The deliberate release of harmful biological agents such as viruses, bacteria, fungi and toxins has the potential to cause significant damage to human health, the environment and the Australian economy.
In 2006, the Council of Australian Governments’ (COAG) Report on the Regulation and Control of Biological Agents identified that the regulations in place at the time focused on safety rather than security; and that there was a need to regulate the secure storage, possession, use and transport of security sensitive biological agents to minimise the risk of use for terrorism or criminal purposes.
The aim of the SSBA Regulatory Scheme is to limit the opportunities for acts of bioterrorism or biocrime to occur using harmful biological agents and to provide a legislative framework for managing the security of SSBAs. The scheme was developed using risk management principles to achieve a balance between counter-terrorism concerns and the interests of the regulated community and aims to maintain full access to SSBAs for those with a legitimate need. The SSBA Regulatory Scheme also builds on Australia's obligations under the Biological and Toxins Weapons Convention and UN Security Council Resolution 1540.
Table of Contents
- What's New (October 2019)
- Review of Biological Agents of Security Concern
- In the Media
- The National Security Act 2007
- The National Security Regulations 2018
- List of SSBAs
- SSBA Standards
- SSBA Regulatory Scheme Inspection Program
- SSBA Guidelines
- SSBA Fact Sheets
- Reporting Forms
- Entity and Facility Specific Training Template
- Security Risk Template
- Internal Review Tool
- SSBA Newsletters
- SSBA Regulator Scheme 2015-16 Self Assessment Report under the Regulator Performance Framework
- Contact SSBA Regulatory Scheme
- Links to related sites
Handling suspected or confirmed African swine fever virus under the SSBA Regulatory Scheme
In light of the changing distribution of African swine fever virus (ASFV) in the region, laboratories that would not usually screen for or handle ASFV may be required to test specimen samples that could contain the disease.
ASFV is a Tier 2 SSBA regulated by the Australian Government Department of Health. Handling and reporting obligations for ASFV differ depending on whether an entity is registered under the SSBA Regulatory Scheme or not.
Non-registered entities that handle suspected or confirmed ASFV must comply with Parts 9, 9A and/or 10 of the SSBA Standards as applicable, and report handling information, including the outcome of testing results, to the Department of Health through submission of a Non-Registered Facility Report for Suspected SSBAs and Confirmatory Testing Results form. Non-registered entities are encouraged to familiarise themselves with the requirements of the SSBA Regulatory Scheme for handling ASFV on the SSBA Regulatory Scheme website.
Guideline 3: Handling a Person or Animal, or Samples from a Person or Animal, Affected by an SSBA also assists in further describing the requirements for handling a person or animal, or samples from a person or animal, affected by an SSBA.
Please note, when required, reports must be submitted to the Department of Health as soon as possible and within two business days after you form the suspicion on the basis of your usual laboratory testing that you are handling a suspected SSBA.
Entities registered to handle ASFV on an ongoing basis must comply with Parts 1-8 (and Part 11 if applicable) of the SSBA Standards and are subject to a scheduled monitoring and compliance program. Registered entities are not required to report the outcome of testing results to the Department of Health after each occurrence, although need to ensure compliance with record keeping requirements under the SSBA Standards.
If you would like assistance with the reporting process and handling requirements, please email email@example.com or call (02) 6289 7477 during business hours.
Articles of InterestThe following resources are available on the internet at the sites listed below. Both can be downloaded free of charge (NOTE – some sites may require you to register with the site before download).
- Website - The Virtual Biosecurity Centre.
This website has a number of interesting articles and videos that include information about:
- Dual Use
- Agents and Toxins
- Link to free on line book – Responsible Research of Biological Agents and Toxins (National Academy of Sciences – USA).
Part 3 of the National Health Security Act 2007 establishes the regulatory scheme for entities and facilities that handle suspected or known SSBAs.
The NHS Act was amended in 2013 and these amendments came into force on 31 March 2013. A new Fact Sheet 17 – Changes to the National Health Security Legislation outlines the changes and is available here.
The National Health Security Act 2007 legislates the regulatory scheme and can be found at ComLaw, Commonwealth of Australia Law website: - National Health Security Act 2007
The National Health Security Regulations 2018 (NHS Regulations) support the National Health Security Act 2007 by providing operational detail about the SSBA Regulatory Scheme.
The NHS Regulations 2008 sunsetted on 1 October 2018 and were replaced with the (current) NHS Regulations 2018. There were minor administrative amendments to the regulations.
The NHS Regulations can be found at the ComLaw, Commonwealth of Australia Law website.
On 10 November 2008 the Minister established the List of SSBAs under Part 3 of the National Health Security Act 2007. The regulation of Tier 1 agents commenced on 31 January 2009 and the regulation of Tier 2 agents commenced on 31 January 2010.
Tier 1 agents are those that pose the highest security risk to Australia, while Tier 2 agents pose a high security risk.
