How to Promote Continuous Improvement in Threat Assessment Programs

How to Utilize the Homeland Security Exercise and Evaluation Program (HSEEP) Framework

Violent incidents are devastating events for the people involved, the communities they occur in, and the organization where the violence takes place. Although not all events can be stopped, there are strategies to mitigate occurrences by identifying threats at organizations. Threat assessment should be used at the organizational level to identity behavior that could lead to violence.

Additionally, like in any mitigation strategy, threat assessment activities should be documented and training/exercises should take place to increase awareness throughout organizations as well as to develop capability in the function while increasing confidence in decision-making in times of application.

This series is divided into three parts. This first section will cover what threat assessment is, and considerations when forming a team. The second article will suggest a training framework, the Homeland Security Exercise and Evaluation Program (HSEEP) to both build capability and target areas that should be improved. Finally, the third piece will illustrate application using a case study format at the Harris County Appraisal District’s efforts in developing a threat assessment program with recommendation moving forward using HSEEP.

What is Threat Assessment?

Threat assessment is a comprehensive strategy to identity potential threats and mitigate violence. This approach employs a cross-functional team that benefits from multiple points of view when it evaluates behavioral threats. Internal policy drives threat assessment and prompts notification of warning signs to the threat assessment team, increasing their ability to connect the dots.

Once a threat is received, the multi-disciplinary team evaluates the threat, has the authority to act, and makes a decision if intervention is needed. All actions taken should be well-documented to both capitalize on lessons learned, to protect the team and to ensure the process is thorough. The primary goals of a threat assessment team are to collect information, assess the seriousness of each threat, and to implement interventions that deter future violence. In too many cases, after events, information is gained that indicates someone who had contact with the aggressor had knowledge of their intent, but did not say anything for whatever reason. An organization that employs threat assessment should increase awareness of the program throughout the business so that employees are aware of how to report, and emphasize the benefits of reporting to maximize opportunities to avoid critical information that may have averted a violent act going unreported.

A threat assessment team should comprise subject matter experts in human resources, security/risk management, legal, mental health and representation from senior management. This approach allows for free flow of information across departments to avoid evidence of violent behavior being overlooked. Furthermore, this approach permits multiple views at once in a team atmosphere to avoid privacy issues due to each team member analyzing privacy issues from their program area. Often, this team must make decisions based on the circumstances and information available to them at the time, and this may prompt further investigation. For this reason, the team should develop a process to evaluate information received before implementation. This standardized approach assists teams with unfair treatment claims.

Organizations should be motivated to develop and employ threat assessment teams to safe guard life safety, avoid the aftermath of an event causing loss in productivity, and to mitigate litigation. Organizations share a responsibility to protect their employees, or others who are on their property, from foreseeable threats.

In light of the frequency of violent behaviors in public places, it is reasonable to believe that these events are foreseeable. Foreseeability is a legal standard that refers to whether an event could occur, and if an event is foreseeable then organizations have a duty to protect their employees from harm. An example of this could be if a worksite is located in a high-crime area and employee is injured at work, then the organization could be liable unless they demonstrate due care. A documented threat assessment program is one way to demonstrate due care to what could be seen as a foreseeable event. A best practice to bolster threat assessment teams is to implement training which is documented to illustrate efforts. One strategy to do this would be to use the Homeland Security Exercise and Evaluation Program (HSEEP) Framework.

Glen Reed, the security manager at the Harris County Appraisal District, points out that organizations may be affected by violence in the workplace by:

TYPE 1: Violent acts, no affiliation with organization (property offenses, ex. Anti-religious graffiti on a church, or a violent gang graffiti on or near a school)

TYPE 2: Affiliation to organization (customer/client/disgruntled former employee); violence towards employees based on a grievance

TYPE 3: Internal organizational violence (violence against coworkers/supervisors)

TYPE 4: Domestic issues that overflow into the workplace (violent spouse or domestic partner); mental health matters (suicidal ideation)

All sources of violence should be considered in a complete threat assessment program. As noted in the sources of violence, it is important for teams to realize that threats could originate from outside the organization. This could be attributed to high crime around the workplace, a disgruntled employee or an estranged spouse. Conceptualizing each source of possible violence will assist in policy development to target information needed to mitigate each threat.

The next article in this series will expand on using the HSEEP framework to build internal capability for threat assessment efforts, and identify areas for improvement.

Cody Mulla has a distinguished 20-year career as an expert in emergency and crisis management. He is currently Director, Security Risk Management at Hillard Heintze. Mulla is finishing his Ph.D. in Organizational Development at the University of Texas and holds three Masters Degrees (Human Resource Development/Lean Six Sigma, Master of Science, Industrial Organizational Psychology, and a Master of Science, Leadership & Crisis Management). He also holds a number of certifications including Certified Protection Professional CPP, ASIS; International Association of Emergency Managers AEM; Master Police Officer, TCOLE; Certified Healthcare Protection Administrator CHPA, IAHSS; and Certified Homeland Protection Professional, NDPC. Mulla serves on the ASIS School Safety and Security Council and the Utility Security Council.

Glen Reed has 18-years of experience in many facets of security and law enforcement. Currently he is the new Security Manager for the Harris County Appraisal District (HCAD). Prior to joining HCAD, Reed had a 10-year career at the University of Texas System Police at Houston, where he held progressively responsible positions, starting as a commissioned Texas Peace officer, Criminal Investigator, and Threat Management Investigator. Reed holds a Bachelor’s Degree in Sociology from the University of Alaska in Fairbanks, and a Master’s Degree in Administration of Justice & Security from the University of Phoenix.

ON DEMAND: In this webinar, Regina Lester, Vice President of Security & Safety Operations at Toledo Zoo, will share her insights on implementing security technologies in the entertainment sector and the challenges all organizations face — large and small — when it comes to balancing budget and security.