Skip Navigation
Oklahoma State University
University Research Compliance

A unit in the Division of the Vice President for Research


Security Plans

OSU is required to have a comprehensive security plan for its select agent program. Additionally, college and lab specific security plans are required. Federal regulations and OSU policy have stringent requirements for security plans. College plans must be established and approved by the college dean. Lab specific plans must be developed by principal investigators. These plans must be consistent with federal criteria and complement the requirements set forth in the respective college security plan and the university's security plan. All plans must be reviewed and approved at least annually by the Responsible Official. These documents must be available at all times for review by the Responsible Official or Alternate Responsible Officials. The Responsible Official and/or the Alternate Responsible Officials must review the plans following an incident. Plans must include the following:

  • Description of physical security, inventory control, and information systems control
  • Provisions for the control of access to select agents and toxins
  • Provisions for the routine cleaning, maintenance, and repairs
  • Procedures for removing and reporting unauthorized or suspicious persons
  • Procedures for reporting activities, loss or theft of select agents or toxins, release of select agents or toxins, or alteration of inventory records
  • Procedures for loss or compromise of keys, passwords, or combinations
  • Procedures for changing access numbers, locks, combinations, or returning keys when there is a staff change or an authorized person leaves
  • Procedures for ensuring that all individuals with access, including workers and visitors, understand security requirements and are trained to follow established procedures, to include procedures to remove unauthorized persons
  • Procedures for control of access to containers where listed agents and toxins are stored
  • Procedures for ensuring that all employees understand the requirements for reporting as defined in 42 CFR 73.11.

The Centers for Disease Control and Prevention (CDC) and the Animal and Plant Health Inspection Service (APHIS) Select Agent Programs have posted guidance that is designed to assist entities in complying with the security requirements of the select agent regulations. See This guidance includes a security information document and a security plan template. Various security checklists can be found at

Contact the Office of University Research Compliance if you have questions or need assistance.