ISO/TS 7446:2026

Technical
Specification
ISO/TS 7446
First edition
Implementation guidance
2026-01
for biorisk management for
laboratories and other related
organizations
Recommandations de mise en œuvre pour le management des
biorisques dans les laboratoires et autres organismes associés
Reference number
© ISO 2026
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii
Contents Page
Foreword .vi
Introduction .vii
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Context of the organization . 7
4.1 Understanding the organization and its context .7
4.1.1 General .7
4.1.2 Organization’s external context . .8
4.1.3 Organization’s internal context . .8
4.2 Understanding the needs and expectations of interested parties .8
4.3 Determining the scope of the biorisk management system .9
4.3.1 General .9
4.3.2 Documenting the biorisk management system scope.9
4.4 Biorisk management system .10
5 Leadership . 10
5.1 Leadership and commitment .10
5.2 Policy .11
5.2.1 General .11
5.2.2 Communicating the biorisk management policy . 12
5.3 Roles, responsibilities and authorities . 12
5.3.1 General . 12
5.3.2 Top management . 13
5.3.3 Senior management .14
5.3.4 Biorisk management committee .14
5.3.5 Biorisk management advisor . 15
5.3.6 Scientific management . 15
6 Planning . 16
6.1 Actions to address risks and opportunities .16
6.2 Hazard and threat identification and analysis .18
6.3 Risk assessment .18
6.4 Risk mitigation . 20
6.5 Performance evaluation .21
6.6 Biorisk management objectives and planning to achieve them. 22
6.6.1 General . 22
6.6.2 Biorisk management objectives . 23
6.6.3 Biorisk management system control plan considerations . 23
7 Support .25
7.1 Resources . 25
7.1.1 General . 25
7.1.2 Worker health programme . 26
7.2 Competence . 28
7.2.1 General . 28
7.2.2 Behavioural factors and worker management . 28
7.2.3 Personnel reliability measures . 29
7.3 Awareness . 29
7.3.1 General . 29
7.3.2 Training . 30
7.4 Communication and consultation.31
7.5 Documented information .32
7.5.1 General .32
7.5.2 Creating and updating .32

iii
7.5.3 Control of documented information .32
7.5.4 Information security . . 33
7.6 Non-employees . 35
7.7 Personal security . 35
7.8 Control of suppliers . 36
8 Operation .37
8.1 Operational planning and control .37
8.1.1 General .37
8.1.2 Facility and operational planning, design, and redesign . 38
8.1.3 Control measures . 39
8.2 Commissioning and decommissioning .43
8.2.1 General .43
8.2.2 Commissioning .45
8.2.3 Decommissioning . 48
8.3 Maintenance, control, calibration, certification, and validation . 50
8.3.1 General . 50
8.3.2 Maintenance roles and responsibilities . 50
8.3.3 Maintenance documentation . 50
8.3.4 Maintenance planning .51
8.4 Physical security .52
8.5 Biological materials inventory . 55
8.5.1 General . 55
8.5.2 Scope of inventory . . 56
8.5.3 Elements of the inventory process . 56
8.5.4 Changes to the inventory . 58
8.5.5 Inventory security risk assessment . 58
8.5.6 Verifying, reviewing, and checking inventory . 58
8.6 Good microbiological technique (GMPP) . 58
8.6.1 General . 58
8.6.2 Training and monitoring .59
8.6.3 Biological hazards .59
8.6.4 Personal hygiene and dress .59
8.6.5 Work area and organization . 60
8.6.6 Aseptic technique . 60
8.6.7 Technical procedures for minimizing aerosol generation.61
8.6.8 Use of biological safety cabinets (BSC) and other similar containment equipment .62
8.6.9 Waste disposal procedures .62
8.7 Clothing and personal protective equipment (PPE) . 63
8.7.1 General . 63
8.7.2 Personal clothing . 63
8.7.3 Personal protective equipment (PPE) . 63
8.7.4 Laboratory coats . 64
8.7.5 Footwear . . 65
8.7.6 Gloves . 65
8.7.7 Eye protection. 65
8.7.8 Respiratory protection . 65
8.7.9 PPE program . 65
8.8 Decontamination and waste management . 65
8.8.1 General . 65
8.8.2 Decontamination processes and procedures. 66
8.8.3 Waste management . .67
8.9 Emergency response and contingency planning. 69
8.9.1 General . 69
8.9.2 Identification of emergency scenarios . 69
8.9.3 Emergency plans .70
8.9.4 Emergency plan training .71
8.9.5 Emergency exercises and simulations .71
8.9.6 Contingency plans . 72

