Biosafety and biosecurity for pathogens and toxins news: Q1, April 2022 issue

On this page

• Inspection summaries posted on Open Government Portal
• Online learning opportunities
• Cybersecurity: Critical for information management and security
• Analysis of laboratory-acquired infections between 2016 and 2021
• Security clearance for access to sensitive information
• RegFacts: #DYK

Inspection summaries posted on Open Government Portal

The Centre for Biosecurity (CB) inspects licensed organizations to monitor compliance with:

• the Human Pathogens and Toxins Act (HPTA)
• the Human Pathogens and Toxins Regulations (HPTR)
• sections of the Health of Animals Act (HAA)
• sections of the Health of Animals Regulations (HAR)

In spring 2022, we will post summaries of inspections that were completed between April 1 and December 31, 2021 on the Open Government Portal. We'll notify you once the information is available online.

Online learning opportunities

English and French recordings and transcripts are now available in the Public Health Agency of Canada (PHAC) e-Learning Portal for the webinars:

• What's new from the Centre for Biosecurity (December 2021)
• Effective management of dual-use in life sciences research (March 2022)

Upcoming webinar topics:

• Biosecurity plans
• Canadian Biosafety Standard 3rd Edition webinar series

We will send more information regarding dates for upcoming sessions once available.

Cybersecurity: Critical for information management and security

Sensitive information related to human pathogens and toxins are often stored electronically. As organizations shift to telework, this sensitive information may become available through internal computer networks and cloud storage solutions.

You should work with your IT department to make sure your organization is following current best practices for cybersecurity.

In December 2021, the Canadian Centre for Cyber Security (CCCS) issued an alert about a cyber threat. It highlighted a vulnerability in Log4j. This is a widely deployed Java-based logging utility used in many online applications. As a precaution, many organizations took their applications offline. This example shows the importance of regularly updating your cybersecurity measures to protect sensitive information.

The CCSS is Canada's national authority for cybersecurity. If you have a question about your systems, the CCSS is your first point of contact.

You can also contact Public Safety at ps.rrap-perr.sp@canada.ca to test your IT systems for vulnerabilities and identify improvements. They offer optional assessments and free Review and Analysis Tools.

You may share the findings in your Biosecurity Risk Assessment or Biosecurity Plan to show how you're addressing security risks. If a private company assesses your IT system, please ensure they have the appropriate security clearance to have access to information about your security access control methods

For more information, please refer to The Canadian Centre for Cyber Security.

Analysis of laboratory-acquired infections between 2016 and 2021

Laboratory work with human pathogens and toxins poses an inherent risk to the security of laboratory personnel and the community. Although safety protocols and regulations have evolved, there's still a risk of accidental or deliberate exposure to human pathogens and toxins. This can lead to laboratory-acquired infections or intoxications (LAIs). These infections pose a risk to the public as well, if person-to-person transmission occurs outside the laboratory after an LAI.

The Laboratory Incident Notification Canada (LINC) surveillance system receives exposure and non-exposure incident reports. We define exposure as an incident in the lab that:

• could have resulted in an LAI, or
• did result in a suspected or confirmed LAI

These reports also include information about people involved in the incident, such as their:

• potential illness presentation
• years of experience
• role
• route of exposure

Between 2016 and 2021, LINC received 9 LAI reports. All incidents occurred in technicians, students and laboratory aides. Most of the people involved in these incidents had either a high level of education, many years of laboratory experience, or both. Almost half (4) of the exposure incidents were identified at the time of event. The other 5 were identified after the workers became ill. Of the 9 people who became ill, 3 received drug treatment for their illness. Recovery periods varied, with full recovery often taking more than a week.

The laboratory activities associated with these LAIs were:

• microbiology (5)
• animal work (2)
• microscopy (1)
• maintenance (1)

The agents involved were:

• Salmonella spp. (4)
• E. coli (2)
• Staphylococcus aureus (1)
• Brucella spp. (1)
• Vaccinia virus (1)

Both LAIs involving animal-related incidents resulted from inoculation from sharps-related exposures.

The other 7 incidents were:

• ingestion (5)
• absorption (1)
• inhalation (1)

Other commonly cited occurrences that prompted incidents included:

• inadequate procedures or breaches in procedures
• inadequate personal protective equipment (PPE) or PPE failure
• lab equipment failure
• spills

These results suggest that less experience or education may not be significant risk factors leading to LAIs. However, it's critical to have detailed, accurate and up to date standard operating procedures (SOPs) in place, and to provide ongoing SOP training for staff. The use of appropriate PPE is also critical in protecting laboratory personnel from infection.

Always report exposure incidents to LINC without delay and follow proper corrective actions to prevent LAIs and potential community spread.

Security clearance for access to sensitive information

HPTA licensed facilities must limit access to sensitive information related to human pathogens and toxins (see 4.10.12 of the Canadian Biosafety Standard). Information management security keeps sensitive information accessible only to those who need it.

Information related to risk group RG 3, RG 4 and security sensitive biological agents (SSBAs) is considered sensitive when it includes 2 or more of the following elements:

• pathogen or toxin identity
• pathogen or toxin storage location
• security access control methods, including access codes and passwords

Most people with authorized access to sensitive information related to SSBAs have a valid HPTA security clearance. The list of personnel with a valid HPTA security clearance should only be accessible on a need-to-know basis.

For questions restricting access to sensitive information, please contact CB at biosafety.biosecurite@phac-aspc.gc.ca.

You can find more guidance on information management and security in Chapter 7 of the Canadian Biosafety Guideline: Developing a comprehensive biosecurity plan.

RegFacts: #DYK

Did you know that the Licence Holder (LH) can apply for their HPTA licence and HAA permit online?

The Biosecurity Portal is a centralized electronic system that allows you to apply for your HPTA licence and HAA permit online.

Key points for the application process

• You need a valid email account and a GC Key to use the online licence application process.
• Complete your profile information in the Biosecurity Portal.
• There's a short waiting period to allow PHAC to verify the submitted information before you can fully access the portal.
• Upon verification, you'll receive a validation code to enter during the first login.
• If you're applying for a RG 3, RG 4, or SSBA licence, you'll also need a second level of authentication (a grid card) which you must use whenever you log in. The account is unique to you and can't be shared.
• At this stage, you will have access to the full functionality of the portal and can complete your online licence application.
• Once your application has been approved by PHAC, you'll be notified by email and you can download a copy of your licence.

For more details on how to obtain your grid card, refer to the User Guide.

Please contact us at licence.permis@phac-aspc.gc.ca if you have any issues registering or submitting your licence application in the Biosecurity Portal.