Heightened security concerns have focused significant attention on crisis response plans, and more firms now have plans in place for terrorist, bomb threats, fires, and natural disasters than at any point in modern history. Conspicuous by its absence from many of these plans is a workplace violence response plan; when it is included, not much beyond “lock the doors” and “call the police” is referenced.
While most crisis planning professionals support the concept of having a plan that incorporates the multitude of disasters an organization can face, and that uses common approaches across the issues, they also encourage organizations to have a specially focused workplace violence response plan. This is recommended because workplace violence, unlike other hazards or disasters, involves a thinking, mobile, and dangerous human being. Consequently, it must be dealt with in a manner that is specifically designed to address workplace violence so as to avoid errors that could add to the mayhem associated with these incidents and actually cause additional employees to be in harm’s way.
To illustrate the point, most actions that are correct for events such as fires, bomb scares, and natural disasters call for evacuating a facility. However, evacuating your facility while there is an active shooter may be the worst thing to do, as it may lead to more people getting hurt. During most disasters, communications to evacuate people is the primary goal. During a gun-toting incident, communications must be set up to direct employee’s movements in a precise and urgent manner via multiple methods. For example, relying on a loudspeaker system would be ineffective since the intruder would hear and react to the instructions too.
It would be remiss to not state that the most effective way to deal with a workplace violence incident is to avoid it in the first place. Every organization should have a safe hiring process in place that emphasizes pre-employment screening and background checks as part of a workplace violence prevention program that has as the heart of it a “zero-incident” approach to workplace violence prevention.
A zero-incident approach addresses prevention by focusing on identifying at-risk behaviors of employees and organizations, as well as by conducting risk assessments of the work environment, physical facilities, and by putting contingency plans in place for anticipating threats.
Every organization should have a safe hiring process in place that emphasizes pre-employment screening and background checks as part of a workplace violence response plan and prevention program that has as its heart a zero-incident approach.
It is also important for all organizations to make sure they have a “no weapons” policy that has some teeth to it. For example, the now infamous shooting rampage at Lockheed Martin in 2003 involved an employee who left the plant, then came back in with a gun and started shooting people. The company reportedly had a no weapons policy, but the big question is whether they actually took affirmative steps to enforce it.
The next most effective way to deal with workplace violence is to have a well-developed crisis plan in place that has been tested so that people know exactly what to do. A comprehensive approach to addressing a workplace violence incident involves the following seven steps:
1. Identification of critical incidents that trigger activation of plan
2. Reporting procedures
3. Pre-incident preparation
4. Emergency actions
5. Training in procedures and responsibilities
6. Testing and exercises
7. Integration with business continuity plan
Step One: Identification of Critical Incidents
First, it is important to define a critical incident. Is it a shoving match between employees? An employee being threatened by a customer? An employee yelling curse words at the top of their lungs?
A good definition to use might be the death, serious injury, or severe psychological trauma of an employee, client, or person that people have had regular contact with; any situation that will attract unusual attention from the news and media; and any event that is likely to seriously interfere with the continuous operation of critical business functions.
Ensure that any plan clearly defines all the types of incidents that trigger the plan’s activation. Do not leave this open to employee interpretation, or the program could be unnecessarily triggered and tie up important resources.
Step Two: Reporting Procedures
The second step is for the organization to have a workplace violence response plan that clearly states the reporting requirements and procedures for emergency or imminent danger situations.
Typically, policies require that employees report emergency or imminent danger situations either directly to law enforcement (911) or to an internal control center and/or loss prevention. Remember the faster an organization knows about a critical incident, the faster it can put its plan into motion.
A tip to consider—Conduct a desk review of company security, safety, and human resource policies. It is frequently found that the policies are incongruent and sometimes in direct conflict. It is important to ensure that these policies are synchronized. If the company should end up in court, confusing or different policies can work seriously to its disadvantage.