iv
8.10 Transport of biological materials. 73
8.10.1 General . 73
8.10.2 Transportation planning . 73
8.10.3 Transportation security .74
9 Performance evaluation . 74
9.1 Monitoring, measurement, analysis, and evaluation .74
9.2 Incident investigation . 75
9.2.1 General . 75
9.2.2 Incident description. 75
9.2.3 Initial incident reporting . 75
9.2.4 Incident documentation . 75
9.2.5 Incident analysis .76
9.2.6 Incident: lessons learned . 77
9.3 Internal audit . 78
9.3.1 General . 78
9.3.2 Audit and inspection programme . 78
9.3.3 Audit planning . 81
9.3.4 Conducting audits and inspections . 81
9.3.5 Reporting audit results . 82
9.3.6 Audit programme record keeping . 83
9.4 Management review . 84
10 Improvement .85
10.1 General . 85
10.2 Incident, nonconformity and corrective action. 85
10.2.1 Nonconformity . 85
10.2.2 Corrective action . 87
10.2.3 Continual improvement. 87
Annex A (informative) Identification and characterization of biorisk .89
Annex B (informative) Selection of biorisk controls .96
Annex C (informative) Biorisk reduction strategies .100
Annex D (informative) Biorisk management of design and construction .103
Annex E (informative) Biorisk management system framework .114
Annex F (informative) Training and competency .125
Annex G (informative) Enhanced control measures for high biorisk activities .131
Bibliography .137

v
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out through
ISO technical committees. Each member body interested in a subject for which a technical committee
has been established has the right to be represented on that committee. International organizations,
governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely
with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are described
in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the different types
of ISO documents should be noted. This document was drafted in accordance with the editorial rules of the
ISO/IEC Directives, Part 2 (see www.iso.org/directives).
ISO draws attention to the possibility that the implementation of this document may involve the use of (a)
patent(s). ISO takes no position concerning the evidence, validity or applicability of any claimed patent
rights in respect thereof. As of the date of publication of this document, ISO had not received notice of (a)
patent(s) which may be required to implement this document. However, implementers are cautioned that
this may not represent the latest information, which may be obtained from the patent database available at
www.iso.org/patents. ISO shall not be held responsible for identifying any or all such patent rights.
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and expressions
related to conformity assessment, as well as information about ISO's adherence to the World Trade
Organization (WTO) principles in the Technical Barriers to Trade (TBT), see www.iso.org/iso/foreword.html.
This document was prepared by Technical Committee ISO/TC 212, Medical laboratory and in vitro diagnostic
systems.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www.iso.org/members.html.

vi
n
e
Introduction
[1]
ISO 35001 defines a process to identify, assess, control, and monitor the risks associated with hazardous
[1]
biological material. ISO 35001 is applicable to any laboratory or organization that is involved in any or all
the following activities with hazardous biological material: handling, storage, transportation, or disposal.
This document is intended to provide practical and easy to understand guidance for laboratories and other
[1]
organizations to implement ISO 35001 . It aims to support organizations and biorisk management advisors
in implementing a practicable and robust biorisk management system. The reader is encouraged to first
[1]
review ISO 35001 and refer to this document in parallel.
[1]
Figure 1 illustrates how documentation fits into the Plan-Do-Check-Act cycle of ISO 35001 , although not
[1]
all listed documentation is a requirement of ISO 35001 .
Biorisk management system
Improve
Prioritize
Adjust
Technical advisor
ACT Biorisk policies
PLAN
Audit,
Reports/actions
Objectives,
Documentation
Review,
Scope,
Accident,
Leadership
Establishment of
Incident,
committees
Occupational
Terms of reference
Staff
Health
CHECK DO
Inventory,
Risk evaluation,
Mitigation,
Biorisk/biosafety manual
Procedures,
Training
Figure 1 — PDCA framework and its relationship to the requirements of ISO 35001
An effective management system approach should be built on the concept of continual improvement through
a cycle of planning, implementing, reviewing and improving the processes and actions that an organization
undertakes to meet goals. This is known as the PDCA (Plan-Do-Check-Act) principle:
— Plan: Planning, including identification of hazard and risk and establishing goals;
— Do: Implementing, including training and operational issues;
— Check: Checking, including monitoring and corrective action;
— Act: Reviewing, including process innovation, and acting to make needed changes to the management
system.
vii
m
e
g
a
n
a
m
k
s
i
r
o
i