The List of Security Sensitive Biological Agents (March 2016)
|Tier 1 SSBAs (with toxin thresholds*)||Tier 2 SSBAs|
|Abrin (5 mg)||
African swine fever virus
|Bacillus anthracis (Anthrax – virulent strains)||
Capripoxvirus (Sheep pox virus and Goat pox virus)
|Botulinum toxin (0.5 mg)||
Classical swine fever virus
Clostridium botulinum (Botulism; toxin-producing strains)
|Foot-and-mouth disease virus||
Francisella tularensis (Tularaemia)
|Highly pathogenic influenza virus, infecting humans||
Lumpy skin disease virus
|Ricin (5 mg)||
Yellow fever virus (non-vaccine strains)
|Variola virus (Smallpox)|
|Yersinia pestis (Plague)|
- The agents above only refer to infectious, viable and pathogenic organisms or active toxins.
- ‘Highly pathogenic influenza virus infecting humans’ includes influenza viral strains that fulfil all the criteria listed below:
- considered highly pathogenic in usual host animal;
- proven infection of humans; and
- involved in an outbreak of human disease.
Examples of such viral strains include the 1918 pandemic Influenza virus A and Influenza virus A H5N1.
- 'Botulinum toxin’ does not refer to a form approved for therapeutic use under the Therapeutic Goods Act 1989. For example, the forms of Botulinum toxin approved for therapeutic use and known under their commercial names Botox™ or Dysport™.
- The List is not a legislative instrument.
*Toxin thresholds refer to the minimum amount of toxin held by a facility for the toxin to be regulated.Top of page
The SSBA Standards outline the handling, storage, disposal and transport requirements of confirmed and suspected SSBAs for entities that are not exempt under the National Health Security Regulations 2018.
The latest version of the SSBA Standards dated March 2013, were determined by the Minister for Health under Section 35 of the National Health Security Act 2007 on 14 June 2013.
The SSBA Standards came into force on 20 June 2013.
SSBA Standards Determination (www.legislation.gov.au/Details/F2013L01065)
The SSBA Regulatory Scheme Inspection Program commenced in August 2009. SSBA Inspectors are provided by the Office of Gene Technology Regulator and are appointed by the Secretary of the Department of Health.
All facilities will be inspected within the first 12 months of registration. After this initial inspection, registered facilities handling Tier 1 SSBAs will be inspected every 18 months and registered facilities handling Tier 2 SSBAs will be inspected every two years. Non-registered facilities will be inspected on an as needed basis. Spot checks of registered and non-registered facilities may occur at any time.
Comprehensive and Mid-cycle Inspections
Initial Inspections are Comprehensive Inspections that cover all parts of the SSBA Standards and are carried out over two days. Provided a high level of compliance is achieved, the next inspection will be a Mid-cycle Inspection that specifically covers the previous inspection outcomes, any changes to the SSBA Regulatory Scheme or any alterations to the facility’s secure areas or processes. Mini Inspections are usually carried out over one day. Subsequent inspections will alternate between a Comprehensive (two day) Inspection and a Mid-cycle Inspection.
Spot checks and Desktop inspections
In 2012, the SSBA Regulatory Scheme introduced spot checks and desktop inspections.
Spot checks are a subset of routine monitoring and may also be conducted as part of follow-up reviews and focus on the outcome of previous inspections. Spot checks are conducted with 24 hours notice to a facility to ensure security requirements can be met and involve a physical inspection of the facility and review of records and interviews with staff. This type of inspection can be conducted on registered or non-registered facilities.
Desktop inspections were introduced in June 2012 to complement the physical inspection program. Desktop inspections are a paper-based assessment of a facility’s compliance with the SSBA Standards and require no on-site assessment of activities. The assessment can be against the complete SSBA Standards or a specific part or clause of the Standards. It can also assess a specific area of regulatory compliance, such as reporting requirements. A desktop inspection will comprise liaison with the Responsible or Contact Officers of a facility to make arrangements for the submission of the documented evidence required for the desktop inspection, a review of the paper-based records supplied by the facility and confirmation of the outcome of the desktop inspection.
Further information on the SSBA Regulatory Scheme Inspections is contained in Guideline 10 – SSBA Regulatory Scheme Monitoring Inspections (available from the SSBA Guidelines section of this website).
The SSBA Guidelines have been developed to support the SSBA Regulatory Scheme. Stakeholders are welcome to suggest areas of interest that may warrant the development of further Guidelines. Suggestions may be sent to ssba for consideration.
The purpose of the SSBA Fact Sheets is to support the education and awareness of the SSBA Regulatory Scheme and provide information to stakeholders on topics of particular interest. Stakeholders are welcome to suggest areas of interest that may warrant the development of further Fact Sheets. Suggestions may be sent to ssba for consideration.
