Biosecurity awareness

For the scenarios, situations have been chosen that are realistic, but could also occur in another context within your organisation. The following questions are designed to give an impression of whether the described scenario is relevant in your organisation.

Questions for your organisation:

  • Is the situation recognisable?
  • Is the situation realistic? (or realistic in another context?)
  • What are the vulnerabilities in this situation?
  • What are the possible consequences of this situation?
  • What control measures can be taken to prevent the scenario?
  1. 1

    Security instructions

    Employees are issued with new mobile phones/laptops, on which an app is installed, enabling them to read their business e-mail. However, during the delivery of the telephones/laptops, no information is provided about secure use of the internet, WhatsApp, iCloud and other programs.


    Awareness of employees on potential security risks regarding the use of mobile phones or laptops, with access to the internet is essential. When employees receive new equipment, it is advisable to pay attention to working securely, with a specific focus on information security (open Wi-Fi connections, storage and transport of sensitive information, WhatsApp and iCloud).

    Other relevant biosecurity pillar of good practice: information security

    • Sensitive information can become accessible to unauthorised parties.

    Is this scenario applicable to your organisation?

    Is this scenario applicable to your organisation?
  2. 2

    Employees fail to attend biosecurity training sessions

    In your organisation, 30 minutes of biosecurity training is provided three times per year. In recent years, however, one employee has not attended any of these training sessions, even though the person works in a high-risk laboratory.


    The organisation ensures that all biosecurity information related to their work is communicated to the employees. However, this communication must reach the employees; the message must be conveyed. Participation can be guaranteed by making biosecurity training mandatory, or by integrating biosecurity aspects in currently mandatory training. If participation is registered, it can be checked whether everyone has participated in the training.

    Other relevant biosecurity pillar of good practice: personnel reliability

    • Untrained employees are not only a risk for laboratory security, but failure to attend training sessions could also indicate problems that hamper their performance.

    Is this scenario applicable to your organisation?

    Is this scenario applicable to your organisation?
  3. 3

    Abnormal situation

    While working in a BSL3 laboratory, you become aware that the settings of specific equipment are incorrect. When you report this to the Biological Safety Officer, a subsequent inspection shows that other aspects have also gone amiss in the laboratory: some materials are stored incorrectly, and a recent checklist was not completed.


    Abnormal situations in high-risk areas must be reported to the Biological Safety Officer. Activities that can be regarded as unsafe situations could have been occurred unintentional, but they could also have been deliberate.

    Other relevant biosecurity pillars of good practice: management, physical security

    • If abnormal situations are not reported, this could be detrimental to the safety and security of high-risk laboratories. Moreover, it is possible to determine whether an error was unintentional or deliberate only after the situation is reported.

    Is this scenario applicable to your organisation?

    Is this scenario applicable to your organisation?
  4. 4

    Who is that?

    A person unknown to you walks past your office. You approach this person and ask who he is looking for. He responds that he apparently ended up in the wrong building. He leaves before you can ask any further questions.


    Especially in restricted areas, strangers should be addressed. Although employees are generally not instructed to address strangers, doing so can enhance the security culture of your department. In addition, you may be helping a new colleague who simply got lost.

    Other relevant biosecurity pillar of good practice: physical security

    • Unauthorised parties can gain access to sensitive areas or even acquire sensitive information.

    Is this scenario applicable to your organisation?

    Is this scenario applicable to your organisation?
  5. 5

    Follow-up after scientific presentation

    After you have presented your research at an international conference, you receive many questions regarding your research. Initially these questions are focussed on your scientific results, but gradually the interested parties also express curiosity about the security aspects of your laboratory. Moreover, after the conference you receive e-mails about the security.


    It is crucial to know which information concerning your research or your organisation is confidential. You can discuss with your colleagues which information to reveal in advance.

    Other relevant biosecurity pillar of good practice: information security

    • Detailed information regarding security aspects of your organisation can be misused, which makes your organisation vulnerable.
    • Research results may possibly contain dual-use aspects. Providing such information may lead to misuse.

    Is this scenario applicable to your organisation?

    Is this scenario applicable to your organisation?
  6. 6

    Do you sometimes disregard security aspects?

    While participating in a security drill in a high-risk laboratory, an employee disregards various security procedures. The door is left open, and keys are left in the locks. After various complaints are received, it turns out that the colleague was testing the biosecurity procedures on behalf of the Biological Safety Officer.


    Although security drills for working in a high risk laboratory are conducted periodically, and the various biosafety aspects are thoroughly reviewed, it is possible that some aspects have not been included on a routine basis. To identify biosecurity vulnerabilities, it is important to include security aspects of the organisation in training and drills.

    Other relevant biosecurity pillars of good practice: personnel reliability, physical security

    • If attention is not periodically focused on the various biosecurity aspects, situations can occur that make your organization vulnerable.

    Is this scenario applicable to your organisation?

    Is this scenario applicable to your organisation?
  7. 7

    Unexpected results

    When discussing the results of an experiment, a non-pathogenic bacterial strain appears to have developed pathogenic properties. These results provide new insights into the genetic factors associated with pathogenic properties of bacteria, which could potentially lead to better prevention or treatment of infectious diseases. However, a colleague notes that these results can be misused as well if they fall into the wrong hands.

    Scientific research that generates knowledge that can be misused may pose a threat to public health and national security. Researchers must be aware that scientific results can also be misused. This should be taken into account when publishing scientific results.

    It is important that research be supervised to identify unexpected and important findings with possible dual-use aspects. By planning research and being able to anticipate undesirable outcomes (e.g. 'safe-by-design') and by monitoring results on the possible negative impact of unexpected results, the risks can be minimized.

    Assessment of dual use aspects is described in the report 'Improving Biosecurity' of the Royal Dutch Academy of Sciences (KNAW). This includes a list of experimental results of research that lead to concern, for instance research that:

    • Would demonstrate how to render a vaccine ineffective.
    • Would confer resistance to therapeutically useful antibiotics or antiviral agents.
    • Would enhance the virulence of a pathogen or render a non-pathogenic virulent.
    • Would increase transmissibility of a pathogen.
    • Would alter the host range of a pathogen.
    • Would enable the evasion of diagnostic/detection modalities.
    • Would enable the weaponization of a biological agent or toxin.

    Scientific evaluations can be misused without control measures to evaluate. For example, sensitive information may become public and thereby increase the risk of development of undesired applications.

    Is this scenario applicable to your organisation?

    Is this scenario applicable to your organisation?