Suitability Assessment Program Guidance: Training (Section 11(f)(3)(ii))
The ongoing assessment procedures described in the security plan must provide for the training of employees with access to Tier 1 BSAT on entity reporting policies and procedures, evaluation, and corrective actions concerning the assessment of personnel suitability.
Section 15(b) requires that entities with Tier 1 BSAT must conduct annual insider threat awareness briefings on how to identify and report suspicious behaviors. This requirement applies to all FSAP-approved personnel on the entity’s registration.
This training may be coordinated with other required training, encompassing biosafety, security, incident response, and job specific duties, in order to conserve resources and time. The primary focus of the annual Tier 1 BSAT specific training is (1) to promote insider threat awareness, and (2) inform individuals with access approval for Tier 1 BSAT of the policies and procedures contained in the entity suitability assessment program. This training could include:
- Insider threat awareness
- Behaviors of concern
- Entity pre-access suitability policies concerning Tier 1 BSAT
- Self and peer reporting procedures
- Statutory prohibitors
- Tier 1 BSAT user evaluation process
- Entity policy on ongoing suitability assessment procedures
- Entity policy on ongoing suitability monitoring procedures
- Corrective actions, procedures, and policies
- Procedures for voluntary and involuntary removal of Tier 1 BSAT access
- Information security (e.g., need to know)
All training should be documented and the training records kept in accordance with section 17 of the select agent regulations.