Policy on Compliance Monitoring, Verification and Regulatory Risk-Based Activities

CONTENTS

1. Disclaimer
2. Executive Summary
3. Policy Objective
4. Introduction
5. Scope
6. Risk-Based Criteria to Guide Compliance Monitoring, Verification and Regulatory Activities
7. Definitions
8. Review
9. Effective Date
10. Contact Information

1. Disclaimer

This document does not constitute part of the Human Pathogens and Toxins Act (HPTA) or Health of Animals Act (HAA), the Human Pathogens and Toxins Regulations (HPTR), or the Health of Animals Regulations (HAR). In the event of any inconsistency or conflict between the Acts or Regulations and this document, the Acts or the Regulations take precedence. This administrative document is intended to clarify for regulated parties the criteria taken into account when deciding on the selection of sites for inspection. It outlines the most common criteria; however, there may be unforeseen circumstances where additional risked-based criteria are employed. This document is not intended to provide legal advice regarding the interpretation of the Acts or Regulations.

2. Executive Summary

The Centre for Biosecurity, Public Health Agency of Canada (PHAC) delivers a national compliance and enforcement program under the Human Pathogens and Toxins Act (HPTA) and the Human Pathogens and Toxins Regulations (HPTR), as well as certain provisions of the Health of Animals Act (HAA) in order to promote safety and security with respect to human pathogens, terrestrial animal pathogens (excluding pathogens that cause emerging animal disease [EAD] or foreign animal disease [FAD]), and toxins.

The Centre's Policy on Compliance Monitoring, Verification and Regulatory Risk-based Activities is aligned with the Centre's Compliance and Enforcement Policy and describes the risk-based criteria that are considered when determining the best compliance verification and enforcement approaches and activities.

3. Policy Objective

This policy is intended to provide clarity on the risk-based criteria considered when deciding on the most appropriate type of activity and the approach to monitor and verify compliance, and/or to conduct enforcement activities. Therefore, this policy can be used widely to guide the decisions on the licence term and conditions, the decision on the selection of inspections and the decision on how and when to assess a regulated party's compliance level.

4. Introduction

The Centre is responsible for overseeing the national safety and security regime to protect health and safety of the public against the risk posed by human pathogens and toxins and terrestrial animal pathogens (other than those causing emerging animal disease or foreign animal disease) by promoting a standard of practice for all persons conducting controlled activities with those biological agents in Canada. It administers and enforces the HPTA, HPTR and compliance to certain provisions of the HAA and HAR.

When developing the HPTA/HPTR oversight program, the Centre uses a risk-based approach in order to determine associated biosafety and biosecurity requirements for the controlled activities conducted by regulated parties with human pathogens and toxins. As such, the requirements for activities involving Risk Group 2 human pathogens are generally less stringent than requirements for activities involving Risk Group 3 or 4 human pathogens. The risk-based approach also guides the Centre's compliance and enforcement interventions, in that actions taken are proportionate to the seriousness of the non-compliance, and appropriate to the situation.

The Centre performs different compliance activities such as monitoring, verifications, and inspections (refer to Annex 1 for more information on the different types of inspections) to verify compliance, and prevent non-compliance with the applicable legislative, regulatory and standard-based requirements.

5. Scope

This policy applies to compliance monitoring, verification and enforcement activities undertaken by the Centre under the HPTA, the HPTR and certain provisions under the HAA and HAR as well as enforcement activities in relation to the HPTA and HPTR.

6. Risk-Based Criteria Guiding Compliance Monitoring and Verification and Regulatory Activities

To guide compliance monitoring, verification and enforcement activities (e. g. decision on the licence term and conditions, the prioritization of on-site inspections and the assessment of a regulated party's compliance level), the following risk-basd criteria are systematically used to enhance transparency, fairness and predictability:

• Compliance history
• Robustness of an organization's biosafety and biosecurity program and management
• Complexity of organization's activities
• Complexity of oversight
• New or emerging safety and security risk
• External risk identification

a) Compliance History

The regulated party's compliance history may influence the level of risk of a given facility. For example, a facility with repeated outstanding non-compliances may pose a higher risk than a facility which addresses non-compliances in a timely manner. The level of risk may also be considered higher for a facility that does not have any compliance history known to the Centre, as is the case for a new facility or a laboratory that is new to working with a particular pathogen.

