As security professionals we have more than likely completed an untold number of threat assessments throughout our careers. A threat assessment is a controlled group process used to evaluate the risk posed by a person (e.g. an employee, visitor, student, patient, or any number of other types of persons), normally as a response to an actual or perceived threat or concerning conduct. The threat assessment was developed by the United States Secret Service. In today’s world many corporate entities, school systems, local, state, and federal government agencies all basically follow the threat assessment model developed by the Secret Service.
Threat Assessment Team
In order to properly assess any threats that are made against your business, staff, customers, business assets or other persons or property, it is customary to form a multi-disciplinary Threat Assessment Team. However, the size and actual team members can vary quite a bit depending on the size of your organization.
For example, if you own and operate a small business with less than 20 employees your team may be very small in comparison of a corporation that employees thousands of staff and has a substantial management team. Regardless of the team size and complexity, organizations often rely on additional outside entities such as law enforcement as well.
The team members generally come from within the departments noted below, however keep in mind that certain facilities such as education may include a number of additional resources in which to draw from. Since not all businesses have all of the departments listed below, this is only intended as a guide.
- Employee Relations
- Human Resources
- Risk Manager
- Employee Assistance Program (if you have one in place)
- Safety Officer
- Mental Health Professionals
- Corporate Attorney
- Union Reps (if applicable)
During the process of forming your Threat Assessment Team your organization will need to determine who will manage and oversee the operational aspects of the team’s duties and assignments. In many cases the person charged with leading the team will be the security director or equivalent. Still in other organizations Risk Management or the Director of Human Resources may manage the process. The main point to consider will be does the person charged with managing the team have the skills in which to do so?
Skills required are more than management skills, as the person has to know how to manage and process the investigation ongoing. This is often the reason why the security management will often lead this team, as in many cases they will have investigative experience.
Threat Information Gathering
At the onset to a threat assessment there is always an information gathering phase that is driven by the known information concerning the conduct of the person that is the focus of the assessment. In other words, once a threat has become known, the team charged with investigating it will work to gather any and all information possible regarding the threat, target, suspected perpetrator, dates, times, and any and all other details to the extent possible.
In general terms, there may be times when the information is very vague, however it is incumbent on the threat assessment team to ensure that they look at all possible leads, no matter how minor they may seem at first glance. Look at it this way, in some cases there may only be a verbal statement made about a potential threat, and the team may be getting this information second hand. Regardless, they need to run the information through their process and not just sit on the sidelines waiting for supporting information.
Of course quality information may not be easily obtained from the onset. However, as the process works its way through the investigation and information gathering, the higher the likelihood that the overall quality of the information gathered will be useful.
Threat Assessment Process
Generally speaking the threat assessment process will commence once a reporting person comes forward and makes notification. In the early stages this may mean that only a few team members may be gathering the initial information to determine if the potential threat requires the activation of the entire team. In many cases the investigation may never require the implementation of the entire team, due to the fact that the information first received may be quickly determined to be non-credible.
In those cases where the initial information is determined to be unfounded, there still should be a detailed report completed to document the reported information and the steps taken to determine the validity of that information or the facts that determined it to be unfounded. It is always a good practice to insure that no one person is conducting this phase of the investigation, and in fact there should be at least 2-3 persons that make the determination upon review of all the information on file.
In those cases where the initial investigative phase indicates that the threat is credible, and/or that any other person or entity is at risk, then the team needs to determine how to proceed. The direction that the team will take will often be outlined in their predetermined action plan, but keep in mind that there is often flexibility with those processes.
At some point during the internal investigation the Threat Assessment Team may need to bring in outside agencies such as law enforcement. If that were the case then law enforcement may decide to take charge of the case, and may only use the internal team as a resource. In this case your team may be asked to step back and not conduct any further investigations on their own, as law enforcement may insinuate that such a dual investigation may hinder or compromise their own investigation
Threat Assessment Questions
Although there could be hundreds of different questions that may need to be answered during a threat assessment, the actual questions that need to be addressed may all have the obvious starting points.
For example, in this case we are referring to the Who, What, Where, When, Why, and How questions. Depending on who the subject of the assessment is, or who or what is the potential target of the threat, there are numerous examples online of questionnaires that your team can draw from.
If the person being investigated is an employee, some of the basic questions might be:
- Has there been a recent personal loss that this person is dealing with?
- Is the person under a great deal of stress at work or at home?
- Does this person blame others and refuse to take personal responsibility for their actions?
- Do they make comments about weapons, even in the form of jokes?
- Do they seem to hold onto to personal grudges to the point of obsession?
- Is there any history of drug or alcohol abuse?
- Does the person identify with acts of violence in the news, or the persons that committed the act?
- Is this person adverse to any type of criticism?
- Has this persons work performance changed for the worse?
- Has the person recently been through, or is now going through a work related disciplinary action?
Again, there are endless questions that your threat assessment team may need the answers to in order to properly assess the threat’s credibility. However, keep in mind that hundreds of questions may be asked and answered, but in the end you have to be able to make a determination from the information gathered if the threat is real and then how to respond to it.
Law Enforcement’s Role in Threat Assessments
In not all cases where an organization is conducting a threat assessment will they involve outside entities such as the local law enforcement agency. In fact, unless there is a threat of a criminal act, many businesses may prefer to handle the investigation internally.
In the event that law enforcement is called in you should keep in mind that at some point they may take over the investigation if it is deemed a credible threat of a criminal act. If that happens it may be out of your hands as to where the investigation goes from that point forward. We are not suggesting that that is a bad thing, more so that there may come a time when the investigation moves from an internal issue to one of public safety and your organization can no longer manage the assessment/investigation.
Documenting a Threat Assessment
In all cases where your organization is conducting a threat assessment, it is considered a best practice to document every aspect of the assessment. This would include all aspects, from the original point where the alleged threat became known up to and including when the investigative process was completed.
All throughout the process someone should be keeping detailed notes, meeting minutes, actions by the team members, all contact with outside entities, witness statements, interview notes, and so on. There is no such thing as too much information, yet there will likely be some attorneys that may disagree on that.
Now early on during the initial phase of the threat assessment process, or at any point during the assessment and investigation, it may become clear that there is in fact no threat and it may result in closing the investigation. That is a decision that the team members may make jointly, or something that the manager of the process may make in consultation with key members. If that were to be the case, the reason(s) for making that determination should be documented, along with all relevant actions that were taken at the time up to and including the actual closing of the case file. The important thing to remember is that without documented information your team’s decision to close the investigation may be called into question some time down the road.
Threat Assessment Risk Management
It may vary widely from one business or organization to another what constitutes a threat, and when a threat assessment team is activated and what their role will be. Regardless of that, it is important to remember that your organization’s actions once they have become aware of any threat may increase or decrease your liability. In other words do nothing and your liability exposure may be endless.
The threat assessment process is to determine all possible information and evaluate that information to determine the credibility of the threat and determine what actions need to be taken. At any time during that process your organization may seek assistance from outside resources such as law enforcement as well, but keep in mind that your liability risk will not end at that point. Even though the threat may become a criminal case, your internal team still needs to both work closely with law enforcement, as well as insure that your organization has identified and taken all appropriate mitigation steps internally.