Those who work in security are well aware that violence in the workplace is one of those risks that can pose a threat to the safety of employees or visitors to their facility. After all, no industry is immune from this hazard. Some, may however, be less familiar with how the issue impacts industries outside their own.

It’s informative – even surprising – to see just how widespread this threat continues to be.

All industries are not created equal when it comes to the incidence of violence in the workplace. The National Institute for Occupational Health and Safety (NIOSH) states that the industries with the highest incidence rates of workplace violence are social services (14 assaults per 100 employees) and health service workers (9 assaults per 100 employees). The national average is 1.8 assaults per 100 full-time equivalent workers. This data is likely underreported due to what NIOSH describes as a persistent perception within the industry that assaults are part of the job.

According to Bryan Warren, CHPA, president of IAHSS (International Association for Healthcare Security and Safety) and senior manager of Corporate Security at Carolinas Healthcare Systems, a variety of reasons account for the elevated risk to healthcare facilities. Foremost among these is the nature of the workplace itself: hospitals, especially emergency rooms, are open to the public 24/7, and they offer particular allure by way of availability of drugs and/or money.

He adds that waiting rooms and other common areas can attract gang members, drug or alcohol abusers, trauma patients or distraught family members, as well as frustrated clients. The mounting number of mentally ill patients being released from hospitals without adequate follow-up care and the ever-increasing use of hospitals by police and the criminal justice system to provide healthcare to forensic prisoners also contribute to the elevated statistics for this particular sector.

How can a security professional for an at-risk workplace such as a healthcare facility best protect those who work in and utilize the facility from violent incidents and their aftermath? According to the Joint Commission’s 2010 Sentinel Event Alert on preventing violence in a healthcare setting, prevention strategies begin with a risk assessment to identify all the things that can go wrong and creating a plan to address them. The Commission cites several industry resources, including IAHSS Guidelines for developing a security management plan, addressing security training, conducting investigations, and identifying areas of high risk. (Industry Guidelines are available at

Warren advises, “Be sure Human Resources has a strong workplace violence protocol in place. It can be part of an all-hazards procedure which calls for a response that ramps up as your threat escalates.” He recommends that a multidisciplinary committee, including representatives from security, draft the facility’s guidelines and procedures. Moreover, violence management training is key: “Every employee who has any patient contact should have at least some training on how to identify potentially violent individuals and de-escalation strategies.”

Although certain industries attract more than their share of workplace violence, its characteristics affect every sector of business. The hazard has been defined by the Department of Labor as “violent acts directed towards a person at work or on duty.” There need not be actual physical contact: it can include threats of assault, harassment, intimidation or bullying.  So the Department’s classifications of workplace violence situations apply pretty well universally:

•  Criminal: The perpetrator has no legitimate relationship to the workplace or its employee and essentially is committing a crime in conjunction with the violence (i.e. robbery).

•  Customer or Client: The perpetrator has a legitimate relationship with the business and becomes violent while being served (ie. customers, clients, patients, students, inmates, etc).

•  Co-Worker: The perpetrator is an employee or past employee of the business and attacks or threatens another employee.

•  Domestic Violence: The perpetrator, who has no legitimate relationship with the business but has a relationship with the intended victim, threatens or assaults the intended victim at the workplace.

Warren points out that while patient-on-staff incidents constitute the leading category of violence in healthcare facilities, the sites are not immune from the other categories, such as employee vs. employee violence. He notes the recent instance of an employee at a Connecticut hospital who shot two of his supervisors after a disciplinary incident. The hospital went into lockdown for a period of time after the incident. Warren cites the annual Crime Survey conducted among members of IAHSS as providing helpful benchmarks regarding the nature and trends of criminal and violent incidents such as these.

Some types of risks of workplace violence appear to be less industry specific.

Domestic violence often rears its ugly head, regardless of the sector or venue: as NIOSH points out on its website, one out of every four American women report physical abuse by an intimate partner sometime in their lifetime:  “Domestic violence doesn’t stay home when its victims go to work. It can follow them to the workplace…[it] includes all types of behavior that affect a person’s ability to perform a job.” NIOSH concludes that it’s a certainty that in any mid- to large-sized company, domestic violence is affecting its employees.

