ISO 35001 Biorisk Management: A Comprehensive Approach for Laboratories and Research Facilities

What is ISO 35001:2019?

ISO 35001:2019 is the international standard for biorisk management, published by the International Organization for Standardization (ISO). It provides a systematic framework for managing risks associated with biological agents and toxins in laboratories and related facilities. Rather than replacing key guidance documents such as the WHO Laboratory Biosafety Manual, ISO 35001 is designed to align biosafety management with broader risk- and quality-management systems. It provides a comprehensive, integrated framework that complements existing biosafety resources while ensuring consistency with other organisational management structures. The standard applies to any organization working with biological materials, from research institutions to industrial biotechnology companies. It was created to address the growing complexity of biological hazards and the need for consistent, high-quality biorisk management practices worldwide. ISO 35001 emphasizes a risk-based approach, requiring organizations to identify, assess, and control biological risks systematically. This includes both biosafety (protecting workers and the environment) and biosecurity (preventing misuse of biological agents). Although formal certification to ISO 35001 is not yet available, adhering to the standard is widely regarded as best practice. It is already required for certain high-containment facilities — such as those handling poliovirus — and provides a robust, structured framework for any organisation managing biological hazards.

Key takeaway: ISO 35001 provides a systematic, risk-based approach to managing biological hazards that protects workers, the public, and the environment.

Who Needs to Implement ISO 35001?

ISO 35001 applies to any organization that works with biological materials, regardless of size or sector. This includes academic research laboratories conducting basic science, clinical diagnostic labs processing patient samples, pharmaceutical companies developing biologics, biotechnology firms engineering microorganisms, food safety testing facilities, and industrial operations using fermentation processes. The standard adapts to different organizational contexts and containment levels, from Biosafety Level 1 (BSL-1) facilities handling low-risk agents to BSL-4 labs working with the most dangerous pathogens. Universities and research institutions often implement ISO 35001 to demonstrate responsible research practices and secure funding. Clinical facilities use it to ensure patient and staff safety while maintaining regulatory compliance. Industrial biotech companies apply it to protect their operations and meet supply chain requirements. Even smaller labs and startups can benefit from the structured approach, scaling the implementation to their specific needs. The standard is particularly valuable for organizations seeking international recognition or working across borders, as it provides a universally accepted framework for biorisk management excellence.

Key Requirements of ISO 35001

Leadership and Commitment

Leadership commitment is fundamental to ISO 35001 implementation. Top management must demonstrate active support for biorisk management through clear policies, adequate resource allocation, and visible leadership. The standard requires establishing a biorisk management policy that outlines the organization's commitment to protecting workers, the community, and the environment from biological hazards. This policy should define the scope of the management system and set objectives for continuous improvement. Management must allocate sufficient resources including personnel, equipment, and training to ensure effective implementation. Roles and responsibilities must be clearly defined, with designated biorisk officers or committees overseeing the system. Leadership involvement extends to regular management reviews of the system's performance and fostering a culture of safety throughout the organization. This top-down commitment ensures that biorisk management is integrated into all operations rather than treated as an add-on requirement.

Risk Assessment and Classification

ISO 35001 requires a systematic risk assessment process to identify and evaluate biological hazards. Organizations must classify biological agents according to WHO guidelines into Risk Groups 1-4, based on their pathogenicity, transmissibility, and potential for treatment. Risk Group 1 agents pose minimal risk, while Risk Group 4 agents (like Ebola virus) require maximum containment. The assessment process involves hazard identification for each activity, evaluating the likelihood and consequences of exposure, and determining appropriate risk levels. This includes considering factors like agent characteristics, laboratory procedures, equipment, personnel competence, and facility design. Risk determination helps establish the required Biosafety Level (BSL-1 through BSL-4) for each operation. The standard mandates documenting all risk assessments and reviewing them regularly or when changes occur. This proactive approach ensures that control measures are proportionate to the actual risks, avoiding both under-protection and unnecessary restrictions.

