Security Sensitive Biological Agents

This website provides information about the Security Sensitive Biological Agents (SSBA) Regulatory Scheme.

Page last updated: 04 September 2019

The deliberate release of harmful biological agents such as viruses, bacteria, fungi and toxins has the potential to cause significant damage to human health, the environment and the Australian economy.

In 2006, the Council of Australian Governments’ (COAG) Report on the Regulation and Control of Biological Agents identified that the regulations in place at the time focused on safety rather than security; and that there was a need to regulate the secure storage, possession, use and transport of security sensitive biological agents to minimise the risk of use for terrorism or criminal purposes.

The aim of the SSBA Regulatory Scheme is to limit the opportunities for acts of bioterrorism or biocrime to occur using harmful biological agents and to provide a legislative framework for managing the security of SSBAs. The scheme was developed using risk management principles to achieve a balance between counter-terrorism concerns and the interests of the regulated community and aims to maintain full access to SSBAs for those with a legitimate need. The SSBA Regulatory Scheme also builds on Australia's obligations under the Biological and Toxins Weapons Convention and UN Security Council Resolution 1540.

The SSBA Scheme can be contacted on 02 6289 7477 or by email at ssba. For postal addresses please see the Contact SSBA Regulatory Scheme.

Table of Contents

Top of page

What's New (December 2018)

  • Newsletter Issue 28 - December 2018

Recently added (January 2014)

  • New Fact Sheets
  • New guidelines

In the Media

Updated as articles of interest become available.

Articles of Interest

The following resources are available on the internet at the sites listed below. Both can be downloaded free of charge (NOTE – some sites may require you to register with the site before download). This website has a number of interesting articles and videos that include information about: Top of page

The National Health Security Act 2007

Part 3 of the National Health Security Act 2007 establishes the regulatory scheme for entities and facilities that handle suspected or known SSBAs.

The NHS Act was amended in 2013 and these amendments came into force on 31 March 2013. A new Fact Sheet 17 – Changes to the National Health Security Legislation outlines the changes and is available here.

The National Health Security Act 2007 legislates the regulatory scheme and can be found at ComLaw, Commonwealth of Australia Law website: - National Health Security Act 2007

The National Health Security Regulations 2018

The National Health Security Regulations 2018 (NHS Regulations) support the National Health Security Act 2007 by providing operational detail about the SSBA Regulatory Scheme.

The NHS Regulations 2008 sunsetted on 1 October 2018 and were replaced with the (current) NHS Regulations 2018. There were minor administrative amendments to the regulations.

The NHS Regulations can be found at the ComLaw, Commonwealth of Australia Law website.

The National Health Security Regulations 2018

Legislative Instrument – C2015c00271

List of SSBAs

On 10 November 2008 the Minister established the List of SSBAs under Part 3 of the National Health Security Act 2007. The regulation of Tier 1 agents commenced on 31 January 2009 and the regulation of Tier 2 agents commenced on 31 January 2010.

Tier 1 agents are those that pose the highest security risk to Australia, while Tier 2 agents pose a high security risk.

The List of Security Sensitive Biological Agents (March 2016)

Tier 1 SSBAs (with toxin thresholds*) Tier 2 SSBAs
Abrin (5 mg)
African swine fever virus
Bacillus anthracis (Anthrax – virulent strains)
Capripoxvirus (Sheep pox virus and Goat pox virus)
Botulinum toxin (0.5 mg)
Classical swine fever virus
Clostridium botulinum (Botulism; toxin-producing strains)
Foot-and-mouth disease virus
Francisella tularensis (Tularaemia)
Highly pathogenic influenza virus, infecting humans
Lumpy skin disease virus
Peste-des-petits-ruminants virus
Ricin (5 mg)
Yellow fever virus (non-vaccine strains)
Rinderpest virus
SARS coronavirus
Variola virus (Smallpox)
Yersinia pestis (Plague)


  1. The agents above only refer to infectious, viable and pathogenic organisms or active toxins.
  2. ‘Highly pathogenic influenza virus infecting humans’ includes influenza viral strains that fulfil all the criteria listed below:
    • considered highly pathogenic in usual host animal;
    • proven infection of humans; and
    • involved in an outbreak of human disease.

Examples of such viral strains include the 1918 pandemic Influenza virus A and Influenza virus A H5N1.

  1. 'Botulinum toxin’ does not refer to a form approved for therapeutic use under the Therapeutic Goods Act 1989. For example, the forms of Botulinum toxin approved for therapeutic use and known under their commercial names Botox or Dysport.
  2. The List is not a legislative instrument.

*Toxin thresholds refer to the minimum amount of toxin held by a facility for the toxin to be regulated.