Richard Sem, CPP CSC, president of Sem Security Management in Lake Geneva WI, agrees. Sem, whose business provides security and workplace violence consultations to companies in the manufacturing industry, among others, points out that because manufacturers don’t deal directly with the public as much, they don’t face the same violence exposure and liabilities resulting from outside visitors and customers as, say a healthcare institution. On the other hand, he says, manufacturers do face a very real risk of certain categories of workplace violence, especially worker-on-worker (Co-Worker category) and domestic spillover (Domestic Violence.)

Sem advocates that manufacturers put in place a detailed workplace violence program including the elements of prevention, mitigation, response and recovery. Much of what he advises mirrors the recommendations regarding prevention programs for the healthcare industry. In designing such a program, both Sem and Warren urge employers to train their employees to recognize the warning signs for violence, including potential spillover of domestic violence, and to include violence as part of their emergency and crisis plans. Procedural and physical security measures should be reassessed to ensure they address true risks and vulnerabilities. This should include a threat management process to plan for safely managing problematic triggering events such as layoffs and terminations. Developing a working liaison in advance of any incident with local law enforcement officials can pay big dividends in responsiveness, as does having a plan – communicated in advance – to keep people safe during worst case scenarios.

In a third sector, that of education, the risks of violence are more in the nature of the Customer or Client category, as detailed above. Violence finds its way into the schools through student-on-student forms of harassment, bullying and minor assaults; and in rare instances, serious assaults and homicide. According to Larry Borland, President of the National Association of School Safety and Law Enforcement Officials, creating a place where children feel welcomed, respected and loved has the effect of creating trust between adults and children; and where there is trust, there is communication.

Borland emphasizes the importance of creating a positive school environment where bullying, harassment and violence will not be tolerated. This requires that students feel comfortable in bringing situations to the attention of a trusted adult who will then act upon the information. Says Borland, “After almost 20 years in education security, I can say that the vast majority of weapons we find are because a student comes to a caring, trusted adult and tells them about their concern.” He continues, “Similarly, if a student is acting strangely, making threats against himself or others, it is almost always a student who brings the situation to the attention of an adult.”

Once the adult has the information, there must be clear guidelines about reporting and acting on the information. He cites the Family Education Rights and Privacy Act, which allows for the sharing of information with law enforcement authorities for the purpose of preventing violence and keeping students safe. Guidelines should include actions to be taken to keep students safe, and also deal with the aftermath, including collecting witness statements, fair and firm discipline where called for, and providing the student with support services as needed.

What these examples from three disparate industries share, along with the risk of workplace violence, is recognition of the importance of having a comprehensive, clearly communicated plan in place to deal with it. This, they all agree, provides the best strategy to keep everyone safe – whether students at school, employees at a manufacturing plant, or patients in hospital. And once you’ve adopted such a protocol, Warren advises, “Drill on the plan throughout the year. Make sure you have learned lessons, and that you’ve improved upon any weaknesses.”

The International Association for Healthcare Security and Safety (IAHSS) is the only organization solely dedicated to professionals involved in managing and directing security and safety programs in healthcare institutions. For more information on IAHSS, please visit Contributors to the article were also Larry Borland, Chief of Security and Transportation Services at Academy School District 20 in Colorado, and Richard Sem, CPP, CSC, President of Sem Security Management.

Spillover: When Workplace Violence Spreads Into the Public Domain

By Steven C. Millwee, CPP

Steven C. Millwee, CPP
An employee draws a gun on his manager during a routine termination for ongoing tardiness. He fires, misses and flees from the facility. The gunman is on the lam, the building is on lockdown, and the police are on their way. What role and responsibility, if any, do the Chief Security Officer and the organization itself have for warning the public, now that the “spillover” from the workplace has moved onto the street? 

