SSBA Newsletter Issue 19 - July 2012

Security Sensitive Biological Agents Regulatory Scheme Newsletter

Page last updated: 02 August 2012

PDF printable version of SSBA Newsletter Issue 19 - July 2012 (PDF 205 KB)

Tier 2 Storage Facilities
Did You Know - Record Keeping
Training and Competency Requirements
Updated Publications
Spot Checks
SSBA Inspection Program

Tier 2 Storage Facilities


Part 4A of the SSBA Standards allows the storage of Tier 2 SSBAs in a linked storage facility that is:
  • within the same building as a facility, preferably on the same floor
  • included as part of the registration of the facility
  • included in the risk assessment and risk management plans for the facility
  • fixed in place or is non-transportable.
If you are a registered facility storing Tier 2 SSBAs in a storage facility located outside the secure perimeter of the registered facility, you must register this storage facility. You must register each linked storage unit where SSBAs are stored as part of the facility’s registration.

This can be done by completing the form Registration of a Linked Storage Unit within two business days of the storage commencement. This form can only be used if your facility is already registered to handle SSBAs. If you need to register a new facility please complete the Initial Registration Application form, or if you need to register a new SSBA please complete the Start to Handle a New SSBA form which also allows you to register a linked storage facility for the SSBA listed in the report.

All SSBA reporting forms can be found on our SSBA website.Top of page

Did you know…

Under clause 5.2 of the SSBA Standards, entities must maintain records of All activities related to the SSBA Standards, regardless if it is specifically stated under an individual clause. This includes records of receipt, holding, transport and disposal of SSBAs. Records of internal and external reviews, inspections and incident investigations must also be maintained. Other records that could be covered by this clause include, defining training needs, reports submitted to DoHA, required competency levels, identity checks and risk management plans. Records must be kept for a minimum of five years for Tier 1 SSBAs and two years for Tier 2 SSBAs unless otherwise specified by the Standards.

The entity must also have policies for access to records relating to the SSBA Standards and retention of records including timeframes that are consistent with the Standards.
For the full requirements for information management, please see Part 5 of the SSBA Standards.

Training and Competency

Under clause 3.9 of the SSBA Standards an entity must ensure personnel who have access to SSBAs, access to a facility where SSBAs are handled, or access to sensitive information relating to SSBAs have appropriate education, training and experience. They must also be provided with adequate and up–to-date information about the entity’s identified SSBA risks.

The requirements and procedures for SSBA-related training must be identified, established and maintained and the requirements must include: defining training needs, providing required training, determining the effectiveness of training, dealing with refresher training, restricting staff to ensure they do not perform tasks for which they are not trained, and records management and maintenance. The entity must also define competency levels, and maintain records verifying that personnel have attained and continue to demonstrate competency levels.

To authorise a person under clause 3.3 of the SSBA Standards, training must include an overview of why the SSBA Regulatory Scheme is in place, an overview of the National Health Security Act 2007 (NHS Act) and the National Health Security Regulations 2008 (NHS Regulations), the reporting requirements and records management.Top of page

In addition to the above, training for:
  • Persons who will Handle SSBAs must also include detailed requirements of the NHS Act, NHS Regulations and all parts of the SSBA Standards
  • Persons who will Access the Facility where SSBAs are handled must also include physical security, risk management, information security, personnel security and SSBA management system requirements
  • Persons who will Access Sensitive Information relating to SSBAs must also include risk management, information security, personnel security and management system requirements.
Entities may choose to impose further training requirements on each category of authorisation. Training for personnel handling Tier 1 SSBAs must also include personal security awareness which deals with staff security during off-duty hours away from the facility.

The Department of Health and Ageing developed the Online Training Facility (OTF) to assist stakeholders understand the requirements of the SSBA Regulatory Scheme. The OTF is made up of several modules covering the SSBA Standards, the National Health Security legislation, reporting requirements and timeframes and using the Data Collection System.

Facilities can use the OTF to assist them in meeting the training and competency requirements of the NHS legislation and SSBA Standards. The OTF does not contain facility specific information, competency levels or specific technical SSBA information. It is important for facilities using the OTF to meet the requirements of the SSBA Standards to develop and include facility and SSBA specific information into the facility training program. While most OTF modules have a quiz to check understanding, the system does not include competency levels, as this must be determined and documented by the entity.

For the full personnel requirements of the SSBA Standards, please see Part 3 of the SSBA Standards.

Top of page

Updated Publications

DoHA has updated Guideline 10 SSBA Regulatory Scheme Monitoring Inspections and Fact Sheet 2 About Us and these are now available on the SSBA website. See below for a sneak peak at the updated publications.

Guideline 10 SSBA Regulatory Scheme Monitoring Inspections provides information on the types of inspections carried out under the SSBA Regulatory Scheme Inspection Program.
Fact Sheet 2 About Us provides information about the SSBA Regulatory Scheme’s administering body, along with contact details.
If you have a topic you’d like to suggest for a fact sheet or guideline, or have comments on an existing publication, please e-mail us.

Spot Checks

DoHA has introduced unannounced spot checks into the SSBA Inspection Program. They are a subset of routine monitoring and may also be conducted as part of follow-up reviews. They focus on the outcome of previous inspections and can be conducted on registered or non-registered facilities.

Unannounced spot checks comprise liaison with the Responsible Officer or Contact Officer and a physical inspection of the facility. This includes a review of paper-based records and discussions with relevant staff. After the Spot Check a letter will be provided to the facility outlining the outcome of the inspection, including identified Corrective Action Requests. If required, a follow-up inspection will take place to review paper-based evidence supplied by the facility.
Top of page

SSBA Inspections

SSBA inspections monitor compliance with the National Health Security Act 2007 (NHS Act), the National Health Security Regulations 2008 (NHS Regulations) and the SSBA Standards. Inspections of registered and non-registered facilities handling SSBAs began in August 2009. SSBA inspections and audits are free of charge to facilities and entities.

The two most common types of inspections are the comprehensive and mid-cycle. Both types of inspections include a pre-inspection, physical inspection and a post-inspection follow-up.

The pre-inspection takes place a few weeks before the physical inspection and facilities must provide relevant SSBA Regulatory Scheme documentation to the SSBA inspectors. The documentation assists with the inspection process, as it helps to determine the entity’s level of compliance and whether additional documentation may be required during the physical inspection.

There are two types of physical inspections: an in-depth, two-day, comprehensive inspection that covers all requirements of the SSBA Regulatory Scheme. This type of inspection is conducted within the first six months of registration—as the facility’s initial inspection—and then every three years for Tier 1 facilities and every four years for Tier 2 facilities. Mid-cycle inspections occur between a facility’s comprehensive inspection cycle and take one day. The mid-cycle inspection focuses on new or changed documentation or amendments to the SSBA Regulatory Scheme. A letter outlining the inspection results, including Corrective Action Requests will be provided after the inspection.

A post-inspection may be required if the entity has to provide further information after a physical inspection. If necessary, details will be provided in the inspection outcome letter.

For more information, please see Guideline 10 SSBA Regulatory Scheme Monitoring Inspections, available on our SSBA web site or contact DoHA by e-mail.Top of page