Step Three: Pre-Incident Preparation
The first part of this step is to ensure a full workplace violence prevention program is in place. The second part is to have each department and subsequently each employee put together a “stay-safe plan.” A stay-safe plan for a department involves the supervisor developing a specific plan for their unit with employee input that fits the type of work performed and the environment. Typical items that should be included are:
- How to recognize early warning signs
- How to diffuse hostile situations
- Emerging procedures
- Concealment plan
- Exit strategy
The stay-safe plan for employees simply takes this to the next level and individualizes it. Some organizations encourage their employees to also address security and safety awareness issues outside of work in their personal stay-safe plan. This tends to create a safety and security mindset that reinforces the firm’s program and can establish thinking about safety as a way of life.
The organization should develop a crisis communication plan, because the number-one rule of business continuity is “If you can’t communicate, you can’t recover.”
Another area to consider regarding pre-incident preparation is the establishment of safe rooms. While some consultants advocate safe rooms, not all experts agree with this concept.
Another pre-incident preparation step is damage mitigation, which involves not only dealing with an immediate crisis, but also ensuring that it doesn’t mushroom into even bigger problems. Some ways of doing this involve having employment liability insurance and having alternative facilities pre-identified with arrangements to act already in place.
Step Four: Emergency Actions
This step involves two parts that also require advance preparation: the crisis communications plan and the critical incident stress debriefing
Crisis Communications Plan. The number-one rule of business continuity is “If you can’t communicate, you can’t recover.” An effective crisis communication plan must be built to address the following elements:
- Speed—How quickly can communication take place?
- Accuracy—Is the correct information reaching the intended audience?
- Flexibility—Are there any limitations to the organization’s communication effort?
- Effectiveness and Reliability—Will the communications system work every time, regardless of the situation?
Some of the important questions to consider in building the plan include:
- Does the organization have back-ups who are trained and current for members of the crisis management team?
- How fast can the plan be implemented in terms of minutes? This is tied to the timing needed to save people’s lives as well as restore critical business functions.
- Decide in advance what will be said to various stakeholders. The time to develop a message about a crisis situation is before the crisis occurs. During an emergency, there will not be time to think about it.
- Does the organization have an off-site, alternative location for crisis response?
- Does the organization have employee notification systems in place as well as alternative plans to be able to contact employees who are on-site?
- Has the organization created a means to direct media and others to a website or other central source of information where accurate information is being gathered and released?
- Does the organization have a means of contacting employees who are offsite or traveling?
- Has the organization anticipated what could go wrong and built incontingency plans?
A system can be operated from a single personal computer or mobile device, which allows communications with anyone in virtually any location. The system also allows the organization to pinpoint its message and to send specific messages to specific people or groups of people–an essential quality necessary in dealing with a workplace violence incident. It may be necessary to evacuate people in one location, have people stay put and lock down their facilities in another, while informing yet another group of individuals to stay away from the location where the problem is occurring. In addition, the system is operational 24 hours a day, so it is always ready to go.
Critical Incident Stress Debriefing. The second part of the emergency actions step involves establishing a critical incident stress debriefing process in advance of an incident occurring. This deals with the emotional and/or psychological fallout that people often experience after being exposed to a traumatic event. This should also include emergency response personnel, who are often overlooked with regard to the impact of trauma.
The debriefing process is a critical step that impacts the speed at which the organization’s operations will be able to recover and resume productive business again. Research has shown that it takes six to eighteen weeks for an employer to return their workplace to normal operations after a traumatic event. The process is considerably longer in workplaces where the employer fails to assist employees in the recovery process.
Accordingly, organizations should be sure to have pre-identified professional resources, either through its employee assistance program or community mental health resources, who are trained in this area. It is important to insist that any individuals identified to conduct the debriefing sessions are specifically trained in this process. The professionals should be credentialed and certified in critical incident stress debriefing.
Step Five: Disaster Preparation Training In Procedures
Stop and think for a moment. Have your organization’s employees received sufficient disaster recovery/business continuity planning training? If the answer is “No,” your organization is not alone.