Operational Controls

Operational controls form the core of biorisk management under ISO 35001. Engineering controls include primary barriers like biosafety cabinets, secondary barriers such as HVAC systems and facility design, and specialized equipment for handling hazardous materials. Administrative controls encompass standard operating procedures, access restrictions, and work practices that minimize exposure risks. Personal protective equipment (PPE) must be appropriate for the risk level and potential exposure, ranging from basic lab coats and gloves to full positive-pressure suits for high-containment work. The standard specifies containment levels (BSL-1 through BSL-4) with increasing requirements for facility design, equipment, and procedures. Equipment must be properly maintained and validated, with regular certification of biosafety cabinets and other critical systems. All controls must be documented, and personnel trained in their proper use. The standard emphasizes a hierarchy of controls, prioritizing engineering solutions over administrative measures and PPE.

Incident Management

Effective incident management is crucial for maintaining biorisk control. ISO 35001 requires organizations to develop incident preparedness plans, including emergency response procedures for exposures, spills, and releases. These plans must cover immediate containment, decontamination, medical response, and notification requirements. Medical surveillance programs should monitor personnel health, with provisions for post-exposure prophylaxis and regular health screenings where appropriate. The standard mandates documenting all incidents, investigating root causes, and implementing corrective actions to prevent recurrence. Post-incident evaluations help identify system weaknesses and improve future responses. Training in incident response must be provided to all relevant personnel, with regular drills to ensure readiness. The standard also requires reporting incidents to appropriate authorities and stakeholders, maintaining transparency while protecting sensitive information. This comprehensive approach ensures that incidents are managed effectively and used as learning opportunities to strengthen the biorisk management system.

Continual Improvement

Continual improvement ensures that biorisk management systems remain effective and relevant. ISO 35001 requires monitoring and measurement of system performance through key performance indicators, audits, and inspections. Internal audits must be conducted regularly to verify compliance and identify improvement opportunities. Management reviews, typically held annually, assess the overall effectiveness of the system and approve corrective actions. The standard mandates implementing corrective and preventive actions (CAPA) when nonconformities are identified, with root cause analysis to address underlying issues. This includes updating procedures, providing additional training, or modifying controls. The standard encourages embedding continuous improvement into organizational culture, with all personnel encouraged to suggest enhancements. Regular benchmarking against industry best practices and technological advancements helps maintain system relevance. This dynamic approach ensures that biorisk management evolves with changing threats and operational needs.

Implementing ISO 35001: A Step-by-Step Approach

Aligning ISO 35001 with Legislation

Many countries have established biosafety legislation that addresses specific aspects of biorisk management, including the protection of workers from biological agents, the control of animal and plant diseases and quarantine organisms, and the regulation of genetically modified organisms. Compliance with these legal requirements is essential. ISO 35001 brings all these elements together and offers a structured framework for implementing effective biorisk management practices. Increasingly, authorities refer to ISO 35001 as evidence of best practice, particularly for research institutions and industrial facilities. Its risk-based approach supports alignment with containment level expectations and incident reporting obligations.

At 3BIO, we help bridge the gap between international standards and national legal obligations, ensuring that each implementation is both compliant and practical. Our expertise includes navigating regional differences in regulatory enforcement and integrating ISO 35001 with related frameworks such as environmental permitting and occupational health legislation.

How 3BIO Can Help

3BIO specialises in helping laboratories and research organisations implement effective biorisk management systems compliant with ISO 35001 and national legislation. Our services include:

• Gap Analysis: Comprehensive assessment of your current biosafety practices against ISO 35001 requirements
• System Design & Development: Tailored implementation roadmap and documentation
• Risk Assessments: Expert evaluation of biological hazards and appropriate containment levels
• Training Programs: Biosafety officer designation, staff competency training, and continuing education
• Audits: Internal and external audits to verify compliance and identify improvement opportunities
• OrBios Tool: Our advanced biorisk management software for documentation and monitoring

Visit our Biosafety services page to learn more about our offerings, or contact us to discuss your biosafety needs.

Frequently Asked Questions

Talk to Our Biosafety Experts

Ready to implement or strengthen your biorisk management system? Our team can guide you every step of the way.

Or email us at info@3bio.eu