SSBA Newsletter Issue 23 - October 2014 (PDF 281 KB)
Changes to Data Collection System Password Length
As information technology improves so too does a hacker’s ability to launch attacks to retrieve or “hack” user passwords. Simple seven character passwords are now susceptible to attacks in minutes by software readily available on the internet. Passwords or passphrases need to increase in length and/or complexity as more powerful processing technology becomes available to hackers.
The Data Collection System’s password standard has now been updated to require a minimum ten (10) character password instead of the former seven (7) characters.
Other than password length, the existing password complexity rules remain unchanged. Passwords must include at least one (1) character from each of the following character sets:
- Lower-case characters (a-z)
- Upper-case characters (A-Z)
- Digits (0-9)
National Public Alert Level Raised
The National Public Alert level has been raised from Medium to High
On 12 September 2014 the Australian Government raised the National Public Alert Level from Medium (a terrorist attack could occur) to High (A terrorist attack is likely) following advice from security and intelligence agencies.
The National Terrorism Public Alert System guides national preparation and planning and dictates levels of precaution and vigilance to minimise the risk of a terrorist incident occurring.
Under the SSBA Standards Clause 2.5 – Review, it is recommended that a review of the Risk Assessment and Risk Management Plans for a registered facility is undertaken if the Australian Government changes the public alert level.
The SSBA Regulatory Scheme encourages registered entities to review SSBA Risk Assessment and Risk Management Plans in light of the increased threat level and make any changes to the Plans as appropriate.
Biological Agents in Storage
Do you know what is in storage?
Recent events in the United States with the discovery of vials of Variola virus in an unused storage area have shown the importance of knowing what biological agents are held in freezers and/or other storage areas, especially within areas that are accessed infrequently.
As part of the SSBA Regulatory Scheme, registered facilities are required to keep an up to date inventory of all SSBAs held. As a general ‘good housekeeping’ measure, the SSBA Regulatory Scheme encourages facilities to review all holdings of microbiological agents and to determine if samples should be kept, passed to reference facilities or destroyed.
A general inventory review is also encouraged when staff members move on or research is ceased.
top of page
The SSBA Regulatory Scheme has recently completed reviewing it’s Fact Sheets. The Fact Sheets have been updated to reflect the change of name of the Department, improve clarity and to increase web accessibility.
All updated Fact Sheets are available on line at the SSBA website.
When does a Laboratory Spill Become a Reportable Event
The loss of an SSBA via an accidental release during its handling is a reportable event under the NHS Regulations. A spillage of an SSBA, such as a spill down the sink may cause an accidental release of the SSBA (through the drainage system) into the environment and must be reported to Health.
An accidental spillage, which is contained within the secure area and does not release the SSBA into the environment (e.g. a spill onto a bench top) is not considered a reportable event.
However, if the agent has infected or intoxicated a person then this is a reportable event.
If in doubt, you should always report to the Regulatory Scheme and Health officers will be able to determine if there has been an reportable event under the legislation.
Failure to provide a report may lead to further action from the SSBA Regulatory Scheme. In certain cases, this can include a direction from the Secretary of Health to dispose of all of the entities holdings of SSBAs. Failure to dispose following a direction to do so can result in an offence and fine under the SSBA Regulatory Scheme.
Ebolavirus Reporting Reminder
While the risk of an Ebolavirus outbreak in Australia remains low, the SSBA Regulatory Scheme would like to remind entities of their obligations under the NHS legislation.
Ebolavirus is classed as a Tier 1 SSBA and entities handling Ebolavirus must report handlings to the SSBA Regulatory Scheme within the designated time frames.
Entities must also report any handling of a suspected Ebolavirus specimen. A suspected SSBA is defined as ‘a sample in which, on the basis of your facility’s normal testing procedures, you suspect that you are handling an SSBA’.
Suspected SSBAs must either be destroyed or undergo confirmatory testing and the handling and testing outcomes reported to Health.
Further information is available on the Department of Health website.
The SSBA Regulatory Scheme team will be unavailable to assist with other general inquiries between 25 December 2014 and 4 January 2015.
The Data Collection System will be operational during this period for reporting SSBA handlings. DCS passwords can be reset at the DCS log in screen if necessary.
If you have an emergency involving SSBAs during the shutdown period, please call 02 6289 3030.
For more information check out our web site:
top of page