Rijksoverheid logo

Biosecurity Self-scan Toolkit

Version 1.7.3-RELEASE © 2012-2015 RIVM

Information security

Does the organisation have policies and procedures in place for interpreting confidential information? Sensitive/confidential information refers to information that could be used by third parties for other than the intended purpose.
Does the organisation monitor individual authorisations regarding access to sensitive/confidential information? Organisations are required to have an overview available containing the names of persons with authorised access to this information.
Are guidelines available on the process of handling sensitive/confidential information? Confidential information refers to information that should not be disclosed. The guidelines describe how this type of information must be handled, in order to prevent disclosure.
Are personnel familiar with these guidelines? Personnel must be informed about the security measures that they must take to prevent the leaking of confidential information.
Is there a code of conduct regarding data security? This refers, for example, to the use of (secure) USB flash drives, e-mails, PCs, laptops/notebooks and (electronic) laboratory notebooks.
Does the organisation's policy on publication include the issue of dual use? Dual use refers to biological agents, technology or knowledge, which can be used for 'good' purposes but could also be misused.
Are potential dual-use aspects included in the weighing process at the beginning of new research on biological agents? Dual use refers to biological agents, technology or knowledge, which can be used for 'good' purposes but could also be misused. In cases of new research, it is advisable to analyse the possible risk of dual use, so that measures can be taken to prevent any misuse.
Has the organisation formulated and implemented a policy on information security? The manner in which confidential digital information is handled within the organisation is described in a policy document. This document forms the basis of operational information security.
Are data on the location of biological agents centrally stored and secured? The organisation has an overview available containing information on the locations at which biological agents are stored, used or handled. This information can only be accessed by personnel who need this information in order to do their work.
Are personnel aware of the need for careful handling of information, and has each of them signed a form or statement to this effect? Personnel carry responsibility for the information in their possession regarding the location of and knowledge on biological agents.