Novel Dutch Self-Assessment Biosecurity Toolkit to Identify Biorisk Gaps and to Enhance Biorisk Awareness

Life sciences, biotechnology, and medicalbiologyareindispensableresearchﬁeldsforpublic health and the development of ther-apeutics and vaccines. However, biologicalagentsandinformationdevelopedtobetterhealth, welfare, and safety, could be mis-usedforharmfulpurposestocausedamageto public health, safety, and the environ-ment (1–3),which is termed the“dual-use”aspect of research in the life sciences. Lab-oratory biosafety describes containmentprinciples, technologies, and practices toprotect people from biological agents, andprevent accidental release of biologicalagents (4). In addition to biosafety, labo-ratory biosecurity measures aim to preventtheft and intentional or malicious use ofbiological agents (4). Thus, both biosafetyand biosecurity should be an integral partof program management of organizationshandling dangerous pathogens, in order toprevent potential dual-use research, unde-sired spread, theft, malicious use, andbioterrorism.


INTRODUCTION
Life sciences, biotechnology, and medical biology are indispensable research fields for public health and the development of therapeutics and vaccines. However, biological agents and information developed to better health, welfare, and safety, could be misused for harmful purposes to cause damage to public health, safety, and the environment (1)(2)(3), which is termed the "dual-use" aspect of research in the life sciences. Laboratory biosafety describes containment principles, technologies, and practices to protect people from biological agents, and prevent accidental release of biological agents (4). In addition to biosafety, laboratory biosecurity measures aim to prevent theft and intentional or malicious use of biological agents (4). Thus, both biosafety and biosecurity should be an integral part of program management of organizations handling dangerous pathogens, in order to prevent potential dual-use research, undesired spread, theft, malicious use, and bioterrorism.

FROM BIOTERRORISM TO BIOSECURITY
The biosecurity program of organizations should contain physical, personnel, transport, technology, and material security (5). In addition, personnel should be well educated and aware of the biorisks of handling dangerous pathogens (1,(4)(5)(6). Theft and malicious or terrorist use of biological agents could possibly be traced back to breaches or lacunas in the biosecurity program of an organization. The next three historical examples of malicious use of biological agents illustrate the importance of biosecurity measures within organizations. The first example is the intentional spread of Salmonella typhimurium, which led to more than 750 cases of gastroenteritis in Oregon, USA, 1984. Members of the Bhagwan Shree Rajneesh commune ordered Salmonella bacteria from a commercial supplier, cultured the bacteria in their laboratory, and contaminated 10 salad bars (7). Criminal investigation revealed that the Salmonella outbreak strain was indistinguishable from the strain that had been cultured in the laboratory at the commune. The source of the biological material was a legitimate, easily accessible source, which underlines the importance of biosecurity awareness and the proper functioning of the biosecurity program of organizations. The second example of malicious use of biological agents is a biological attack in Japan. The Japanese religious cult Aum Shinrikyo tried to produce large-scale botulinum toxin and spores of Bacillus anthracis. The members isolated harmless strains of Clostridium botulinum from soil and thereby failed to produce active botulinum toxin in 1990 (8). For the production of anthrax, the members unsuccessfully attempted to steal B. anthracis from a laboratory. Later, the cult received anthrax from an Aum Shinrikyo sympathizer that had access to the biological agent within a university (8). However, this was an animal vaccine strain of anthrax, and not causing disease during dissemination, in 1993 (8). Thus, biosecurity pillars such as physical security, personnel screening, and personnel reliability are important in preventing theft of biological agents and bioterrorism. The last example describes the anthrax letters containing spores of Bacillus anthracis in 2001 in the USA. In total, 22 people were infected of which 5 people died. The source of the biological agent was a state laboratory involved in the national biodefense program of the USA (9). In addition to personnel screening and personnel reliability, material control and accountability might play an important role in preventing future malicious use of biological agents.

