center. Emergency plans should be tested and maintained, and all necessary materials (first aid) and human teams must be available and updated in order to manage medical emergencies. The organization shall ensure that structured and realistic emergency exercises and simulations ( are conducted to learn from any good practices but also deficiencies or risky behaviors identified, which should be documented. Contingency plans should be ultimately documented ( These plans ensure the safe continuity of operations (alternative facilities, backup systems, redundancy, and alternative means of decontamination) or the controlled and safe shut down of operations.

• The organization shall ensure that appropriate data, records and documents are collected and analyzed to evaluate where continual improvement of the biorisk management can be made (4.5.2). At least once a year, these data, records and documents must be reviewed by management in order to demonstrate compliance with the requirements of this agreement 15793. This includes: risk assessments, SOPs and safety manuals, training records, containment equipment certifications, audits, etc. In particular, the organization shall ensure that a control and tracking of the inventory (4.5.3) is conducted at undetermined intervals and intensity (depends on the nature of the agent and the potential risk of harm). The organization should demonstrate proactive measures towards the minimization of quantities or volumes of biological agents stored. Accidents/ incidents should be investigated (4.5.4) to record, analyze and learn from lessons. The accident investigation system must include: defining what constitutes an accident/incident, identifying those responsible for the investigation, reporting procedures, identifying frequency and distribution, ensuring analysis of trends, providing corrective action tracking mechanisms, etc.

• Finally, the organization shall have a non-conformity control system (, a corrective action system ( and a preventive action system ( to identify and eliminate the causes of potential non-conformities. The organization shall ensure that an appropriate programme of inspection and audit is conducted at planned intervals to determine whether the risk management system is effectively implemented and maintained. Inspections may be frequent checks on areas and/or processes; or inspections can be more extensive but less frequent and it may be convenient to incorporate some random or unannounced inspections and audits.

In short, this standard highlights the management of biorisks in the center of activities, and also organizes and manages the remaining tasks (human resources, training, equipment and facilities management, maintenance and verifications, disinfection/decontamination processes, PPE, waste treatment, inventory and transport of biological agents, emergencies and contingencies, etc.). The standard seeks continual improvement in processes, in a proactive way, planning in advance, using risk assessment tools but documenting and analyzing all incidents to extract information and achieve further improvement. The improvement is also expected from a consistent, documented training plan from workers about biorisk issues. Employees’ feedback (those are the eyes and hands of the organization) is essential. This risk management can determine the creation of a series of positions or functions, but all of them may not be essential in all organizations if the responsibilities of each individual are not clearly defined. It is possible that the Biosafety Officer, who is more or less an executive, would take care of responsibilities, improvement suggestions and opinions from others (Management, Scientific Management, researchers, etc.). The Biosafety Officer would also be needed the most when managing the biological risk within the parameters of this standard. The fact that all improvement actions impact on the organization should not blur the managing responsibilities: all improvement actions should always include specific responsible individuals for management, means and clear timelines. Finally, although technicians, researchers and managers involved in the design and implementation of the agreement (bottomup) share it, such agreement would absolutely fail if not promoted by Top Management (top-down).


Citation: Abad X (2014) CWA 15793: When the Biorisk Management is the Core of a Facility. Biosafety 3:119. Doi: 10.4172/2167-0331.1000119

Copyright: © 2014 Abad X. This is an open-access article distributed under the terms of the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited.

Select your language of interest to view the total content in your interested language

Post Your Comment Citation
Share This Article
Recommended Conferences
Article Usage
  • Total views: 13431
  • [From(publication date): 11-2014 - Dec 13, 2018]
  • Breakdown by view type
  • HTML page views: 9471
  • PDF downloads: 3960

Post your comment

captcha   Reload  Can't read the image? click here to refresh
Leave Your Message 24x7