By Larry Poague, Mae Ping Patrick, and Jeff Holthaus
From the August 2019 Issue
Active shooter events occurring in the workplace are a national, if not global, concern. The Department of Homeland Security (DHS), the Federal Bureau of Investigation (FBI), and Occupational Safety and Health Administration (OSHA) have all issued strong statements that not only law enforcement, but civilian organizations should prepare for these types of events.
Of the 250 active shooter incidents between 2000-2017 (see Figure 1), 42% have taken place in businesses and 20.8% at schools and colleges.
While these active shooter events are increasing, there is still limited risk that it will occur in your organization. Yet, reviewing workplace violence risk can help identify more subtle forms of violence that may be happening. According to OSHA, approximately two million Americans are victims of workplace violence each year. These issues can create an unhealthy environment for employees and potentially perpetuate a larger event.
Here are seven best practices to reduce your organization’s workplace violence risk and be better prepared if incidents do occur.
1. Perform A Workplace Violence Risk Assessment
Each location should perform its own security and workplace violence risk assessment. First, define the difference between active shooter events and workplace violence. Active shooter events typically occur in venues that are easily accessible and have large numbers of people. Workplace violence can occur between employees, patrons, or domestic partners coming to the workplace. Look at business risks such as cash operations, area crime statistics, industry statistics, building security features, and internal culture.
The purpose of the workplace violence risk assessment is four-fold and will define the scope of your specific plan:
- Evaluate credible threats (including criminal).
- Evaluate capabilities.
- Identify vulnerabilities.
- Assess consequences.
2. Set The Perimeters
Establish your layers of security. The outer layer sets the initial perception of how seriously your organization treats security and includes: fencing, lighting, parking lot access, cameras, security vehicles, and escorts. The middle layer works with the outer layer to limit access and create control points. This includes securing entries and exits, limiting access points, cameras, reception areas, visitor recognition, panic buttons, and communication. The internal layer is about employees and includes self-awareness, personal response, and employees supporting the security protocols.
3. Have Policies
Policies are only as good as your ability to follow them. Yet, they provide an opportunity for your team to outline and strategize how to deal with possible events. Key points to address when writing your policy include:
Workplace violence. Help employees understand that workplace violence is more than an active shooter event. The policy needs to include information on how the organization addresses any threat including those related to intimidation, bullying, and harassment.
Domestic violence. According to OSHA, homicide is the number one killer of women in the workplace. Employees who are experiencing violence at home may have various levels of protection orders. How will you protect them and others in the workplace?
High-risk termination. Policies for handling high-risk terminations should restrict future access for the terminated employee. Change security codes and access badges. If necessary, monitor social media for any increased threat toward the organization or its employees.
Post-event procedures. It is essential to know who will communicate with the public, employees, and families after an event. Consider making employee assistance staff available to help employees cope with workplace violence related events.
4. Work With Law Enforcement
Local police departments can be an excellent resource to partner with during program development. Many local law enforcement departments offer active shooter defense strategies training and prevention information for businesses. Engaging law enforcement for crime prevention strategies can be beneficial for establishing security measures. It is also essential to plan with local law enforcement and your leadership team on who will communicate with the police, public, employees, and families after an event.
Independent organizations can assist with training for an armed intruder type event. There are also online tools from DHS available to train employees on “run-hide-fight”. Conducting walkthrough drills or tabletop exercises to create the memory of how to respond in an event can make the anxiety level more controllable. Even allowing everyone to hear the recorded sound of a gunshot, as many employees may have not heard that before, can be helpful.
The most successful drills for employees focus on their specific work areas including:
- Where are the nearest exits?
- What rooms can be locked?
- How can I secure myself in a room, such as using a binder under the door, belt over the door hinge, or placing large furniture in front of the door?
- What could I arm myself with such as a fire extinguisher?
Drills should emphasize that employees should run if they can. If they must hide, do so in a secure or barricaded room, if possible.
Large organizations may find it easier to conduct several drills in smaller operations areas. However, do not have an unannounced drill with a mock assailant present without having a strong risk assessment and multiple controls in place. This can create risks to both the employees and trainers. Tell everyone participating that the exercise is only a drill.
During an event, communicate in plain language. From a prevention standpoint, creating an open feedback loop with employees is key to effective communication. While management may create policies and protocols, employees should be involved in the process. Part of that loop involves asking if the policies are clear and effective in making employees feel more secure. For instance, the employee at the front desk may feel more at risk than the employees in the back of the building.
Consider using management-level tabletop exercises to decide how to communicate with employees and the public both during an event and after. You may find it beneficial to include your broker, public relations company, and your insurance carrier in these exercises.
Determine what insurance would respond to specific types of events, such as a terrorist act versus an armed assailant incident. Typically, workers compensation covers injured workers. Property coverage, including business interruption, responds to covered causes of loss to physical property, and commercial general liability to non-worker litigation. The latter two policies could be impacted by whether terrorism coverage has been purchased. While these policies are standard purchases for many organizations, there can be limitations to the costs and expenses covered, so it is important to know what is in place. With the increased risk and complexity of claims, specialty programs are now available in the market that address the unique costs and expenses of these events.
Safety Program Reviews
Preparing for various active shooter and workplace violence scenarios will give your organization the opportunity to make needed changes to your safety program. Consider using confidential employee surveys to gather feedback on your program. Review the program at regularly intervals and when a significant change takes place, such as adding a new location. Lastly, partner with your insurance broker to transfer risk through insurance products that can assist with recovery should an event occur.
As with any successful program, top management must be committed to build a culture of safety for all. Use these steps and additional resources to review your existing program and prepare.
- Run, Hide, Fight
- Active Shooter Preparedness Video
- Active Shooter Preparedness
- Strategos International
- Integrity Security Consulting
- Right Angle Advisors
- Security Vulnerability and Risk
- FBI Active Shooter Response
- Active Shooter Incidents
- Active Shooter Incidents
The authors are with Lockton, a global professional services firm with 7,500+ associates who advise clients on protecting people, property, and reputations. Poague is vice president, senior loss control consultant at Lockton, where he is responsible for providing safety and security consulting services for internal and external clients, assisting clients with the interpretation of and compliance with mandated state and federal standards, developing recommendations and service plans that assist clients with the reduction of losses, and providing safety education as needed. Patrick is a senior loss control consultant specializing in implementing service plans designed to improve the safety culture and safety processes within an organization. Her background includes working in hospital settings, and she has experience with the Joint Commission Environment of Care management plans and standards. Over an extensive career in safety and loss control, she developed expertise in the area of OSHA compliance. Holthaus is senior vice president and healthcare practice leader in Lockton’s Healthcare Practice in Kansas City. He is responsible for new business development, program design, and service for healthcare clients that include large hospital systems, teaching hospitals, managed care organizations, senior living facilities, and physician groups of various specialties.
Do you have a comment? Share your thoughts in the Comments section below or send an e-mail to the Editor at [email protected]