DUTCH BIOSECURITY INITIATIVES
The Dutch government recognizes the need to reduce biological threats and to prevent malicious use of biological agents. Therefore, the Dutch government and the Royal Dutch Academy of Arts and Sciences (KNAW) published the "Code of Conduct for Biosecurity" in 2007 (10). The code is intended to guide organizations and professionals that are, directly or indirectly, engaged in research or education in the life sciences, such as biology, medical biology, or biotechnology. Life sciences quickly evolve and new biosecurity and www.frontiersin.org dual-use questions rise, such as the worldwide H5N1 biosecurity debate in 2011, 2012 (3). Therefore, the KNAW published the advisory report "Improving biosecurity, assessment of dual-use research" in 2013 (3). This report recommends biological threat analyses and an advisory board for research in the life sciences. Furthermore, the report emphasizes the importance of raising early awareness for the risks and potential misuse of research and knowledge in the life sciences.
In response to international biosecurity initiatives (11)(12)(13)(14)(15) and the evolving life sciences, the Dutch government initiated a biosecurity project to establish a coordinated Biosecurity Program for organizations handling hazardous biological agents and associated technology, in 2009. The purpose of this Biosecurity Program is to prevent proliferation of biological materials and associated knowledge for illegitimate purposes. As part of the Biosecurity Program, the Dutch Biosecurity Office was founded in 2012. The Biosecurity Office is the national knowledge and information center for biosecurity, and offers awareness raising workshops. The Biosecurity Office utilizes previously adopted good practices from both national and international initiatives, such as the BTWC, the EU CBRN Action Plan, CWA 15793, and the Dutch Biosecurity Code of Conduct. The Biosecurity Office cooperates with existing relevant organizations, such as the Dutch Platform of Biosafety Professionals. The biosecurity policy in the Netherlands reflects the current worldwide trend to combine biosafety and biosecurity into biorisk program management (4, 15).

ONLINE "BIOSECURITY TOOLKIT"
In close collaboration with the Dutch Platform of Biosafety Professionals and other experts, the Biosecurity Office developed the online "Biosecurity Toolkit," in 2012 and 2013. The Biosecurity Toolkit aims at enhancing biorisk management within organizations handling hazardous biological materials. The Toolkit is a selfassessment tool that is freely available via www.biosecuritytoolkit.com in Dutch and in English. The Toolkit is an easily accessible tool for professionals and organizations to analyze gaps in their institutional biosecurity management. The outcome of the Toolkit includes best practices per biosecurity pillar to improve the biosecurity level of the organization. The use of the Toolkit is anonymous and online results are not stored. The Toolkit helps organizations to assess their current level of biosecurity and combines biosafety and biosecurity into biorisk.

METHODS
The Biosecurity Toolkit has specifically been developed for organizations handling hazardous or dangerous biological agents. Representatives from those organizations, governmental representatives, and biosafety/biosecurity experts were invited to participate in the development process of the Biosecurity Toolkit. This group of stakeholders and experts convened in several meetings to compose the toolkit and ascertain applicability of the Toolkit for the intended users.

QUESTIONNAIRE
The experts defined eight pillars of biosecurity risk management, namely awareness, personnel reliability, transport security, information security, accountability for materials, response, management, and physical security (5,6,16). The biosecurity experts added the eighth pillar "management" to the Biosecurity Toolkit, since the management of an organization should also be aware of biological risks, and commitment of the higher management is a prerequisite for successful implementation of the biorisk management program. A short description per biosecurity pillar is provided in Figure 1A. Per biosecurity pillar, the user needs to answer up to 10 questions with"yes"or"no"in the questionnaire (Figure 1B), and the relative score for each category is normalized to 100%. In case of doubt or uncertainty, the user is advised to fill in "no," so the associated suggestion for improvement will be addressed after fulfilling the Toolkit. Each question is accompanied with explanatory or background information, accessible via the information icon (Figure 1B). The questionnaire can be saved and interim results can be viewed between different pillars, at every convenient time for the user.

LEGAL BASIS AND GOOD PRACTICES
Supplemental information about legal basis and good practices is provided under the tab page "Good practices" (Figure 1C).
The information under "Basis" refers to national and international laws, guidelines, standards, and other relevant documents that are available in the Netherlands, such as the Biosecurity Code of Conduct (10) and CWA 15793 (15). The column "Good Practices" lists specific biosecurity measures that may increase the biosecurity level of that particular biosecurity pillar. The good practices have been formulated in collaboration with experts from the field.

RESULTS SECTION OF THE TOOLKIT
After completing the questionnaire, the user is directed to the results section of the Toolkit and the outcome of the survey is automatically presented to the user. Relative scores for each category are calculated as a percentage (actual score as percentage of the maximum achievable score). Importantly, the overall score is not calculated as an average of the individual scores, but is equal to the lowest score obtained in the separate elements. The overall score is presented as lowest score since the aim of the survey is to identify gaps and strengthen the biosecurity program, which is most effectively obtained by improving the weakest element in an organization.

