Consultation Workshop on Draft SSBA Standards for DoHA PowerPoint PPT Presentation

presentation player overlay
1 / 43
About This Presentation
Transcript and Presenter's Notes

Title: Consultation Workshop on Draft SSBA Standards for DoHA


1
Consultation Workshop on Draft SSBA Standards
for DoHA
  • Tony Della Porta (Bio2ic)
  • Mark Bezzina and Fred Reynolds (Stancert)
  • David Rowlands (Direkt Consulting)

2
National Health Security Act and SSBA Standards
3
Scope, General and SSBA Management System
Requirements
  • Sections 1 and 2

4
Introduction
  • Normative Requirements
  • These are requirements that must be followed
  • Use the word shall which is equivalent to
    must

5
Example of Normative statement
6
Informative statements
  • These statements usually appear under
    Commentary and offer guidelines and advice on
    how to achieve the normative requirement
  • They are headed with the word Commentary and
    are in italics
  • They use the word should which is a
    recommendation to achieve best practice

7
Informative statement
8
Management Standard Approach
  • Plan
  • Planning, including identification of the risks
    and establishment of goals
  • Do
  • Implementation, including training and
    operational issues
  • Check
  • Checking, including monitoring and corrective
    actions
  • Act
  • Reviewing, including process innovation and
    acting to make needed changes to the SSBA
    management system

9
Scope
  • Complements NHS Act and NHS Regulations
  • Emphasis on Biosecurity not Biosafety
  • Biosafety covered by AS/NZS2243.3 and OHS
    legislation
  • The SSBA Standards are a legislative instrument
    and will be a requirement for non-exempt entities
    handling SSBAs

10
SSBAs
  • Tier 1 SSBAs
  • Those agents that pose the highest level
    biosecurity risk and must be tightly controlled
  • Tier 2 SSBAs
  • Those agents that pose a moderate biosecurity
    risk and must be subjected to proportionally
    moderate regulation
  • The list is varied from time to time by the
    Minister. The current list is on the DoHA web
    site
  • THE SSBAs IN THE LIST ARE NOT SUBJECT TO THIS
    CONSULTATION

11
SSBA Management System requirements
  • Section 2

12
General requirements
  • Non-exempt entities will establish and maintain a
    SSBA Management System
  • The system will include risk management,
    personnel security, work practices, waste
    management, physical security, information
    security and transport
  • Review and improvement
  • Informing employees and other relevant parties

13
Policy
  • Meeting reporting requirement
  • Justification for legitimate use of SSBA
  • Documentation and communication of roles
  • Effectively informing employees and third parties
  • Assessment of SSBA projects before any work is
    commenced

14
Roles and Responsibilities
  • Top Management
  • Responsible Officer and Deputy Responsible
    Officer
  • Reporting to top management on SSBA management
    system
  • Review and audit functions
  • Verifying that all risks have been addressed
  • Incident investigation and reporting
  • Verifying compliance
  • SSBA Management committee

15
Checking and Corrective Action
  • Records, documentation and data control
  • Compliance
  • Inspection and audit
  • Control of non-compliance
  • Corrective action
  • Preventive action

16
Comments on Management Systems Approach for SSBA
Standards
  • Participants from laboratories/entities that
    might handle SSBAs
  • Support management system approach
  • Would prefer technical standard with just list of
    compulsory requirements
  • Participants not from laboratories
  • Support management systems approach
  • Would prefer technical standard with just a list
    of compulsory requirements

17
Risk and incident management
  • Section 3

18
Risk Management
  • Risk assessment timing and scope
  • Hazard/risk identification
  • Theft of SSBA
  • Failure to properly screen staff
  • Loss of records
  • Infection of personnel
  • Inadequate access control
  • Inability to account for SSBA
  • Loss of SSBA during transport
  • Risk assessment
  • Risk management

19
Risk assessment
  • Potential for incident and possible causes
  • Evaluate need for preventative actions
  • Identify those responsible for control measures
  • Evaluate need for out of hours responses
  • Provision for staff absences
  • Determine and implement actions
  • Identify potential emergency situations with
    SSBAs
  • Need for emergency access/exit
  • Identify emergency access/exit routes
  • Provision for safe removal, transport, treatment
    and accommodation of contaminated personnel

20
Vulnerability analysis
  • See guidelines in HB167
  • The critical assets are SSBAs and the secure
    records
  • Determine the effectiveness of each layer of
    controls in preventing the threat as identified
    in the risk analysis.

21
Templates for Risk Assessment
  • Available from www.health.gov.au/ssba

22
Incident management
  • Management
  • Determine cause(s)
  • Evaluate need for action
  • Implementing needed action(s)
  • Recording results of action(s)
  • Reviewing corrective actions
  • Investigation
  • Documented procedures
  • Reportable Events

23
Personnel security and work practices
  • Sections 4

24
Recruitment
  • Consider qualifications, experience and aptitudes
    relating to handling SSBAs
  • Personnel handling Tier 1 SSBAs must have a
    National Criminal History and Political Motivated
    Violence checks
  • Recommended for those handling Tier 2 SSBAs
  • Recommend following AS 4811 206 and HB 323-2007

25
Personnel reliability and Authorisation
  • Reliability
  • Policy to be defined and implemented
  • Authorisation
  • Entity to authorise persons to handle SSBAs and
    maintain list of authorisations
  • Designated as an authorised person