Ministerial Determination - 09 March 2016 (PDF 411 KB)

Ministerial Determination - 09 March 2016 (Word 18 KB)

Ministerial Determination – 17 November 2009 (PDF 14 KB)

Ministerial Determination - 17 November 2009 (Word 16 KB)

Ministerial Determination – 10 November 2008 (PDF 48 KB)

Ministerial Determination - 10 November 2008 (Word 26 KB)

Top of page

SSBA Standards

Revised SSBA Standards

The SSBA Standards, dated March 2013, were determined by the Minister for Health under Section 35 of the National Health Security Act 2007 on
14 June 2013.

The revised SSBA Standards came into force on 20 June 2013.

SSBA Standards - March 2013 (PDF 1199 KB)

SSBA Standards - March 2013 (Word 239 KB)

SSBA Standards Determination (

What’s New:

  • A new clause regarding stand-alone facilities.
  • A new clause for handling of sensitive information when complying with the requirements for other regulatory bodies.
  • A new clause for the transport of an SSBA from a receiving area in an entity (such as a reception desk) to a registered facility.

Significant changes

  • Paragraph numbers have now been added to the normative requirements.
  • New commentary under the SSBA Management Committee to reflect Terms of reference.
  • Risk management – Material from clause 2.2.3 has now been moved into clause 2.2.2 to make it clearer what needs to be assessed as a hazard or risk.
  • NHS Checks – Transfer of NHS checks between entities is now a separate subclause.
  • Training and Competency – Training for authorised persons and competency levels are now new subclauses.
  • Storage – this has been broken down into new subclauses to improve clarity. Two new Parts covering temporary handlings (new provisions under the NHS Act). Part 10 relates to Non-registered facilities, Part 11 relates to registered facilities.

Minor changes

A number of minor wording changes have been introduced to increase clarity on the requirements of the SSBA Standards. These include more information on what is required to be documented under the Standards.

Top of page

SSBA Regulatory Scheme Inspection Program

The SSBA Regulatory Scheme Inspection Program commenced in August 2009. SSBA Inspectors are provided by the Office of Gene Technology Regulator and are appointed by the Secretary of the Department of Health.

All facilities will be inspected within the first 12 months of registration. After this initial inspection, registered facilities handling Tier 1 SSBAs will be inspected every 18 months and registered facilities handling Tier 2 SSBAs will be inspected every two years. Non-registered facilities will be inspected on an as needed basis. Spot checks of registered and non-registered facilities may occur at any time.

Comprehensive and Mid-cycle Inspections

Initial Inspections are Comprehensive Inspections that cover all parts of the SSBA Standards and are carried out over two days. Provided a high level of compliance is achieved, the next inspection will be a Mid-cycle Inspection that specifically covers the previous inspection outcomes, any changes to the SSBA Regulatory Scheme or any alterations to the facility’s secure areas or processes. Mini Inspections are usually carried out over one day. Subsequent inspections will alternate between a Comprehensive (two day) Inspection and a Mid-cycle Inspection.

Spot checks and Desktop inspections

In 2012, the SSBA Regulatory Scheme introduced spot checks and desktop inspections.

Spot checks are a subset of routine monitoring and may also be conducted as part of follow-up reviews and focus on the outcome of previous inspections. Spot checks are conducted with 24 hours notice to a facility to ensure security requirements can be met and involve a physical inspection of the facility and review of records and interviews with staff. This type of inspection can be conducted on registered or non-registered facilities.

Desktop inspections were introduced in June 2012 to complement the physical inspection program. Desktop inspections are a paper-based assessment of a facility’s compliance with the SSBA Standards and require no on-site assessment of activities. The assessment can be against the complete SSBA Standards or a specific part or clause of the Standards. It can also assess a specific area of regulatory compliance, such as reporting requirements. A desktop inspection will comprise liaison with the Responsible or Contact Officers of a facility to make arrangements for the submission of the documented evidence required for the desktop inspection, a review of the paper-based records supplied by the facility and confirmation of the outcome of the desktop inspection.

Further information on the SSBA Regulatory Scheme Inspections is contained in Guideline 10 – SSBA Regulatory Scheme Monitoring Inspections (available from the SSBA Guidelines section of this website).

SSBA Guidelines

The SSBA Guidelines have been developed to support the SSBA Regulatory Scheme. Stakeholders are welcome to suggest areas of interest that may warrant the development of further Guidelines. Suggestions may be sent to ssba for consideration.

SSBA Fact Sheets

The purpose of the SSBA Fact Sheets is to support the education and awareness of the SSBA Regulatory Scheme and provide information to stakeholders on topics of particular interest. Stakeholders are welcome to suggest areas of interest that may warrant the development of further Fact Sheets. Suggestions may be sent to ssba for consideration.

Please note that the SSBA Fact Sheets are currently being updated to reflect the changes to the SSBA Standards.  Entities will be notified once the new Fact Sheets are available.

