Suitability Assessment Program Guidance: Development of a Risk and Threat Reporting Mechanism

Develop an integrated and transparent policy for self- and peer-reporting all risks and threats in regards to the safety and security of Tier 1 BSAT, staff well-being, and public safety to the appropriate authorities. Fully describe the reporting mechanism in the entity’s security plan, including defined communication channels capable of handling reported information in a uniform and confidential manner.

All individuals must understand their duty to report such information or behaviors of concern. Risk and threat reporting mechanisms should be clear and employ a consistent analytical framework to determine any action that may be needed. Utilize existing institutional guidelines and standards for reporting behavior, and modify these standards and policies to apply specifically to the entity’s Tier 1 BSAT security program.

In some instances, medical conditions may need to be considered in the development of self- and peer- reporting policy. Conditions that directly affect an individual’s immune status should be self-reported through appropriate channels to allow for proper evaluation of the enhanced personal risks posed to individuals with such conditions.

Entity leadership should support the development of reporting mechanisms and provide resources to assist ROs in carrying out reporting tasks. All individuals should be clearly instructed on all policies regarding self- and peer-reporting. Reporting policies could include, but are not limited to:

  • The types of information to report.
  • To whom the information should be reported.
  • How the reported information will be used to assess risks and determine actions.
  • Documentation requirements and availability of entity resources.
  • Confidentiality of the reporting process and the information collected.
  • Anonymous reporting.
  • Policies to prohibit reprisal for reporting.

All reporting procedures could  employ existing entity resources (i.e., HR, security, occupational health, etc.) in providing recommendations to the RO concerning access decisions in response to reported information.

Examples of Reportable Conditions, Behaviors, or Other Information

All reporting procedures could  employ existing entity resources (i.e., HR, security, occupational health, etc.) in providing recommendations to the RO concerning access decisions in response to reported information.

  • Circumstances that may affect SRA status of an individual.
  • Circumstances that may affect the ability of an individual to perform his or her job in a safe and secure manner (e.g., performance of duties declines markedly; significant increase in distraction or mistakes; increase in risk-taking behaviors).
  • Significant changes in behavior, attitudes, demeanor, or actions (e.g., increasingly withdrawn; significant and prolonged deterioration in appearance; unjustified anger or aggression; unexplained absences; signs of alcohol/drug abuse; criminal activity; and unexplained absences).
  • Stated or implied threats to colleagues, institutions, the security of Tier 1 BSAT, the well-being of laboratory animals, or the general public.
  • Willful non-compliance with the select agent regulations.
  • Any information that causes an individual to have concerns about his or her own ability to perform a job safely and securely.
  • Any circumstances that appear suspicious such as laboratory work that does not correspond to official project work or goals, requests for security or laboratory information without justification, acts of vandalism or property damage, attempts to gain unauthorized access for friends or colleagues.
  • Unlawfully carrying weapons (or carrying weapons in violation of institutional rules).
  • Providing false information on applications or other formal institutional documents.
  • Unauthorized work performed by an individual(s) in a facility during off-hours.
Page last reviewed: September 9, 2020