Frequently Asked Questions

While the terms have become commonly intermingled, they are distinct. Threat Assessment is a systematic, fact-based method of investigation and analysis of multiple sources, focusing on an individual's patterns of thinking and behavior--to determine whether, and to what extent, a person is moving toward potential attack. Threat Management is the managing of a persons concerning behavior through intervention strategies designed to disrupt or prevent targeted/intentional violence. It's the holistic program within which threats are assessed and managed.

CPPS' TMAT is unique in a couple ways. Notably, CPPS consults on, both, Threat Assessment and Management considerations. Not only will CPPS advise as to the level of concern for a particular case, CPPS will also provide expertise about operational security considerations and formulation of potential intervention strategies. Additionally, CPPS consults regarding different investigative recommendations. Threat Assessment related investigations are not the same as others and include a host of considerations specific to identifying potential for targeted/intentional violence.

Stress in America is arguably at a level that we've not seen in our lifetime. We see many different things that would cause stress from the political environment, the last election, protests on January 6, people thinking that the election was stolen, and the economic environment. We’ve seen large layoffs and huge levels of unemployment, now we are almost to the other extreme in some degrees. You have labor shortages and services that people are used to getting which they now have difficulty getting, which causes stress. We are seeing problems with public health, people's personal health, and family members' health. Just when you think you're getting on the back on track with the pandemic, the Delta variant comes around and tends to be significant, and most recently the Omicron variant. Those all can be sources of unprecedented levels of stress.

For workplace violence, an interesting trend that we're starting to see includes a couple of cases in the last 60 days. The federal government has been sued and wound up having some large payouts—both for the Parkland Florida shooting through the department of justice and then with the Department of the Air Force being paying a huge settlement from the church shooting down in San Antonio, Texas a couple years ago. This was because of gaps in the threat assessment process within the community. An impact of this in the corporate world would be that there's been a bar set—the government was held liable. Here's something that in follow on litigation, the attorney is likely going to refer to as a reference point.

It depends on what you define as normal. We are evolving, we are coping, trying to meet the challenges that we've all been up against. Threats have morphed, and they've changed, but the principles stay the same. The fundamental tenants of behavioral threat assessment really haven't changed. Keep that in mind with some of these pretty awful things that that are being done or said.

One of the things we know about stress from a behavioral standpoint, is that the more stress that people are under, the more piling on effect that you have of these different stressors, the more behaviors that you will start to see develop. Whether it's in the workplace, or just in society, people are acting out or progressing towards possibly becoming violent. Certainly, it's fair to say that a need for violence prevention programs or a threat assessment program has not gone away. In fact, it's, it's likely gone up since the pandemic began.

Behavioral Threat Assessment is not that old—it’s been a practice for about 20-30 years. It wasn't long ago that people thought that violence prevention was nice to have. We had programs to address things like sexual harassment, which is still a problem today, but having comprehensive programs to discern the likelihood of violence, and then to come up with appropriate intervention strategies really wasn’t a thought.

The Secret Service uses the term PII (Protective Intelligence and Investigation). Part of that was, in fact, threat assessment and behavioral threat assessment based upon a specific event, or a specific protectee, or individual. This was the genesis of Behavioral Threat Assessment.

Over time, out of necessity, sadly, it has evolved for schools, houses of worship, corporate America, faith-based organizations, non-profits, etc. In 1998, the event known as Columbine created rippling effects, and we're still feeling it now. Over the years we have gathered many studies and concepts. We can now understand why people behave the way they do. There is a way to assess (not predict) the likelihood of violence given a set of circumstances. By the time we got to the tragedy in Virginia Tech, we had another watershed moment. Then, we had Sandy Hook, and it just goes on and on. That's just on the education side. Corporations have had more than their share of mass shootings and significant events as well.

We realized there must be a connection between the way people behave, and what the likelihood is that they might harm somebody, maybe a small percentage of the people that we look at have the capability to do that, but almost everybody starts with the same behaviors of concern. That’s why comprehensive Workplace Violence Prevention and Behavioral Threat Assessment programs are critical. Behavioral Threat Assessment is not a separate thing—they’re a symbiotic relationship.

The short answer is, anybody can make a threat. It doesn't mean we don't pay attention to it, but if it's followed up with other things such as, years of concerning behavior, planning behavior, or targeting behavior, then all these sorts of things could lead to the pathway of intentional or targeted violence. That is the difference.

Both pieces must work together for the program to work. You could have people trained on what to look for and do the reporting. But then, if the organization isn't diligent, trained and equipped to be able to respond to whatever that concern is, then you have a problem. On the reverse side of that you could have a robust capability of threat assessors and expertise and people that know how to go through the process, but if you have an employee, or a school student, see something or hear something, and doesn't say something, they won't have the tools to be able interpret the data and adequately intervene.

Threat assessment involves an individual assessment of a person of concern in a particular situation, at a particular point in time. It’s almost always fact based. It's deductive reasoning, dynamic and responsive to the nature and process of a threatening situation. It will assess the likelihood of violence it will not predict it. Profiling, on the other hand, oftentimes deals with certain types of criminals and certain types of criminal activity. There are certain types of crimes that tend to be effectively dealt with via profiling. Serial crimes, for example. They do it repeatedly. It's generalizing about an individual based upon their similarity to others in high-risk groups. It's very inductive. With behavioral threat assessment, we're not going to be able to tell you we're looking at a specific gender, age, lifestyle, or background. That is profiling.