26
Behavioural factors and control of workers
  • Human reliability and behavioural safety and
    security
  • Communications, consultation and feedback
  • Conflict management and resolution
  • Empowerment, including authority to stop work
  • Avoidance of blame culture
  • Respect for individual privacy and dignity

27
Exclusions
  • Measures for exclusion and removal of personnel
  • Where deemed necessary because of non-compliance
    or assessed risk
  • Removal of access to facility
  • Removal of access to secure information
  • Immediate physical removal if deemed necessary

28
Personnel training, awareness and competence
  • Appropriate education, training and experience
  • Training needs identified and maintained
  • Definition of SSBA training needs
  • Provision of required SSBA training
  • Determination of effectiveness of SSBA training
  • Provision of refresher training
  • Restrictions to ensure staff do not perform tasks
    for which they have not been trained
  • Maintain records
  • Review of competence
  • Tier 1 biannually, Tier 2 Annually
  • Tier 1 5 years previous technical experience
  • Tier 2 2 years previous technical experience

29
Waste management and physical security
  • Sections 5 and 6

30
Waste management
  • Waste management
  • Ensure that waste is disinfected and disposed of
    so that no SSBA leaves the entity without
    inactivation or destruction
  • Procedures to be validated
  • Decontamination and inactivation
  • Identify all contaminated or potentially
    contaminated items
  • Risk assessment
  • Detailed protocols
  • Records of decontamination/inactivation to be
    maintained Tier 1 (5 years) and Tier 2 (2 years)

31
Physical security
  • Identify vulnerabilities and implement effective
    control and monitoring system
  • Physical security perimeter
  • Physical entry controls
  • Limited to approved persons
  • Contractors and visitors to be accompanied at all
    times by an authorised person
  • Tier 1 card key plus additional control, no
    tailgating and pass back control
  • Tier 2 card key and pass back controls
  • Records
  • Kept Tier 1 (5 years) and Tier 2 (2 years)
  • Review regularly by Responsible Officer

32
Video Surveillance
  • For Tier 1 SSBAs
  • Monitoring of access points
  • Storage of records for 2 years
  • Tier 2 SSBAs
  • Not required

33
Information Security
  • Section 7

34
Information security
  • Identify sensitive information relating to SSBAs
  • Secure information related to SSBAs
  • Accesses reviewed Tier 1 (biannually) and Tier 2
    (annually)
  • Procedures addressing information security
  • Secure storage
  • Computer security including robust firewalls and
    encryption protocols
  • Strict policies regarding PCs, laptop computers,
    storage media, cameras entering and leaving the
    facility
  • Tier 1 SSBA information stored in secure system
    and securely backed up at regular intervals

35
SSBA inventory and information
  • Accurate and up-to-date SSBA inventory is
    established and maintained
  • Records are current, complete and stored securely
    with adequate backup.
  • Tier 1 records maintained for 5 years
  • Tier 2 records maintained for 2 years
  • Inventory monitoring and control
  • Tier 1 audited biannually
  • Tier 2 audited annually

36
Transport
  • Section 8

37
Transport of SSBAs
  • Transport of SSBAs must be safe and secure
  • Transport agents are not regulated by the NHS Act
  • Comply with Australian Dangerous Goods Code for
    Road and Rail and the Civil Aviation Safety
    Regulations
  • Shipping entity to verify in writing that
    receiving entity will accept the SSBA

38
Secure transport of SSBA
  • Shipping entity responsible for verifying that
    transport agent has a documented transport
    security plan
  • Transport security plan shall comprise of
  • Specific allocation of responsibilities for
    security to competent persons
  • Consideration of requirements for Class 6
    dangerous goods
  • Review of vulnerabilities as appropriate
  • Statements of measures including training,
    policies, operating practices and resources to
    reduce security risks
  • Up-to-date procedures for responding to security
    risks
  • Evaluation and testing of security plans
  • Security of transport information

39
Notification of shipment and receipt
  • Shipping entity to notify receiving entity of
    shipment details
  • Receiving entity to respond immediately if the
    shipment does not arrive at the expected time
  • If the SSBA has not been previously held by the
    receiving entity, to notify DoHA within 2 working
    days
  • Receiving entity responsible for checking if SSBA
    has been successfully shipped

40
Summary and conclusions

41
Process of commenting on draft SSBA Standards
  • http//www.stancert.com/ssba.html
  • The comments are to be made on a Word form found
    on the Stancert website
  • Your comments are to be sent to Standards
    Australia before 1 August 2008
  • All comments will be reviewed and comments made
    concerning their acceptance or rejection these
    will not be sent to the submitter but will be
    available to DoHA
  • DoHA will make final decisions on the content of
    the SSBA Standards

42
Section 2 Instructions Complete Section 3 of the
Comment Form as shown in the example below.
Email the form when completed to Sherene Daniel
at Sherene.Daniel_at_standards.org.au or Jodie
Campbell at Jodie.Campbell_at_standards.org.au
43
More Information
  • www.health.gov.au/ssba
  • http//www.stancert.com/ssba.html
  • Remember to comment on the draft SSBA Standards
    by 1 August 2008
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2026 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The : "Consultation Workshop on Draft SSBA Standards for DoHA" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!