What does a threat management framework or process look like?
What are some key steps we should take when a threat is received or observed by our teams?
In this episode of the Managing Uncertainty podcast, Bryghtpath Principal and CEO Bryan Strawser answers these questions as he describes the model Workplace Violence and Threat Management Framework that is used at Bryghtpath. Topics discussed include initial threat actions, escalating issues to law enforcement, assessing a threat, creating plans for threat mitigation and personal safety, and long-term monitoring of threats.
Hi folks, Bryan Strawser, principal and CEO at Bryghtpath, and welcome back to the Managing Uncertainty podcast. Over the last couple weeks, we’ve been talking about workplace violence and threat management programs. And today we’re going to walk through the workplace violence and threat management framework that we use here at Bryghtpath.
You will want to look and follow along with the graphic that’s available with this podcast for free. You can get that at Bryghtpath.com/43, and you’ll be able to download a one-page version of our workplace violence and threat management framework that you can follow along with as we narrate through this podcast. If you’re looking at the framework that we use here at Bryghtpath for workplace violence and threat management, I’m going to start to the left and kind of move through the graphic.
We start with the actual threat incident. Something has happened. A threat has been made and received, and it’s been reported into whatever your defined threat management process is. Here we provide a set of risk factors to local leaders. We envision this happening in a larger organization, of course.
Perhaps you’ve got a branch, and a branch manager is the one that receives this initial report, and we’ve trained and provided them with some risk factors and categorization. And that is the threat incident risk factors that we talked about two episodes ago, now. And it is the severity levels that allow them to make an initial evaluation. And, really, their immediate evaluation takes us in one of a couple directions.
First, that the threat is a, it’s a low-risk threat, or it’s just simply unwarranted. Like, it’s been reported, but it turns out that the facts were not correct. There’s not an actual threat that’s been made. But an unwarranted or low-risk threat, basically, you skip all the way to the end of the process, and you move to monitor. We’re going to continue to monitor for newer developments. You should probably require this to be entered in some kind of case management or incident management system so that it’s reported, but there’s really no follow up. It goes into just this long-term monitoring mode until something else comes up.
The opposite of that is that this is a high-risk threat, or it’s an emergency. Like, it is quite clear that something serious has happened, many risk factors are present, or it’s dangerous to the point that you need to take immediate action.
For example, a bomb threat that is specific. You’re not going to wait. You’re going to call 911 here in the U.S. or the international equivalent of that. You’re probably going to evacuate the building. You’re going to take immediate action to ensure life safety.
The other immediate action that you’re going to take is if it’s a high-risk threat. It’s clear that there’s been an immediate threat made. This person is at high risk for suicide. They have access to weapons. There’s four or five risk factors present. We’re not going to wait and go through a threat management process. We’re going to contact law enforcement and emergency services right away.
A perfect example of this, a few years ago I was serving as the interim chief security officer for a university, and we got a call one evening. I was on call, I believe, ironically, that night. There was a call about an employee that had made suicidal comments earlier in the day, and this was the director over this area that had contacted me. There were a number of risk factors that were present based upon her description of the conversation, and based on that, I chose to have law enforcement conduct a wellness check. Turned out she was okay. She had actually taken some steps that evening to make sure that she was taking care of a mental health challenge that she was aware of. So, she took all the right actions, but we felt justified in making the decision to involve law enforcement to make sure that, really to ascertain if she needed assistance and that if she was okay. So, that’s your high-risk threat. You going to take immediate action.
Your other indications would be a medium-risk threat or high-risk threat, then you’re also going to escalate this to the threat management team. We advocate that organizations have a defined threat management team that operates corporately, or perhaps, on a regional or operating company basis, depending upon what’s right for your company. The threat management team’s job is to conduct a full threat evaluation, determine using the risk factors and severity levels where this threat falls, and then take appropriate action. All of this would be defined on the organization’s threat management framework.
On the graphic, on our threat management framework graphic, this is where we get to the right. We get to the kind of four-step process of, we’re going to investigate the situation, the threat management team. Then we’re going to understand the severity of the threat. What risk factors are present? What information do we have? What is the history of the individuals involved in this? What is the actual threat level, severity level, of this threat?
We’re then going to put into play steps to mitigate the threat. This is often thought of as a threat action plan or a safety plan. You may have a couple things going on. You may have an individual who has been threatened, and you’ve determined that that threat is credible. By individual, I mean an employee, or a contractor, or perhaps some other affiliate of your organization.
So, you may put some things in place to ensure his or her safety. This might involve changing their work location. It might involve some security coverage. It might involve them not working for a while and just being out of the workplace. There’s a number of things that you can plan and talk about here that are beyond the scope of this framework walk through. But you’re going to put into place, if needed, a safety plan for the threatened individual, and then you’re going to put into place other security and threat management steps to mitigate the risk of that threat becoming real, of them being able to take action.
Over time, the threat should diminish, and then you kind of move into this long-term monitoring state. When you’re in the monitoring state, you could have a situation where you don’t close out this particular threat as a case, so to speak, for years. For months and years. It just depends upon the situation.
I am aware of a threat at my previous employer that was monitored for nearly a decade, because the individual was so active and occasionally made threatening comments to our head of the organization and some individuals, so that monitoring of their behavior and the potential threat had to continue.
Sometimes in the monitoring stage, the threat heats up again. It becomes … You know, you may now think of it as a long-term low-risk monitoring situation, but suddenly they pop up. They’ve committed a recent violent action, and they’ve made comments about an individual at your company, and now you’re back into this medium or high-risk threat.
So, the process starts over. It goes back to being an active investigation by the threat management team. You may need to put into place new mitigation, threat action, threat management, and safety planning. And then you see the cycle. You go back to, it calms down, it goes back to monitoring, and then you can move back into escalation and an investigation again.
The point being that this is all being done in a structured manner where there are clear expectations provided on how threats are going to be recorded, how threats will be managed by frontline leaders and the threat management team, and how threats will be planned for when they’re determined to be real and actionable. And that’s your safety plan for threatened individuals and kind of your security and threat action, threat management plan, whatever you choose to call it, for the individual making threats. You want to make sure that you’re protecting the company, protecting individuals that have been threatened, and taking steps to kind of mitigate that overall threatening situation.
So this is the framework that we always use here at Bryghtpath when we’re helping companies develop and implement workplace violence and threat management programs. This is, specifically, the framework for managing a threat incident. We have a whole other story on workplace violence prevention that we’ll talk about in a future podcast.
Again, if you’d like a copy of the workplace violence and threat management framework that we’ve talked about during this episode, you can download it for free at Bryghtpath.com/43. That’s Bryghtpath.com/43. That’s it for this episode of the Managing Uncertainty podcast. I look forward to speaking with you on next week’s episode.