This step involves assuring that all employees receive the appropriate training regarding the overall crisis response plan in general and their specific roles and duties in executing the plan. Training should at minimum include the following elements:
- Warning signals and their meaning, appropriate reaction, and actions to take
- Identification of an explanation regarding sequence of actions to take in an emergency, including how to report incidents and to whom
- Emergency shutdown or lock-down procedures
- Evacuation procedures and routes, assembly areas, and headcount management procedures
In addition, management personnel should also receive training in their duties and responsibilities during a crisis. This should include:
- Specific responsibilities as outlined in the crisis management plan
- Leadership skills required for crisis management
- Media relations skills for those assigned this responsibility
Finally, crisis response team members should receive detailed training in their specific responsibilities in the plan, including:
- Response procedures for incident command
- Control and lines of authority
- How to use specific equipment during the crisis
- How communications should be handled
- The appropriate training for each level of employee is an essential step in ensuring the workability and success of any plan
Step Six: Testing and Exercises
A fundamental rule of thumb of training is “Train first, and then test for competency.” An organization cannot afford to be in the position of hoping that its employees know what to do when a crisis strikes.
Too many businesses fail to follow this fundamental premise and consequently leave themselves wide open for an unpredictable response to a crisis event. Outdated and untested methods provide a false sense of security and place a company at a greater risk of operational failure.
The American Management Association reported that 57 percent of companies fall into this situation and have not conducted a crisis drill to test the implementation of their workplace violence response plan.
According to the ASIS International Disaster Preparedness Guide, some methodologies for testing a plan include:
- Walkthrough or tabletop drill—An interactive exercise with discussions of hypothetical or mock scenarios where actual emergency response functions are acted out in a classroom setting.
- Limited-scope drills—These involve limited mobilization of personnel and equipment to test interaction, coordination, participant activity, as well as assess participants knowledge and execution of required procedures, such as building evacuation.
- Full-scale exercise—A comprehensive test of the interaction and coordination in the emergency planning program; testing of the knowledge and skills of most key staff with emergency responsibilities; mobilizing personnel and testing knowledge of appropriate equipment. A full-scale exercise uses trained personnel such as police and fire personnel, other agencies’ or organizations’ emergency response personnel, or consultants to control, evaluate, and simulate participant activity on a large scale.
One of the biggest problems that firms fall prey to with disaster preparedness planning is the illusion that their plan will work exactly the way it is designed. The stark reality is that a plan never works exactly as it is planned, so the organization must test it to see where it is weak, where instructions are confusing, and to identify problem areas so that the plan can be improved.
IMPORTANT WARNING: An organization should never, under any circumstances, conduct a surprise workplace violence incident exercise or drill where it depicts someone getting seriously injured or killed. To do so can subject the firm to tremendous liability because employees, unaware that it is a drill, could experience severe traumatic response that does not dissipate upon the subsequent announcement that it was just a drill.
Step Seven: Integration with Business Continuity Plan
The final step is to integrate the workplace violence response plan with the overall organization’s crisis response plan. It is necessary to emphasize this point since this article began by stating that workplace violence is a unique hazard that must be addressed in a unique manner. While this is true, the plan still needs to be congruent with and fit under the umbrella of the organization’s greater plan.
Despite the unique aspects of workplace violence, there are many areas that should be common to a firm’s response to crisis that integrate common methods and make wise use of the firm’s resources.
Keep in mind that while the plan must be comprehensive, it must also be actionable. A four-inch binder stuffed with 300 pages of narrative is not actionable. A succinct checklist is much better.
Remember the infamous words: “Those who ignore the mistakes of the past are doomed to repeat them.” When developing a workplace violence response plan, an organization should build on the successes of other agencies and organizations as well as learn from the mistakes those organizations made so it does not have to experience them. While we may not be able to prevent all incidents, we have no excuse for not being prepared to address them when they occur.
This article was originally published in 2004 and was updated August 9, 2017.