Generally, each will be assessed as follows:

Low Threat:

• The threat is not likely to be carried out

• Lack of: specificity, planning, organization

• The threat is irrational

• Does not make sense

Medium Threat:

• Threat is more direct and concrete

• Wording suggests threatener has given some thought on how the act is to be carried out

• A general indication of place and time including, some specificity, some possible planning, some organization

High Threat:

• Threat is (in)direct, specific and plausible

• Threat suggests the threatener has:

  1) The Means to carry out the threat

  2) The wherewithal to carry out the threat

• Threat suggests a DETAILED PLAN OF ACTION

  • Specificity

  • Planning

  • Organization

The short answer is, absolutely. Because all those things should be part of a comprehensive program. Those are mitigation strategies. Oftentimes, with lower-level behaviors we’re able to mitigate or alleviate a concern. That doesn't mean that concern goes away. That doesn't mean we put the case file in the drawer and never look at it again. Over time, things can change. Concerns can appear again. It needs to be periodically addressed. There’s a place for discipline. There's a place for EAP. The Threat Management team needs to make a comprehensive look at everything. Behavior is quantifiable—if you don't get it at the source, it's going to appear again.

Yes, because often previous acts of inappropriate behavior and/or violence are evolutionary or cumulative in nature.

As workplace violence prevention programs have begun to mature, and as part of threat assessment, the desire for analytics has become more and more important. Here's the problem, if you don't have a program, track your incidents, or have a way to determine or decipher what those trends are, you don't have anything to go on. So, with broad statistics, you must be careful. If you can show that you've had so many events of a certain type within a year, and of those, you were able to mitigate 50-60%—those are the kinds of analytics that can be very helpful. The problem is most workplace violence prevention programs are not yet mature enough to be able to do that. So, analytics are the future and we're striving for that.

In a nutshell, risk assessment is a process where you try to quantify the likelihood that a certain event will take place. Sometimes it's numerical, sometimes there are other formulas. We want to know how likely we are to have a workplace violence incident in our organization. Sadly, because of our behavioral nature, you're just as likely to have an event if you have a robust program. You're just going to be better equipped to manage it. You cannot predict an act of intentional violence before it happens. We can assess based upon the information, facts, planning behavior and targeting that likelihood, which is why we try to put it on a hierarchy of what we call dangerousness. But there’s no real prediction there. It changes based on the information that you have and what you don't have. Risk assessment is more of an academic process. It's important and it certainly helps determine where to put the budget. You can do your best to inhibit an act of violence, but you can't guarantee it won't happen, let alone where it will happen.

You must have an overarching plan. When you're successful it doesn't mean you let your guard down. You may have had some success, but you don’t know what you don’t know. You must have things in place like a threat management team, and your legal, HR team, and security folks all on the lookout. Much of this is cyclical. Nothing stays the same forever. Have a comprehensive plan to look at readiness, response, and recovery.

This program must be like sexual harassment, or other compliance programs we put into place. It needs to be mandated, recurring, and institutionalized. It’s not enough to make training programs available and say, “Okay, we have a program in place”. Best practice is to do initial training and recurring training at various levels throughout the organization. Maybe you haven’t had an incident, but there's enough incidents happening in society that it's in the psyche.

The Structured Professional Judgment (SPJ) approach is an analytical method used to understand and mitigate the risk for interpersonal violence posed by individual people that is discretionary in essence but relies on evidence-based guidelines to systematize the exercise of discretion. They are useful and this is the approach we teach at CPPS.

Travel Risk Management is the process and activities dedicated to mitigating or controlling travel related risks. It’s the managing of disruptive uncertainties pertinent to travel.

Generally, a Travel Risk Assessment is used to identify risks, evaluate them, and plan accordingly. There are a couple layers: (1) is an assessment prior to entering an area for the first time to identify the overall level of risk associated with the area, and (2) the second type is related to a specific trip. It’s more time-bound and generally considers the risk of the individual traveler, the dates of the trip, the location, and other variables associated with trips.

High-risk countries are defined differently depending on how the risks are being weighed. For the United States, the Department of State identifies which countries are high-risk. Generally, risks are weighed based on potential for things like crime, kidnapping, health risks, geopolitical issues, and other factors.

It depends on the country. It’s beneficial to research your destination ahead of time. Generally, it’s better to use services like officially marked taxis, or transport sourced by your hotel, for example. Use considerable caution when thinking about getting a rental car—there are many variables to evaluate.

No, but should be a part of a comprehensive WPVPI Program. That said, they should not be the first, or only, thing accomplished. Exercises are best conducted after requisite plans, policies, and procedures have been developed, and all key personnel have received proper training. An exercise should be one of the latter things implemented into a comprehensive program.

Generally, yes if conducted properly. The right expertise, temperament, knowledge, and exercise planning will affect the quality of an exercise. It’s best not to hurry the process, particularly with something as serious of topic as active assailant.

They can help identify where a readiness plan or program can improve, increase communication between key stakeholders, and help external partners gain familiarity with your organization when involved.

First, you must recognize the danger and figure out a course of action. This is a continual process. Then, choose one of the following options that best facilitates your safety: Get away from the shooter, hide somewhere and prevent the threat from gaining access, or, as a last resort, defend yourself and fight the shooter for your life. Continually assess the situation and keep choosing the option that best fits the circumstance. Remain spread out from others, but make a plan if others are present. Call authorities as soon as safe to do so. When first responders arrive, comply with all their directions.

Active shooter response training generates resiliency. Like wearing a seat belt, it doesn’t mean you’ll experience an accident, but you’ll be more prepared if you do. It increases your preparedness in the unlikely case it happens, provides a framework to recall and more effectively respond, and facilitates better recovery from the stress and trauma afterword.