EXAMPLES AND CONCLUSION
The type of organization, the biological agents handled by the organization, the risks associated with executing proceedings, the dual-use potential or likelihood that an agent can be misused, and many more variables are important for designing and implementing a biosecurity program within the organization (6,16). To illustrate the use and possible gap analysis of the Biosecurity Toolkit, we hypothetically describe two types of organizations handling dangerous pathogens: a highcontainment diagnostic laboratory from a university medical center, and a highcontainment laboratory from a pharmaceutical company.

HIGH-CONTAINMENT DIAGNOSTIC LABORATORY IN A UNIVERSITY MEDICAL CENTER
For diagnosed or suspicious hazardous material, the university medical center has a BSL3 facility. Only authorized personnel are allowed to enter and conduct laboratory work in the BSL3 facility. Reference material and patient samples are stored Frontiers in Public Health | Infectious Diseases within the containment of the BSL3 facility. Since the laboratory is part of a university medical center, knowledge is shared among different departments and potential hazardous samples may be used for research or scientific purposes. The employees are fully aware of biosafety risks; however, there is less awareness for biosecurity and dual-use risks of the samples. Entrance to the BSL3 facility has been restricted to authorized employees only, however, the medical center is a public, open organization and outsiders can easily enter the hospital. There is no security culture within the center. The medical center scores well on external transport security; however, internal transport of diagnostic samples that are used for scientific purposes is pore documented in procedures. The same applies for information security: the university medical center has guidelines for confidentiality of patient samples, but no guidelines for securing and following research samples. The hospital has procedures for emergency and crisis response, and has a clear policy of communication in case of emergencies. Thus, the fictive gap analyses for the medical center identified gaps for biorisk management system, physical measures, biosecurity awareness, and personnel reliability. The center scores well on material accountability and response, and scores average on information security and transport security.

LABORATORY IN A PHARMACEUTICAL COMPANY
This pharmaceutical company develops vaccines against airborne influenza viruses. The company has BSL3 animal facilities and laboratories for research purposes. The company is located in a rural area and has strict entrance security. Employees are background checked and research is well documented, since patents and intellectual property are important for the development of vaccines. The organization has high standards regarding general security, biosafety regulations and well-documented research, recorded in standard operating procedures, and procedures describing coding of materials. The fictive gap analyses for the pharmaceutical company identified gaps for biosecurity awareness and response, specifically in case of dual-use research awareness. Although personnel are well educated and trained for handling dangerous airborne pathogens, this training has been focused on biosafety and not on biosecurity awareness. The same applies to response and incidents: response in case of biosafety incidents and theft have been documented in procedures and covered in www.frontiersin.org

FIGURE 1 | Continued (A)
The eight biosecurity pillars were adapted from previous studies (5,16) and were ascertained by the Dutch biosecurity expert group and biosecurity stakeholders. In the left column, the pillars are placed in the order of appearance in the online Toolkit. In the right column, a short description per biosecurity pillar is provided. (B) The pillars are placed in the tab pages on the top of the webpage where the questionnaire for "Awareness" is shown. By clicking on the subsequent pillar, the questions become visible and can be answered with "yes" or "no." The yellow "i" information button provides information about the specific question. The online questionnaire can be saved between pillars, and interim results can be viewed at any convenient time. By clicking the "reset" button, the form will be cleared from previously entered answers. (C). The tab page "Good Practices" contains legal bases and good practices for biosecurity program improvement. By clicking on specific biosecurity pillars, a list with links, best practices, and information is available with suggestions for improvement of the biosecurity program within organizations.
the employee training; however, no procedures are present regarding emerging dualuse research. Thus, the company scores well on personnel reliability, physical measures, material accountability, and information security. The company scores less on response and biorisk management, since biosafety and biosecurity are not integrated in the company.

CONCLUSION
Here, we describe an online self-assessment "Biosecurity Toolkit," which was developed to strengthen awareness among laboratory employees, biosafety or biosecurity officers, the management team, or security managers of organizations handling dangerous biological agents. The web-based Biosecurity Toolkit offers a free and easily accessible tool and the resulting gap analysis of the questionnaire is for internal use only. The results are anonymous and not automatically uploaded or stored. The main purpose of the toolkit is to provide the user insight in the level of biosecurity within the organization, to create awareness and above all, to provide suggestions for improvement of the Banus supervised all aspects and execution of the project. All authors critically reviewed the manuscript for correct content.