Workplace Violence Prevention Programs (WVPP) are much more than active shooter training or providing personal security services to the CEO. In 2024, California mandated that virtually all employers implement an effective workplace violence prevention plan, and we have seen other jurisdictions impose industry-specific requirements in the last 12 months, such as New York State’s Retail Worker Safety Act. A very important aspect of the California-mandated plan is laying the groundwork for an employer to be prepared to respond to a crisis situation by developing processes to encourage reports of workplace violence and determine who needs to be in the room to evaluate situations and plan and execute the company’s response. This is just one building block of a comprehensive WVPP, however.

Other buildings blocks of WVPP are:

1. Physical security assessments and implementation
2. Threat assessment
3. Legal advice
4. Executive protection

The majority of this work is performed by security professionals with support from threat assessment professionals, attorneys with expertise in workplace violence prevention and crisis response, and in many large companies, executive protection services. 

Security professionals are in-house employees or vendors who assess specific situations for the potential for inappropriate intrusions. The scope of work for security professionals often includes:

• Developing and implementing security protocols (badges, locks)
• Determining appropriate security protocols (fencing, lighting, cameras)
• Stand-up screening protocols (bag searches, metal detectors, weapons detection systems)
• Providing physical security (loss prevention, personal protection)
• Monitoring potential threat actors (monitoring social media postings by potential threat actors, cataloguing concerning conduct)
• Establishing and maintaining conduct with appropriate law enforcement professionals
• Providing post-incident reports as a part of a continuous improvement program
• De-escalation training (angry customer who won’t leave)

Threat assessment professionals include forensic psychologists and psychiatrists or former law enforcement professionals who help assess the level of threat presented by a certain circumstance or individual. Each undergoes extensive training to be able to provide meaningful threat assessment advice. Ongoing threat assessment, especially monitoring potential threat actors and cataloguing concerning conduct, is frequently done by security professionals because it can be a large and labor-intensive task. Often working in tandem with security professionals, threat assessment professionals use their training and experience to assess the risk presented by specific threats. Threat assessment professionals suggest steps to de-escalate risks and provide effective protection of people and assets in response to the threat. Threat assessment professionals synthesize data collected by security professionals, and provide a reasoned basis for an employer to make decisions about appropriate and reasonable responses to risks presented by threats.

While legal support may involve obtaining restraining orders against individuals posing threats, attorneys with expertise in workplace violence prevention can also be part of the team that devises the strategy to deal with workplace threats. Attorneys knowledgeable in workplace violence prevention and crisis response provide legal advice regarding legal risk management and mitigation, as well as options and the likelihood of success in obtaining meaningful relief through the court system, including which options for court-provided relief are available in specific jurisdictions. Attorneys can provide advice on the legal risks presented to the company by various threat response options. Attorneys can also partner with security professionals to develop post-incident reports to identify legal exposure and to devise measures to increase safety in the future. In situations involving employees who express suicidal ideation or exhibit other mental health crises, attorneys often advise companies regarding available resources and legal measures that companies can take to prevent harm and ameliorate risk.

Executive Protection Services (EPS) should contain both security and threat assessment aspects. In general, the importance of providing EPS to members of the C-Suite stems from their high profile and the presence of threats directed against these individuals, the company as a whole, or the industry. Generally, an EPS program should make special protective measures available to company executives, and to other employees as appropriate. EPS often provides:

• Advance travel guidance (hotel security, meeting security, travel methods and routes, trained drivers)
• Situational awareness and self-defense training to executives
• Coordination and communication with other security professionals and local law enforcement ahead of events or travel
• Close monitoring of threats directed toward individuals in the C-Suite (assuming they receive more threats than the average worker)
• Personal security (armed or unarmed) for the executive
• Advice on special security protocols for the C-Suite (e.g., secured parking)

For Security and EPS, whether provided in-house or by a vendor, the company must make clear that it prohibits any aggressive force to be taken on its behalf. The company should emphasize that de-escalation and removal of individuals from risk situations is the priority and that physical engagement of any sort must be avoided except as a last resort to protect people. Security, EPS and employees generally must be aware that force should not be used to protect physical assets. In other words, self-defense or defense of others from physical harm may be a valid legal defense, but a physical engagement to protect assets would expose the company to serious risk.

Company in-house security or EPS personnel must carry a state license in many jurisdictions. Some jurisdictions also require registration or licensure for the company. When evaluating vendors, confirming their licensing credentials is an important but often overlooked step.

Insurance is another aspect to be considered when dealing with crisis response. Most Kidnap, Ransom and Extortion policies contain a provision that the existence of the policy cannot be widely shared either internally or externally. Companies should contact their broker regarding insurance coverages that may be available to the company.

Most corporations do not have employee-facing policies or procedures on EPS. To the extent that EPS is established through an employee-facing policy, it is typically done as a subset of the company’s security policies, providing that the security director is to engage and oversee a program or vendor to provide EPS to members of the executive team and other individuals as appropriate. In order to preserve the effectiveness of preventive steps and response plans, it is recommended that a company not share details of any specific EPS plans beyond those with a need to know.