Conventional thinking would have one believe that the incident has become a police matter. Yet the violence began on company property, and the spillover effect puts the public at risk. Forward-thinking CSOs and executives plan for a myriad of workplace-violence contingencies, but few have assessed the spillover effects of crimes and thus they have not developed associated strategies to prevent the loss of life, public trust and brand image.


Preparation, Policy and Prevention

Enterprises have increasingly focused on preventing workplace violence, especially by disgruntled workers and armed robbers. However, disgruntled-employee violence remains the rarest of work-related violence. Workplace homicide rates fell by seven percent in 2010 and have declined more than 50 percent from the high reported in 1994. These latest numbers seem to show that external-related violence prevention, such as armed robbery, is working. However, one out of four violent crimes occur at work and can easily spill over into the public, regardless if the perpetrator is an employee or outsider.

Security executives must assess the types of spillover crimes that can negatively impact the enterprise. Though experts and organizations commonly address disgruntled employees and their potential for violence, there has been less emphasis on third-party, domestic, and other types of violent crime. Though organizations dealing with cash, such as convenience stores, late-night businesses, restaurants and cabs have been identified as high-risk targets, any enterprise may face random acts of violence.

Developing preemptive relationships with law enforcement and medical first responders is a basic security principal. Some organizations only interact with law enforcement in response to a crime, yet most law enforcement agencies have crime-prevention officers who will visit companies to recommend steps to prevent crime. Documenting crime-prevention inspections and recommendations, and then integrating those recommendations, becomes essential during litigation.

One example of how such cooperation works comes from a hundred-year-old company, which had decided to build its new headquarters on its existing location in a densely populated, crime-ridden southern Florida neighborhood. Over a 12-month period, external security cameras were repeatedly broken, customer and employee vehicles were stolen from within enclosed security fences, several employees were robbed at gunpoint, and numerous windows and doors were shot out. The bullet-riddled building looked like it was in a war zone. Employees were afraid to come to work despite the use of bulletproof glass and the placement of security officers inside and outside the premises. As drug deals, police sirens and violent crime rates grew, executives began to look for safer facilities, though that would have meant abandoning a $40-million building that had strong community ties and employed the law-abiding citizens that lived in the neighborhood.

The company hired an independent security expert with a diverse background in law enforcement, violent crime and corporate, physical and personnel security. After conducting a comprehensive security assessment and gaining the support of company leadership, the expert met with the chief of police and his executive team. The expert offered the police department use of 2,000 square feet of unused space at the company’s facility for the enticing lease of $1 per year. Offices, Internet access, break rooms with big-screen TVs, reclining chairs, kitchen amenities and catered meals were highlighted in the presentation. Today, around 25 to 100 police personnel are at the business 24/7. Since the sub-station was completed, there has not been a single crime, act of violence or related incident on company property. The police and the community have embraced the innovative teamwork between business and law enforcement. Company leadership found the cost of providing these amenities far better than the alternative. Moreover, the firm solidified its positive brand image by investing in the community.

Having a crisis response kit (CRK) ready is another important tool, especially when police are responding to a crime-in-progress, hostage situation, armed robbery or active-shooter report. A CRK contains blueprints, employee lists with updated photographs, wireless access codes to remote controlled security cameras and systems, secure and off-site digitalized HR, and other sensitive records that may help mitigate harm to the public and first responders. An important aspect of the CRK is to identify and prepare a command center. Automated cellular warning systems can notify employees and neighboring directors of security that participate in a mutual aid association or “business watch” team. Law enforcement involvement in developing the CRK and command center location will integrate them in your security strategy. Moreover, the CRK will prove a valuable exhibit during depositions and trial in the aftermath of such incidents.


Crisis Incident and Investigation Management

Waiting for a crisis to hit before organizing a media strategy will prove disastrous. Teams should pre-develop various media releases for a variety or risks, from workplace shootings to natural disasters. Public relations and media security experts should conduct exercises to hone crisis management skills. Many companies put executives to the test with rapid-fire questions under the glare of lights and cameras. This allows the CEO and head of PR to identify key executives with the talent, composure and experience to deliver the right message the right way. By having done some forward thinking, the trained media representative will avoid potential legal landmines or misstatement of facts about a workplace situation and instead can offer compassion for those killed, injured or impacted. The company will garner their customers’, coworkers’ and community’s support because they avoided the “no comment syndrome” while still protecting the enterprise’s legal interests.