Reporting Forms

The SSBA Reporting Forms allow entities and facilities to report to the Department of Health details of reportable events in relation to the handling of SSBAs. The first report (Initial Registration or Non-Registered Facility Report) is required to be submitted by a paper-based report and must be sent to the Department by Australia Post’s registered post service or courier. The addresses for postal reports can be found under the Contact SSBA Regulatory Scheme section.

Where possible, it is recommended that all other reports are submitted using the online Data Collection System (DCS). DCS access will be granted to the facility following the first submission of a paper-based report. If you have forgotten your user details please email a request to ssba.

Entity and Facility Specific Training Template

This document has been produced to assist entities to meet the entity and facility specific training requirement under clause 3.9.1 of the SSBA Standards.

A PowerPoint presentation has been developed to align with the relevant clauses in the SSBA Standards that may require training for staff on entity/facility specific policies and procedures. A section has also been included on reporting to the SSBA Regulatory Scheme.

The slides have been broken into sections with each section covering one Part of the SSBA Standards and entities are encouraged to add or remove slides as needed. As the overall presentation is quite lengthy, trainers are encouraged to consider using each section or a group of sections as an individual module for training purposes and to allow training to be tailored to specific audiences – for example you may wish to include different information when training laboratory staff than that provided to staff who are only accessing sensitive information (such as IT personnel).

The use of this document is not mandatory and entities may use other training packages if preferred.

A copy of the Training Template PowerPoint is available by emailing the SSBA Regulatory Scheme.

Top of page

Security Risk Template

The Security Risk Template (SRT) was developed as a tool to assist the regulated community to ensure that all risks associated with handing SSBAs have been identified and treated. Following feedback from the regulated community, the SRT has been revised to harmonise with current security risk management frameworks.

The new SRT (Version 1 – February 2011) has a new format and has been designed to meet the requirements of Part 2 of the SSBA Standards dealing with the risk assessment and risk management plans.

The use of the revised SRT is not mandatory and entities and facilities may choose to use other means to assist with risk assessment and risk management.

The SRT will no longer be able to be used as a checklist to monitor compliance with the SSBA Standards. In order to assist entities to do this, an Internal Review Tool has been developed.

Security Risk Template – February 2011 (Word 545 KB)

Security Risk Template – February 2011 (PDF 221 KB)

Top of page

Internal Review Tool

The Internal Review Tool (IRT) has been developed to assist entities and facilities to monitor compliance with the SSBA Standards. The IRT has a series of questions based on the requirements of the SSBA Standards with a simple check box system of Yes/No and comments, and each section also includes questions about recommended practices and procedures.

The use of the IRT is not mandatory and entities and facilities may choose to use other means to assist with compliance management.

Please note that the word version of this document includes both locked text and fields that will expand as data is entered, and so may have some unusual formatting when printed. The Department of Health recommends using the PDF version if you intend to enter the information by hand.

Internal Review Tool - January 2014 - Word 479 KB

Internal Review Tool - January 2014 - PDF 498 KB

Top of page

SSBA Newsletters

The SSBA Newsletters have been produced by the Australian Government Department of Health to provide information in a concise and easy to read format. If you would like to subscribe to the SSBA Newsletter, or would like to suggest a topic for inclusion, please email us at ssba with your contact details or suggested topic.

If you would like to obtain any previous newsletter, please email SSBA Regulatory Scheme.

Top of page

SSBA Regulator Scheme 2015-16 Self Assessment Report under the Regulator Performance Framework

Under the Australian Government Regulator Performance Framework (RPF) the Department of Health is responsible for ensuring that regulators within its portfolio, who meet defined criteria, complete an annual externally validated self-assessment report. The report considers the self-assessment of the Security Sensitive Biological Agents (SSBA) Regulatory Scheme, describes the intention of the annual self-assessment process and presents the results for 2015-16.

A number of measures and evidence metrics were formulated, pre-agreed and published on the Health website in July 2015 to describe how the SSBA Regulatory Scheme would meet each of the Key Performance Indicators. The Regulatory Performance Framework webpage outlines the aims, processes and metrics.

Overall, the SSBA Regulatory Scheme considered that a high level of performance was achieved and an overall rating of ‘very good’ was determined. This rating was strongly supported by the Public Health Laboratory Network (PHLN) Executive Group that was appointed as the external stakeholder validation mechanism by the Minister for Health.

Contact SSBA Regulatory Scheme

Email: ssba

Phone: (02) 6289 7477

Postal Address:
Health Emergency Countermeasures Section
Department of Health
GPO Box 9848, MDP 140
Canberra ACT 2601

Courier Address:
Health Emergency Countermeasures Section
Department of Health
Level 3, Scarborough House
Atlantic Street
Woden ACT 2606

Links to related sites

Top of page