SSBA Fact Sheet 6 Top Management - September 2013

The purpose of the SSBA Fact Sheets is to support the education and awareness of the SSBA Regulatory Scheme and provide information to stakeholders on topics of particular interest.

Page last updated: January 2014

PDF printable version of Fact Sheet 6 Top Management - September 2013 (PDF 51 KB)

Release Date: September 2013


The regulation of security sensitive biological agents (SSBAs) commenced on 31 January 2009. The objective of the SSBA Regulatory Scheme is to establish controls for the security of biological agents on the List of SSBAs. These controls have been established through:

  • the National Health Security Act 2007 (NHS Act)
  • the National Health Security Regulations 2008 (NHS Regulations)
  • the Security Sensitive Biological Agent (SSBA) Standards.

Who are Top Management?

‘Top Management’ is defined under the SSBA Standards as a person or group of people who direct and control the entity at the highest practical level and are able to allocate resources and make top-level decisions in regards to the entity or facility.

An entity is the legal personality and can be an individual, body corporate or an agency or instrumentality of the Commonwealth, a State or a Territory. The entity is required to comply with NHS Act, NHS Regulations and the SSBA Standards and is liable for the offences under the NHS Act. For further information, see Guideline 1 – Entities and Facilities.

The SSBA Management System

The SSBA Standards state that the entity must establish a systematic approach to the management of the biosecurity of SSBAs to meet the requirements of the NHS Act, NHS Regulations and SSBA Standards.

As part of this system, the entity must develop, authorise and implement policies about managing SSBAs that clearly states the overall SSBA management objectives and commitment to improving biosecurity management. The SSBA management system should cover the need for continual assessment and improvement through policies, objectives, procedures, self audit, risk assessment and management, corrective and preventive actions and management review. Policies should be appropriate to the nature and scale of the risks associated with the facility and SSBAs handled, and should commit to complying with the requirements of the legislation, reduction in the level of biosecurity risk and continual improvement of SSBA management performance.

The full requirements for the SSBA Management System can be found in Part 8 of the SSBA Standards.

top of page

Roles and responsibilities

Members of Top Management have several roles and responsibilities under the SSBA Regulatory Scheme. The mandatory requirements of Top Management are set out under Part 8 of the SSBA Standards and include:

  • taking ultimate responsibility for the development and implementation of the entity’s SSBA management system and policy
  • ensuring the availability of resources to establish, implement, maintain and improve the SSBA management system
  • appointing and empowering a Responsible Officer and a Deputy Responsible Officer for the SSBA Regulatory Scheme, and putting in place processes to ensure continuity of the staffing and effectiveness of these positions
  • ensuring that all SSBA-related activities to be conducted in the facility are authorised, defined, documented and reviewed at least annually or more often, if required
  • ensuring that criteria and processes are established for work that require prior approval
  • ensuring that actions are taken promptly to eliminate any identified non-compliance of the management system with the SSBA Standards, the NHS Act and the NHS Regulations, dealing with any identified instances of the entity’s non-compliance with the above mentioned three legislative instruments, and ensuring verification of the actions taken and the documentation of such verification
  • establishing controls and putting in place documented procedures for monitoring the effectiveness of the controls being applied to reduce or eliminate the hazards identified in risk assessment processes
  • ensuring that staff levels, facilities and equipment are sufficient to effectively carry out work involving SSBAs in accordance with technical protocols, approved policies and SOPs. These should be determined in consultation with the Responsible Officer for the facility
  • ensuring the entity’s and facility’s compliance with the above mentioned legislative instruments by allowing monitoring inspectors to carry out inspection activities with prior consent
  • ensuring all reporting requirements, including submission timeframes, to the Department of Health are met.

The full roles and responsibilities of Top Management are outlined in sub clause 8.3.1 of the SSBA Standards.

SSBA Management Committee

Under the SSBA Standards, an SSBA Management Committee must be set up to act as a review committee for SSBA risk and issues. This committee may be a stand-alone committee or incorporated into an existing committee. The committee must report to Top Management and, as part of its duties, contribute to developing SSBA policies and procedures. A full description of the requirements of the SSBA Management Committee can be found in subclause 8.3.2 of the SSBA Standards.