Who has to have a security risk assessment (SRA)?
All entities (except for Federal, State, or local governmental agencies), the Responsible Official (RO), alternate RO, any individual who owns or controls the entity and all individuals with access to select agents or toxins must have an approved security risk assessment. Each individual who owns or controls a private entity (academic, non-profit, commercial, or other) must have an SRA completed. An individual will be deemed to own or control an entity under the following conditions: (1) For private accredited academic institutions, any individual will be deemed to own or control the entity if the individual is an officer, trustee, member of the board, or owner of the academic institution, and is in a managerial or executive capacity with regard to the select agents or toxins possessed, used, or transferred by the entity; (2) For entities other than accredited academic institutions (public or private), an individual will be deemed to own or control an entity if the individual is a part
