Responsible Official FAQ's
FAQ's by Topic
- Due Diligence
- Inactivated Bacillus anthracis
- Legislature, Regulation, and Guidelines
- Personnel Suitability
- Report of the Identification of a Select Agent or Toxin
- Responsible Official
- Restricted Experiments
- Security Risk Assessments
- Select Agents and Toxins
- Theft, Loss, and Release
What is an alternate Responsible Official (ARO) and why should an entity consider appointing one?
Section 9(b) of the select agent regulations states that an entity may designate one or more individuals as an ARO, who may act for the RO in his/her absence. Situations arise in which the RO is not available to provide appropriate regulatory oversight (e.g., vacation, protracted illness, extended travel, death). As a best practice, the registered entity should designate one or more AROs to act in the absence of the RO.
What are the core responsibilities of the ARO?
- The ARO must be able and willing to assume the full range of responsibilities of the RO, should the RO be unable to serve.
- The ARO must have the ability to assume the full authority to fulfill all of the responsibilities of the RO if needed.
- The ARO must have the knowledge and authority to ensure compliance with the select agent regulations when acting as the RO and be able to take appropriate action on behalf of the entity.
- An individual designated as an ARO on APHIS/CDC Form 1, must have an SRA conducted by CJIS, and be approved by FSAP. AROs with access to Tier 1 select agents and toxins must also have undergone the entity’s personnel suitability assessment process.
- The qualities of the ARO should be similar to the qualities of RO.
Is the RO allowed to have other duties outside of their responsibilities as the RO?
Although it is not a violation of the select agent regulations for an individual serving as an RO to have other responsibilities, FSAP would not recommend this – especially at institutions with large and/or complex select agent programs. As with any other position of responsibility having an impact on the health and safety of individuals, animals, and plants inside tside the entity, the entity should evaluate the individual's duties based on the size of the entity, the number of personnel, and the scope of the RO resources.
Is it a requirement to have the RO or Alternate RO (ARO) on-site during normal business hours?
Yes, regulations in section 9(a)(5) of the select agent regulations require that the RO have a physical (and not merely a telephonic or audio/visual) presence at the registered entity to ensure that the entity is in compliance with the select agent regulations and is able to quickly respond to on-site incidents involving select agents and toxins. Ideally, the RO should be co-located with the entity, or within reasonable distance of all the entity's registered areas, to be able to quickly respond to emergencies and to provide appropriate oversight on a day-to-day basis. There must be an approved RO or ARO (who assumes full RO responsibilities in the absence of the RO) at a registered entity during normal business hours and the RO or ARO must be available for emergencies after normal business hours.
There are situations where registered entities have two or more registered laboratory facilities dispersed over a defined geographical location (e.g., a university campus or business complex). FSAP considers this one general physical location which can be managed as one registration. The intent of the requirement that the RO have a physical presence at the registered entity is not to require that an RO is assigned to each laboratory but to ensure that an RO is physically located on-site.
Is a RO allowed to serve as RO or ARO for two entities?
It is the policy of the FSAP that an individual will not be approved by the FSAP to be a RO at more than one entity.
It is the policy of the FSAP that an individual who has been approved to be an RO will not be approved by the FSAP to be an ARO at another registered entity.
It is the policy of the FSAP that an individual who has been approved by the FSAP to be an ARO at one entity can be approved by the FSAP to be an ARO at another registered entity as long as when they serve as RO, they can meet the provisions outlined in Section 9 of the select agent regulations.
What is the position of the Federal Select Agent Program for ROs who hold the title but aren't engaged in the entity's select agent program?
By definition, the RO must be engaged in the entity’s select agent program. The registered entity must not only assign the RO the responsibility to ensure compliance with the select agent regulations; the entity must also ensure that it delegates to the RO sufficient authority to speak and act on behalf of the entity. A registered entity which fails to vest in its RO sufficient authority to ensure compliance with all of the requirements of the select agent regulations has failed in one of its primary responsibilities.
Is there guidance on what the RO should review during the annual audit of the entity's select agent program? Alternatively, would an inspection by a biosafety organization be adequate?
Yes, section 9(a)(6) of the select agent regulations requires the RO to ensure that annual inspections are conducted for each registered space where select agents and toxins are stored or used (all registered areas) in order to determine compliance with the requirements. Therefore, the RO does not have to specifically conduct the inspection. It should be noted that the inspections conducted by FSAP would not meet this requirement.
Establishing an internal annual inspection program provides a means for the RO to monitor compliance with the select agent regulations and identify deviations from acceptable laboratory safety or security practices. As such, the RO must ensure that annual reviews are conducted and appropriately documented, including the scope of the review, date(s) of the review, findings, and the appropriate corrective action(s) taken for any deficiencies found. The annual inspection should encompass every aspect of biosafety/biosecurity, security, and incident response at the entity, and should also include a review of the entity's inventory procedures to ensure that individuals with access to inventories are following appropriate procedures for access and recording changes to the inventory. This can be separate from an overall periodic reconciliation of the entire inventory (recommended every 3 years).
The inspection could be conducted by the entity's biosafety organization as long as the above requirements are met.
Is an individual at entity allowed to sign documents electronically?
Yes. For an individual to sign a document electronically, the entity should incorporate a method that:
- Identifies and authenticates a person using at least two factors of authentication, including something the person knows (i.e., email password) and something the person has (e.g., a mobile phone with SMS text message access);
- Provides a means to preserve the integrity of the signed record that is (a) portable, (b) independently verifiable, (c) tamper-evident, (d) granular, and (e) verifiable in the long-term; and
- Meets the requirements of the Government Paperwork Elimination Act, the Electronic Signatures in Global and National Commerce Act (ESIGN, 15 U.S.C. ch. 96), and the Uniform Electronic Transactions Act.
In addition, the electronic form of signature must be executed or adopted by a person with the intent to sign the electronic record (e.g., to indicate a person’s approval of the information contained in the electronic record). Not only must this intent be captured at the time of each signature, but it must also be captured for each individual signature and be provided as granular evidence within the electronic signature system’s audit trail. Each signed document must be backed by an audit trail that captures intent to sign for each individual signature and provides granular, consistent, time stamped evidence as to every step in the entire signature process. The electronic form of signature must be attached to or associated with the electronic record being signed, and each signature should be produced according to established standards. The signature should be independently verifiable, without relying on the electronic signature service or website to be validated.