Obtaining statements by independent, expert workplace violence investigators under the guidance of legal counsel is also essential. Whether statements are documented with court reporters, video or audio, they should be taken contemporaneous to the event since memories fade and may become contaminated by the statements of others or by media coverage. Moreover, locking down witness testimony before a lawsuit mitigates terminated or disgruntled employees from suffering from selective memory.

Senior management must also work to avoid a knee-jerk reaction. Often the manager who failed to lock the safe during a robbery receives immediate termination. However, firing employees should be postponed until the independent investigation by legal counsel and their experts is completed. Premature termination without documentation only gives plaintiffs’ attorneys a treasure trove of witnesses who felt abandoned by their employer when they were also victims of the crime. Though termination may be necessary on a case-by-case basis, consider protecting the enterprise from litigation by taking preemptive statements. An act of mercy today avoids a hostile witness in the courtroom tomorrow. The terminated employee often becomes a plaintiff himself with claims of failure to warn, negligent training, negligent security, post-traumatic stress disorder and other claims that may be covered under workers’ compensation laws.

During the crisis, even when it spills over into public places, the role of corporate security and leadership does not end once law enforcement assumes control.

Security professionals are a strong resource to law enforcement commanders. HR, PR, IT and other employees can provide invaluable information to law enforcement, such as the physical descriptions of suspects, vehicles, employees-versus-suspect offenders, locations of suspects and technology infrastructures that can help mitigate risks or resolve the incident more quickly. The company’s policy during this phase should be to act as a cooperative “good corporate citizen” that transfers decisions to the authorities. Security stands down, except when directed otherwise by law enforcement or it has been predetermined during the policy-development phase. Security does not share the same protections afforded to law enforcement and the company must avoid putting security officers or other personnel in harm’s way.

The role of law enforcement is the apprehension and prosecution of those believed responsible for criminal offenses. Though a company may have similar goals, it must also consider the potential claims of civil liability and should conduct a separate, independent investigation. Premises liability, negligent security, failure to warn and negligent hiring and supervision are just of few of the tort claims often litigated in the aftermath of criminal activity. These risks increase exponentially when violence spills over into public places.


Future-Focused Prevention

Portions of the U.S. military have adopted a unique program for future-focused crime prevention. Vendor employees, among those seeking ongoing access to military bases, must qualify not once, but again every year and every three months to qualify for the military RAPIDGate program. “They realize that a person may be convicted of a crime after initially being approved for access, which can only be detected through ongoing re-investigative due diligence,” says Jim Robell, one of the innovators of the program.

“Knowing who we hire and allow access to, while ensuring transparency and accuracy, is the new standard in hiring and risk avoidance,” says Raymond Humphrey, CPP, and past president of ASIS International. “An innovative new system allows applicants to see their report background reports at the same time as the employer. They are able to authenticate the report or identify any errors before the hiring decisions are made. This system mitigates, if not eliminates, EEOC and FCRA claims that have resulted in multi-million dollar settlements and class-action lawsuits,” says Humphrey. Accurate background screening with recurring vetting is invaluable for preventing workplace violence and spill-over crime.

Forward-thinking security leadership is critical to any enterprise. Every CSO should insist on developing valuable prevention, intervention, crisis-action policies and training programs today to mitigate the risks of tomorrow.


About the Author

Steven C. Millwee, CPP, is an expert witness with more than 34 years of experience testifying in high-profile cases. Millwee invented and patented iReviewNow, which protects employers from EEOC and FCRA litigation. Formerly with the FBI and a former unsolved murder detective, he is president and CEO of SecurTest, Inc., a background-screening provider for the U.S. Military and other government branches. In 2002 he served as president of ASIS International. He can be reached at