The news is full of stories about missed intelligence signals resulting in workplace violence. Whether it is reports that emerge after the event about the suspect saying something to co-workers, posting something on social media, or searching public sites using keywords like “kill” “murder” or “suicide,” we become aware of the threats made after the event rather than before it.
The fact that these events could have been mitigated, if not actually stopped beforehand, can result in loss of life and reputation, and may result in the complete closure of a business and years of litigation.
Whether thinking about GRC or Enterprise Security Risk Management (ESRM), the concepts are virtually the same. An organization must develop plans, maintain vigilance, and be able to successfully integrate various safety and security functions into protecting its assets.
When developing Threat Management plans,it is vital to outline specific events and how you will prepare and respond. Whether planning for an internal or external threat of violence or a cyber-attack against the organization, the response plan should focus on the intention.
For the purposes of this article, we will focus on people making threats, whether internal or external to an organization and how technology can provide vital information to Threat Assessment teams. Six key areas highlight how joining technology with the human component helps to connect the dots of workplace safety, breaking down organizational silos.
Risk Assessment
The basis for any response is to begin with a third-party professional risk assessment of the organization. A risk assessment will identify and document an organization’s safety and security gaps within Emergency Operations Plans, Technology and Infrastructure, Prevention Planning, Training, and Continuity of Operations Plans. These assessors should be professionally board-certified and can present their credentials when asked. This will let you know if your organization needs to make short-, mid-, or long-term changes or additions to policies, procedures, training, or technology.
Threat Assessment Teams
In the past, many organizations put employee discipline in the hands of one person. That model is outdated and fails to look at organizational safety needs holistically. A comprehensive approach considers the person who made a threat or poses a threat by their actions. This includes external people who may not even be known to the organization initially. Teams of personnel trained in threat assessment meet and discuss persons who have made threats, pose an issue of harm to themselves or others, or employees who are struggling. This allows the organization to determine a course of action developed from several points of view. Internal personnel may include Human Resources, Supervision, Administration, Legal, IT, or Security. External resource personnel may include mental health professionals, medical professionals, or law enforcement.
Technology resources assist Threat Assessment Teams in case management including gathering, storing, and disseminating information. The risk assessment can help identify gaps in these areas and recommend new or updated products.
Anonymous Reporting
Many people who have valuable information about a potential threat are not comfortable reporting the min person or filling out reports. Anonymous Reporting systems allow your own personnel or even people outside the organization to anonymously report suspicious actions, concerning behaviors, or criminal situations. Reports on incidents have shown that in many instances, people knew about the threat attackers had made but stayed quiet out of fear of retribution, lack of knowledge about where to report, or disinterest in “getting involved.” Today,anonymous tip lines receive reports about suicide concerns, depression, domestic violence, drug and alcohol abuse, weapons, or other dangerous situations that can adversely affect the workplace. These lines can be monitored to respond to threats or information as it comes in, while still maintaining anonymity for the caller.
Media and Email Scanning
Systems that scan internal email systems and public social media can identify threats and potential issues. We live in a digital world, and we need to make sure we are meeting safety threats where they live. Using superior scanning technology allows organizations to pinpoint words and phrases that indicate violence, bullying, sexual harassment, or suicide. These systems must employ data scientists and linguists that use natural language processing to provide accurate results with low false positives.
Site Mapping
These interactive maps provide first responders the ability to familiarize themselves with the inside of facilities, providing critical information during emergencies without unnecessarily exposing people to danger. Interactive site maps capture life safety information and identify areas of refuge, shut-off locations, evacuation points, room types and spaces. They also provide an organization with a record of every room’s content and positioning that allows insurance adjusters access to ready-made information in the face of large-scale man-made or natural disasters for replacement of equipment and items.
Emergency Management Systems
This software allows for all critical safety and security information to be located within one platform. Permissions allow personnel to manage sensitive information such as emergency plans, continuity of operations plans, site maps, reports, drill logs, assessments, training records, and call lists. It removes the need for binders and prevents information being from being scattered throughout different departments in an organization.
These six areas will form the backbone of an organization’s safety and security posture. Integrating the human component with supporting technology immediately helps reduce an organization’s risk and improve response. Holistic, connected safety systems and personnel such as cameras, alarms, fencing, landscaping, security teams, environmental health and safety, and cybersecurity further enhance an organization’s ability to respond to external and internal threats, decrease liability, and protect the organization and its people.
Joe’s version feels more direct here. [KR1] [KR1]
@Kara Crissman course of action is repeated here [KR2]
mention “six areas” somewhere in the intro – [KR3] [KR3]
Feels like an abrupt ending here – can we add a more conclusive last sentence without it feeling like a CTA? [KR4] [KR4]
@Kate Reynolds — Added. Let me know what you think. [KC5]
@Kara Crissman – this works, thanks! [KR6]