Security Plan Guidance
- Section 11(a) – Creating a Site-Specific Written Security Plan
- Security Plan Roles and Responsibilities
- Section 11(b) – Site-Specific Risk Assessment
- Section 11(c) – Planning Requirements
- Access Control
- Unauthorized or Suspicious Persons
- Access Approval
- RO Reporting
- Information Systems Security Controls
- Shipping and Transfers
- Section 11(d) – Security Requirements
- Section 11(e) – Inventory Audits
- Section 11(f) – Tier 1 Security
- Section 11(h) – Review and Revision
- Appendix I: Risk Assessment Methods
- Appendix II: Access Control Devices
- Appendix III: Intrusion Detection Systems
- Appendix IV: Example Intra-Entity Transfer Form that Captures the Section 17 Requirements
- Appendix V: Scenarios (Non-Tier 1 Barriers and Access Controls):
- Example Select Agent or Toxin Inventory Form that Captures the Section 17 Requirements
- Inventory Audit Conditions
- Download PDF
Changes and Highlights
Revisions: This is a living document subject to ongoing improvement. Feedback or suggestions for improvement from registered select agent entities or the public are welcomed. Submit comments directly to the Federal Select Agent Program (FSAP) at:
- October 12, 2012: Initial posting
- April 11, 2013: The revisions are primarily changes to correct editorial errors from previous version.
- July 3, 2013: Appendix added to document.
- September 2017: Added Tier 1 requirements.
February 2020: Revised Inventory language to match Inventory Guidance and to correct editorial errors from previous version.
- Sufficient to safeguard the select agents or toxins against unauthorized access, theft, loss, or release, and
- Designed according to a site-specific risk assessment, providing graded protection.
The purpose of this guidance document is to assist an entity in developing and implementing its site-specific security plan. As used in this document, the word “must” means a regulatory requirement. The use of the word “should” or “consider” is a suggested method to meet that requirement based on generally recognized security “best practices.” Implementation is performance-based and entities may find other ways to meet a regulatory requirement.
This document addresses the select agent regulations (SAR) with regard to security with one exception: Entities with Tier 1 BSAT have pre-access suitably and ongoing suitability assessment requirements which are addressed in the Guidance for Suitability Assessments.