Please note that the SSBA Fact Sheets are currently being updated to reflect the changes to the SSBA Standards. Entities will be notified once the new Fact Sheets are available.
The SSBA Reporting Forms allow entities and facilities to report to the Department of Health details of reportable events in relation to the handling of SSBAs. The first report (Initial Registration or Non-Registered Facility Report) is required to be submitted by a paper-based report and must be sent to the Department by Australia Post’s registered post service or courier. The addresses for postal reports can be found under the Contact SSBA Regulatory Scheme section.
Where possible, it is recommended that all other reports are submitted using the online Data Collection System (DCS). DCS access will be granted to the facility following the first submission of a paper-based report. If you have forgotten your user details please email a request to ssba.
This document has been produced to assist entities to meet the entity and facility specific training requirement under clause 3.9.1 of the SSBA Standards.
A PowerPoint presentation has been developed to align with the relevant clauses in the SSBA Standards that may require training for staff on entity/facility specific policies and procedures. A section has also been included on reporting to the SSBA Regulatory Scheme.
The slides have been broken into sections with each section covering one Part of the SSBA Standards and entities are encouraged to add or remove slides as needed. As the overall presentation is quite lengthy, trainers are encouraged to consider using each section or a group of sections as an individual module for training purposes and to allow training to be tailored to specific audiences – for example you may wish to include different information when training laboratory staff than that provided to staff who are only accessing sensitive information (such as IT personnel).
The use of this document is not mandatory and entities may use other training packages if preferred.
A copy of the Training Template PowerPoint is available by emailing the SSBA Regulatory Scheme.Top of page
The Security Risk Template (SRT) was developed as a tool to assist the regulated community to ensure that all risks associated with handing SSBAs have been identified and treated. Following feedback from the regulated community, the SRT has been revised to harmonise with current security risk management frameworks.
The new SRT (Version 1 – February 2011) has a new format and has been designed to meet the requirements of Part 2 of the SSBA Standards dealing with the risk assessment and risk management plans.
The use of the revised SRT is not mandatory and entities and facilities may choose to use other means to assist with risk assessment and risk management.
The SRT will no longer be able to be used as a checklist to monitor compliance with the SSBA Standards. In order to assist entities to do this, an Internal Review Tool has been developed.
Top of page
The Internal Review Tool (IRT) has been developed to assist entities and facilities to monitor compliance with the SSBA Standards. The IRT has a series of questions based on the requirements of the SSBA Standards with a simple check box system of Yes/No and comments, and each section also includes questions about recommended practices and procedures.
The use of the IRT is not mandatory and entities and facilities may choose to use other means to assist with compliance management.
Please note that the word version of this document includes both locked text and fields that will expand as data is entered, and so may have some unusual formatting when printed. The Department of Health recommends using the PDF version if you intend to enter the information by hand.
Top of page
The SSBA Newsletters have been produced by the Australian Government Department of Health to provide information in a concise and easy to read format. If you would like to subscribe to the SSBA Newsletter, or would like to suggest a topic for inclusion, please email us at ssba with your contact details or suggested topic.
- Issue 30 - August 2020
- Special Issue - March 2020 - Coronavirus disease 2019 (COVID-19)
- Issue 29 - October 2019
- Issue 28 - December 2018
- Issue 27 - June 2018
- Issue 26 - June 2016
- Issue 25 - December 2015
- Issue 24 - April 2015
- Issue 23 - October 2014
- Issue 22 - May 2014
- Issue 21 - August 2013
- Issue 20 - October 2012
- Issue 19 - July 2012
- Issue 18 - May 2012
- Issue 17 - February 2012
If you would like to obtain any previous newsletter, please email SSBA Regulatory Scheme.Top of page
Under the Australian Government Regulator Performance Framework (RPF) the Department of Health is responsible for ensuring that regulators within its portfolio, who meet defined criteria, complete an annual externally validated self-assessment report. The report considers the self-assessment of the Security Sensitive Biological Agents (SSBA) Regulatory Scheme, describes the intention of the annual self-assessment process and presents the results for 2015-16.
A number of measures and evidence metrics were formulated, pre-agreed and published on the Health website in July 2015 to describe how the SSBA Regulatory Scheme would meet each of the Key Performance Indicators. The Regulatory Performance Framework webpage outlines the aims, processes and metrics.
Overall, the SSBA Regulatory Scheme considered that a high level of performance was achieved and an overall rating of ‘very good’ was determined. This rating was strongly supported by the Public Health Laboratory Network (PHLN) Executive Group that was appointed as the external stakeholder validation mechanism by the Minister for Health.
Phone: (02) 6289 7477
Health Emergency Planning, Security and Laboratories Section
Department of Health
GPO Box 9848, MDP 140
Canberra ACT 2601
Health Emergency Planning, Security and Laboratories Section
Department of Health
Level 3, Scarborough House
Woden ACT 2606