Gene technology regulations Part 3: Enhanced International Standards Bolster Biotechnology Risk Management

David Tribe 

The preceding article introduced the fundamentals of gene technology risk management, featuring the risk approach utilised by the Office of the Gene Technology Regulator (OGTR) in Australia. Back in 2013, the OGTR published a comprehensive risk management manual, grounded in the International Standardisation Organisation guidelines from 2009 (ISO 31000:2009).

However, the landscape of risk management has evolved. In 2018, the ISO rolled out a significant revision of their guidelines, ISO 31000:2018, providing a more refined platform for improving and expanding on the well-illustrated 2013 OGTR manual. While ISO standards are designed to be generic and form a springboard for enhanced practices, resources like OGTR’s manual continue to be crucial in offering detailed guidance.

Although parallel in scope and structure to its 2009 predecessor, the 2018 revision introduces substantially clearer definitions, principles, and frameworks. Comprehensive outlines of ISO 31000:2018 are readily available online, complete with insightful images that illuminate its value in gene technology risk management.

In this resource, we delve into six pivotal features of ISO 31000:2018:

Introduction – It underscores the role of risk management in creating and protecting organisational value, decision-making, objective-setting, performance enhancement.

Terms and definitions – The updated standard includes the logical application of “risk analysis” and replaces “hazard” with “risk source” for clarity.

Principles – These provide robust assistance for all dimensions of risk management.

Framework – It provides a structure designed to better integrate risk management into all aspects of an organisation.

Process – This involves a systematic application of diverse tools to the myriad activities necessary for risk assessment, monitoring, review, recording, and reporting.

The aim is to equip graduate-level specialists in biotechnology regulation with a thorough understanding of these updated standards and their practical applications in the field.

ISO 31000:2018 introduction.

The introduction of ISO 31000:2018 delineates how this standard forms a systematic process that identifies, evaluates, and mitigates potential risks while advocating for judicious decision-making across all organisational strata. Its relevance is particularly salient in enhancing the safety assurance quality and effectiveness within gene technology, an area fraught with intricate technical, legal, organisational, and regulatory hurdles. The introduction earmarks three main levers to achieve this – principles, framework, and process. It provides a roadmap for approaching risk management, which is invaluable for graduate level specialists navigating the complex terrain of biotechnology regulation.

Terms and definitions

The concept of “risk source,” as defined by the AS ISO 31000:2018 standard, is a crucial notion for understanding risk management within biotechnology. It describes an element or combination of elements with the potential to give rise to risk.

To put it in perspective for those familiar with food safety assurance under Codex Alimentarius standards, the term “risk source” closely aligns with the concept of a “hazard.” However, it’s critical to distinguish these two concepts, as conflating them has historically led to misunderstandings about technology risks, particularly in biotechnology and fields involving chemical and biological entities.

Here’s why the distinction matters: a hazard is a potential source of harm, whereas risk is the likelihood that the harm will occur, factoring in the severity of the potential harm and its possible consequences. In other words, a “risk source” or “hazard” might possess the potential to cause harm, but the “risk” also involves the chance or probability that this harm will indeed occur.

Therefore, the term “risk source” serves as a more precise tool in understanding the nuanced relationship between hazards and risks. It points directly to the potential origin of risk without conflating it with the probability and consequences of the harm, providing a clearer and more effective approach to risk management in biotechnology. Understanding this distinction is vital for public discussion of risks of biotechnology.

The significance of precise definitions and nuanced distinctions, as illustrated in ISO 31000:2018, becomes even more pronounced when we look at real-world regulatory applications, such as those by Health Canada (2022) in their recent regulations on food crop breeding. They emphasise a risk-proportionate regulatory approach that encompasses both conventional and precision breeding.

Lack of exposure to a risk source means there is no risk.

A key point in their discourse is the fundamental difference between risk source and risk. While a risk source is an element that may potentially engender risk, it only translates into a tangible risk when there’s actual exposure at a sensitive target. This underlines the idea that the inherent safety risk of genetically engineered (GE) foods is not tied to the process or technology of genetic engineering itself, but rather to the final product’s characteristics and mode of consumption.

Health Canada uses the example of stone fruits to illustrate this point. The fruit stones in apricots and peaches contain compounds that can produce toxic cyanide, hence qualifying as risk sources. However, because of the way we consume these fruits—avoiding the stone—the risk source doesn’t translate into a genuine risk.

This example underscores the essence of food risk sources or hazards as components that could potentially cause harm if uncontrolled. However, risk assessment must also consider the likelihood of harm under normal food consumption patterns and preparation methods, which inherently limit the chances of harmful outcomes. In other words, ISO 31000:2018′s terminology helps to clarify the crucial distinction between potential hazards (risk sources) and actual risks, a concept that is central to risk management in biotechnology regulation.

Principles of Risk Management.

The articulation of well formulated general principles of risk management are an important way to improve regulatory outcomes recognised for example in the United States Coordinated Framework for Biotechnology, and management principles have long been a part of ISO approaches to management, as shown for example ISO 9000 discussions provided by David Hoyle.  The development of principles in ISO 31,000:2018 takes presentation of these principles to a new level even though it is very concise in the form of a diagram and short considered statements of principles.