The compliance history of a regulated party could include but is not restricted to the documentation review and reports during the licensing process (such as the Plan for Administrative Oversight (PAO) or/and the biosecurity plan when applicable), inspection reports, corrective action requests, regulated party corrective action plans, follow-up documentation and records of any enforcement actions taken.

b) Robustness of Organization's Biosafety and Biosecurity Program and Management

The level of risk may also be influenced by the robustness of an organization's biosafety and biosecurity program and management. For example, the processing of an application (e.g. review of the licence application, review of the PAO for research facilities) may provide insight to the strength of a facility's biosafety and biosecurity program and the commitment of the team. Facilities demonstrating a culture of safety, who prioritize risk management, may pose less risk because they have demonstrated how they will mitigate risks. On the contrary, a research facility that provides an incomplete PAO for their biosafety and biosecurity program may suggest a limited knowledge of biosafety and biosecurity, and thus, the Centre would consider this facility to pose higher risk.

c) Complexity of Organization's Activities

The complexity of work conducted influences the level of risk associated with a given facility. Complex types of work may include, but are not limited to research, teaching, large scale and in vivo work. These activities typically require more complex operational practices and equipment to manage the risk posed to the personnel and the public.

d) Complexity of Oversight

The number of facilities a Biological Safety Officer (BSO) is responsible for and the geographical location relative to the facilities are other factors that can contribute to the complexity associated with the oversight of the organization's activities and that may influence the frequency of inspection.

e) New or Emerging Safety and Security Risk

One of the roles of the Centre is to anticipate and respond to public health challenges and protect the health, safety and security of all Canadians against new or emerging risks. Should a new or emerging threat arise (e.g. pandemic influenza), the Centre may prioritize inspections of facilities manipulating these agents to address health and safety concerns of the Canadian public. These facilities would pose a greater risk due to the limited or lack of knowledge of hazardous properties and associated recommendations to mitigate the risks of working with emerging pathogens in a laboratory setting.

New methodologies and technologies in Canada may also pose unique risks and considerations must be given to appropriately mitigate them.

f) External Risk Identification

Other sources of information may influence the selection of inspection. This information could originate from other regulatory departments (e.g., Health Canada, Canada Border Services Agency, and Canadian Food Inspection Agency, intelligence or police services [Canadian Security Intelligence Service, and Royal Canadian Mounted Police) or other external sources.

The Centre's consistent risk-based approach to conduct regulatory activities will allow the Centre to effectively mitigate potential risks by focussing the resources where they may be most effective.

8. Review

This policy will be reviewed on a regular basis to ensure that the content reflects the guiding principles of the Centre's Compliance and Enforcement Program.

9. Effective Date

This Policy was implemented on January 8th 2018.

10. Contact Information

Questions or comments in relation to this policy can be directed to the Director General of the Centre for Biosecurity.

100 Colonnade Road, PL 6201A
Ottawa, ON K1A 0K9
613-957-1779 (Phone)
613-941-0596 (Fax)
cindy.evans@canada.ca

Annex 1:

Types of Inspections

It is important to determine the objectives and the expected results of an inspection in order to appropriately select the right type of inspection.

The Centre's inspection program includes two types of on-site inspections: announced and unannounced. The choice of the type of inspection is mainly dependent on the following factors:

• Intent of the inspection (e.g., compliance verification inspection or follow-up inspection);
• Level of risk associated with conducting the on-site inspection (e.g., risk group of controlled pathogens handled in the facility);
• Level of available information on the regulated facility to be inspected prior to the inspection.

a) Announced Inspection

The Centre generally performs announced inspections with the intent being compliance verification and prevention of non-compliance.

In these cases, the regulated parties are given a minimum of one week notice to ensure that all key personnel (e. g. Biological Safety Officer [BSO], Licence Holder Representative [LHR], principal investigator, laboratory users, etc.) are available during the inspection to answer questions and provide feedback. Announced inspections provide the opportunity for inspectors to promote compliance and good biosafety practices by engaging with key personnel and addressing their questions and concerns. When it is not possible to coordinate a time where all key personnel are available, the Centre will do its best to accommodate the regulated parties' availability.

Nonetheless, announced inspections may not be the most accurate representation of the regular daily activities being conducted in the laboratory as the organization may prepare for the inspection and modify their procedures and/or practices which would reduce the confidence level in the effectiveness of the inspection program.

b) Unannounced Inspection

Unannounced inspections are very effective and provide the Centre with the opportunity to see an accurate representation of routine activities and practices in the laboratory environment, increasing confidence in the effectiveness of the inspection program. These types of inspections are beneficial when non-compliances have previously been identified or to follow-up on previous inspections during which controlled activities were potentially posing a serious and imminent danger to the health and safety of the public.

By conducting unannounced inspections, the inspectors may run into the situation where key personnel are unavailable, which would limit the opportunity for promoting compliance and possibly extend the duration of the inspection to allow completion of the compliance verification activities.

c) Random Inspection

The selection and prioritization of inspections are determined on risk-based criteria; however, there will also be randomly selected sites for controlled activities with RG2 pathogens. The random selection of regulated sites represents an essential component of the compliance monitoring.

The results from these randomly selected inspections will provide an unbiased representation of the overall compliance level of regulated parties and will be used to establish a statistical baseline for compliance monitoring amongst lower containment level facilities (facilities conducting controlled activities with RG2 pathogens). The inspection results from the randomly selected facilities will also help to inform the validity and utility of a risk-based approach when conducting compliance monitoring and verification activities.