73.14—Incident response.
(a)
An individual or entity required to register under this part must develop and implement a written incident response plan. 2 The incident response plan must be coordinated with any entity-wide plans, kept in the workplace, and available to employees for review.
Code of Federal Regulations
Footnote(s): 2 Nothing in this section is meant to supersede or preempt incident response requirements imposed by other statutes or regulations.
(b)
The incident response plan must fully describe the entity's response procedures for the theft, loss, or release of a select agent or toxin, inventory discrepancies, security breaches (including information systems), severe weather and other natural disasters, workplace violence, bomb threats, suspicious packages, and emergencies such as fire, gas leak, explosion, power outage, etc. The response procedures must account for hazards associated with the select agent and toxin and appropriate actions to contain such select agent or toxin.
(1)
The name and contact information (e.g., home and work) for the individual or entity (e.g., responsible official, alternate responsible official(s), biosafety officer, etc.),
(4)
The name and contact information for the physical security official for the building, where applicable,
(11)
Procedures for emergency evacuation, including type of evacuation, exit route assignments, safe distances, and places of refuge, and
(d)
The plan must be reviewed annually and revised as necessary. Drills or exercises must be conducted at least annually to test and evaluate the effectiveness of the plan. The plan must be reviewed and revised, as necessary, after any drill or exercise and after any incident.