The principles of ISO 31000:2018 advocate for a risk management approach to gene technology that is integrated, structured, and customised to the organisation’s specific context. It encourages inclusivity by valuing stakeholder inputs, and flexibility to adapt to emerging, changing or disappearing risks. The approach is informed by the best available information, cognisant of its inherent limitations and uncertainties. It recognizes the significant influence of human behaviour and culture, and is dedicated to ongoing improvement through learning and experience. These principles underpin effective management of uncertainties in gene technology, thus driving sound decision-making and fostering the responsible development and application of biotechnologies.

Framework for Management

The purpose of the risk management framework outlined in ISO 31000:2018 is to enable organisations to embed risk management into their crucial activities and functions. Its effectiveness hinges on how well it’s integrated into an organisation’s governance and decision-making processes. This task demands support and commitment from all stakeholders, with an essential role for top management. It’s more than a theoretical guide; it’s a practical toolkit designed to weave risk management into the very fabric of an organisation’s operations. 

The framework builds upon the original scientific management concept of “Plan, Do, Check, Act,” but extends this with a new five-step approach: “Design, Implementation, Evaluation, Improvement, and Integration.” This progressive approach reflects the complexities of modern organisations and the environments they operate in.

Design: This involves shaping the risk management framework to align with the organisation’s objectives, strategies, and culture.

Implementation: The risk management framework is brought to life in this phase, integrated into the organisation’s overall processes.

Evaluation: The effectiveness of the risk management framework is measured and assessed in relation to the organisation’s evolving context.

Improvement: Based on evaluations, the risk management processes are refined and improved continuously to ensure they remain effective and relevant.

Integration: Risk management is interwoven into all aspects of the organisation, reinforcing its importance across all operations.

Each term is carefully defined within ISO 31000:2018, reflecting the rigour and precision required in a universally applicable standard. The framework underscores the pivotal role of leadership and commitment, emphasising that successful risk management is as much about culture and engagement as it is about processes. For students at all levels interested in organisational management and risk mitigation, understanding this advanced, integrated approach is crucial.

Risk Management Process.

ISO 31000:2018 elucidates the process of risk management in a more refined and comprehensible manner than its predecessors, such that used in  2013 OGTR risk management manual. A primary illustration of this enhanced clarity is the comprehensive diagram provided in the ISO 31000:2018 standard, which excellently visualises the risk management process.

This diagram, readily available on the internet, starts with “scope, context, and criteria” which define the boundaries and priorities of the risk management process. Subsequently, the process moves through stages of “risk identification, risk analysis, and risk evaluation.” These phases are articulated with semantic consistency and clarity, providing an upgrade from previous models like the Codex Alimentarius’ use of “Risk Analysis” as an umbrella term for risk management.

Furthermore, the diagram incorporates “recording and reporting” activities, ensuring that the documentation and communication aspects of the process are not overlooked. An essential feature is the surrounding arrows, visually emphasising that risk management is not a one-off task, but a cyclical, iterative process of continuous improvement over time. Both communication and consultation, shown in the figure, are vital elements in the development of well crafted regulations that are achieved when regulatory agencies and governments take full advantage of stakeholder engagement.

For anyone engaged in or impacted by the regulation of biotechnology – be they students, practitioners, regulators, consumers, or policy makers – ISO 31000:2018 offers indispensable insights. Its diagrams and concepts serve as a guiding compass, helping all stakeholders navigate the intricate landscape of risk management. By facilitating clear, logical, and effective communication, this standard paves the way for more informed decision-making and productive dialogue in the ever-evolving field of biotechnology regulation. It underscores our collective responsibility to ensure the safe, responsible and beneficial advancement of this transformative technology. ISO 31000:2018 concepts complement, not replace, earlier simple frameworks (eg. FSANZ 2013, OGTR 2013) which have continuing value for effective communication with other audiences (see previous post.)

Bibliography.

(Australian Standard/New Zealand Standard) ISO 31,000:2009 Risk Management – Principles and Guidelines 

(Australian Standard)  ISO 31,000:2018 Risk Management Guidelines.

Executive Office of the President. 2017. Modernizing the Regulatory System for Biotechnology Products: An Update to the Coordinated Framework for the Regulation of Biotechnology. Available at https://obamawhitehouse.archives.gov/sites/default/files/microsites/ostp/2017_coordinated_framework_update.pdf

FSANZ 2013 Risk Analysis in Food Regulation

Health Canada (2022) Scientific opinion on the regulation of gene-edited plant products within the context of Division 28 of the Food and Drug Regulations (Novel Foods), especially the Executive summary 

Health Canada (2022a) June, 2006 Updated: July 2022 Guidelines for the Safety Assessment of Novel Foods especially Appendix I 

Hoyle, David 2009. Chapter 1 Getting Started in ISO 9000 Quality Systems Handbook, Routledge.

ISO 2018. ISO 33000:2019 web preview

Office of the Gene Technology Regulator 2013. Risk Analysis Framework.

Tribe D 2023. Gene technology regulations Part 2.How to start doing risk management: OGTR 2013 Risk Analysis Framework Overview: Attention to Context. (Blogpost at GMO Pundit)