b
Technical Specification ISO/TS 7446:2026(en)
Implementation guidance for biorisk management for
laboratories and other related organizations
1 Scope
This document provides supplemental information and guidance on how to implement the requirements
[1] [1]
listed in ISO 35001 . This document does not add requirements to those in ISO 35001 .
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content constitutes
requirements of this document. For dated references, only the edition cited applies. For undated references,
the latest edition of the referenced document (including any amendments) applies.
ISO 35001:2019, Biorisk management for laboratories and other related organisations
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO 35001:2019 and the following
apply.
ISO and IEC maintain terminology databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at https:// www .electropedia .org/
3.1
biorisk management advisor
BMA
person who provides guidance on the development, implementation, maintenance, and continual
improvement of a biorisk management system
3.2
insider threat
individual or group of individuals using authorized access, wittingly or unwittingly, to do harm to the
organization’s mission, resources, personnel, facilities, information, equipment, networks, or systems
[2]
Note 1 to entry: Adapted from .
3.3
scientific management
individual, or group of individuals, responsible for managing the scientific programme within the
organization
3.4
critical systems
equipment, hardware, software, and human interactions impacting one or more biosecurity or biosafety
functions, in which failure would cause a significant increase in biorisk for the organization, people, or
environment
3.5
calibration
set of operations that establish, under specified conditions, the relationship between values indicated by a
measuring instrument and the corresponding known values
Note 1 to entry: Calibration is an important part of ensuring conformity to specified requirements.
[3]
Note 2 to entry: Adapted from ISO/IEC 17025:2017 .
3.6
certification
third-party attestation related to products, processes, systems, or persons
Note 1 to entry: Standards set out the general principles and requirements for bodies providing certification of
conformity.
[4]
[SOURCE: ISO/IEC 29110-2-1:2015 , modified — The original Notes to entry were removed and a new
Note 1 to entry was added.]
3.7
context of the organization
combination of internal and external issues that can have an effect on an organization’s approach to
developing and achieving its objectives
Note 1 to entry: The organization’s objectives can be related to its products and services, investments, and behaviour
towards its interested parties.
Note 2 to entry: The concept of context of the organization is equally applicable to not-for-profit or public service
organizations as it is to those seeking profits.
Note 3 to entry: In English, this concept is often referred to by other terms such as “business environment”,
“organizational environment” or “ecosystem of an organization”.
Note 4 to entry: Understanding the infrastructure can help to define the context of the organization.
[5]
[SOURCE: ISO 9000:2015 , 3.2.2]
3.8
senior management
individuals with operational, budgetary, and human resources authority at the departmental level with
decision-making authority
Note 1 to entry: Senior management is normally the level of managers hierarchically lower in rank than top
management, e.g. middle managers, groups, individuals that will receive delegated authority from top management.
Note 2 to entry: Senior management is responsible, among others, for allocating financial and human resources.
3.9
outsourced service provider
provider of defined services where an external organization performs part of an organization’s function or
process
Note 1 to entry: While an external organization is outside the scope of the management system, the outsourced
function or process is within the scope.
3.10
formal
following an agreed or official way of doing things
3.11
needs assessment
analysis of the purpose and all planned activities for a proposed space

3.12
approved plan
programme of work (3.39) for facility design and construction, containing organizational input from
(including but not limited to) management, workers, biorisk management advisors, architects, engineers,
and surveyors
3.13
commissioning
systematic documented review processes verifying that organizational requirements and specifications
have been met and components, systems, and integrated systems and facilities are correctly constructed
and installed, inspected, tested, and function as intended
3.14
decommissioning
systematic documented review processes to remove a component, system, or facility from active service
3.15
conflict of interest
situation in which an interested party has personal interest or organizational interest, directly or indirectly,
that can compromise, or interfere with, the ability to act impartially in carrying out their duties in the best
interest of the organization
Note 1 to entry: There can be different types of personal interests: business, financial, family, professional, religious
or political.
Note 2 to entry: Organizational interest relates to the interests of an organization or part of an organization (e.g. team
or department) rather than an individual.
[6]
[SOURCE: ISO 37001:2025 ]
3.16
handover
process of surrendering possession of a new or renovated component, system or facility to an organization
upon the completion of commissioning (3.13)
[7]
Note 1 to entry: Adapted from ISO 6707-2:2017 .
3.17
value engineering
approach used to optimize project life cycle costs, save time, improve quality, solve problems, and/or use
resources more effectively
[8]
[SOURCE: ISO/IEC/IEEE 24765:2017 , 3.4505, modified — “increase profits” and “expand market share”
were removed from the definition.]
3.18
internet of things
IoT
infrastructure of interconnected entities, people, systems and information resources together with services
which processes and reacts to information from the physical world and virtual world
[9]
[SOURCE: ISO/IEC 20924:2024 , 3.2.8]
3.19
acceptance criteria
defined limits placed on characteristics of components, systems and facilities to perform the intended
function
Note 1 to entry: The criteria can be qualitative, quantitative, or a combination of both.
Note 2 to entry: Acceptance criteria can be evidence that requirements have been fulfilled.

3.20
planned maintenance
maintenance carried out in accordance with a specified time schedule
[10]
[SOURCE: IEC 60050-192:2015/AMD1:2016 , 192-06-12, modified — The preferred term “scheduled
maintenance” was removed; Note 1 to entry was removed.]
3.21
unplanned maintenance
corrective maintenance
activities undertaken to detect, isolate and rectify a fault so that the failed equipment, machine or system is
restored to its normal operable state
[11]
[SOURCE: ISO 6707-4:2021 , 3.5.14, modified — The preferred term “unplanned maintenance” was added.]
3.22
graded protection
layers of increasing security measures around a valuable asset
Note 1 to entry: A structured risk assessment enables prioritization of risks in a graded fashion such that greater
security measures are applied to higher risk assets.
3.23
risk group
RG
hazard group
classification of biological agents based on severity of disease (3.34) and ease of transmission in humans or
animals
Note 1 to entry: The higher the risk group the higher the likelihood that the agent will cause and spread infection in
humans or animals in the country, and/or the more severe the consequences of that infection will be to individual and
public health, if it were to occur.
Note 2 to entry: Risk Group 1 (no or low individual or community risk): A microorganism that is unlikely to cause
human or animal disease.
Note 3 to entry: Risk Group 2 (moderate individual risk, low community risk): A pathogen that can cause human
or animal disease but is unlikely to be a serious hazard to laboratory personnel, the community, livestock or the
environment. Laboratory exposures can cause serious infection, but effective treatment and preventive measures are
available and the risk of spread of infection is limited.
Note 4 to entry: Risk Group 3 (high individual risk, low community risk): A pathogen that usually causes serious
human or animal disease but does not ordinarily spread from one infected individual to another. Effective treatment
and preventive measures are available.
Note 5 to entry: Risk Group 4 (high individual and community risk): A pathogen that usually causes serious human
or animal disease and that can be readily transmitted from one individual to another, directly or indirectly. Effective
treatment and preventive measures are not usually available.
3.24
provenance
information on the place and time of origin, derivation or generation of a data set, proof of authenticity of the
data set, or a record of past and present ownership of the data set
[12]
[SOURCE: ISO/IEC 11179-33:2023 , 3.11]

3.25
good microbiological technique
good microbiological practice and procedures
GMPP
set of practices and procedures that ensures the quality of science and safeguards to mitigate the identified
biorisk
EXAMPLE Cross contamination prevention, correct identification of work materials, data accuracy.
Note 1 to entry: Good microbiological techniques apply to laboratory or related facility operation, not only to
microbiology.
3.26
biological safety cabinet
BSC
biosafety cabinet
ventilated enclosure, intended to offer protection to the user and the environment from the aerosols arising
from handling of potentially hazardous microorganisms, with means for filtering air discharged to the
atmosphere
[13]
[SOURCE: ISO 15190:2003 , 3.5]
3.27
enhanced containment measures
highly detailed and stringent risk control measures considered necessary where a biorisk assessment
indicates activities pose very high risks to laboratory personnel, the wider community and/or the
environment
Note 1 to entry: These are especially needed for certain types of work with biological agents that can have catastrophic
consequences if an exposure or release were to occur.
3.28
waste stream
flow of waste from its creation source to final disposal
Note 1 to entry: Waste can be gaseous, liquid, or solid.
Note 2 to entry: Biological waste stream refers to any waste materials that are generated from biological sources such
as liv
...