This is the conclusion of my series on the Homeland Security Exercise and Evaluation Program (HSEEP), training and evaluation. You can read part 1 on how to form a threat assessment team here, and part 2 on different exercise types and how to conduct post-action reviews here. This week, we’re taking a look at a practical example of a threat assessment program.

Implantation of a Threat Assessment Program at Harris County Appraisal District (HCAD)

Glen Reed, the Security Manager at HCAD, has been tasked with implementation of a threat assessment program to mitigate potential workplace violence with full executive support. At present he has developed policies/procedures and identified a threat assessment team. The team consists of security, human resources and executive management. He has increased organizational awareness by utilizing internal communications to disseminate a flyer that details reportable behaviors and reportable crimes, and explains the threat assessment function and process.

The mission of the Security Management and Response Team (SMART) is “to maintain the overall health of the HCAD organization by providing employees, visitors and vendors with a safe environment.”

Reed explains that he has had no pushback during the beginning stages of implementation with full support across departments and from senior management. Gaining buy-in from key stakeholders is essential in the implementation and maintenance of a threat assessment program. Reed identifies the following as best practices in a threat assessment program:

  • Evaluate current and past behavior of subjects (use investigative databases as well as social media platforms like Facebook and Twitter).
  • Discover the unknown (you want to know what you don’t know), educate employees on matters of threat assessment and encourage employees to report (“see something, say something”).
  • Identify grievances that can potentially lead to the pathway of violence.
  • Understand the potential impact to the organization (how stakeholders are affected).

Due to the newness of the program, Reed has not implemented a training/exercise program to assess its capability and validate policies and procedures. By utilizing the HSEEP Framework Reed could develop a three-year training program that captures efforts of continuous improvement and program management.

A suggested course may be to hold seminars to increase awareness of employees about the threat assessment process as well as increase understanding of the behavioral management team’s internal function and duties. Increased awareness of the function maximizes reporting increasing the information available to the team to mitigate threats. Additionally, internal team members could be assessed in this stage to understand if they need specialized training to carry out threat assessment.

Sources of threat assessment training can be found at industry conferences of trade organizations like the Association of Threat Management Professionals (ATAP) or the American Society of Industrial Security (ASIS).

The next stage would be to assess or validate current policy through a tabletop. During a tabletop, careful consideration should be given to participants to ensure that all applicable stakeholders are present. This can be contingent on the capability and resources of the organization. For instance, some organizations may have dedicated security staff or mental health professions whereas some may not. In this case it may be necessary to invite outside resources for input. During the tabletop all stakeholders will gain confidence and appreciation for working together. Once the tabletop concludes an After-Action Report (AAR) should be drafted to capture all lessons learned and areas for improvement. Improvement Plans (IP) should be drafted to address each area for improvement, assigned for capability, and given a completion date.

As the program matures, operation drills could be considered to add realism. A tabletop allows stakeholders to talk through a process, but an operational drill adds actors that increase stress that would be more like a real life event. Threat assessment processes run from the initial report to case management. Intervention and monitoring are spread out across time, making it difficult to develop a functional exercise. One strategy in developing a functional exercise may focus on a specific time in the process then have breaks to move from one point in time to another. Much like after the tabletop exercise, an AAR and IP are drafted to capture lessons learned, and opportunities for improvement.


Threat assessment provides a strategy for mitigating violent acts. Program management and training/exercises are needed to validate organizational capability, policies and procedures. Documented efforts allow organizations to illustrate process and action to increase awareness, reporting and due care, decreasing both liability and possible violence. Additionally, capturing lessons learned and opportunities for improvement provide valuable information to executives ultimately making decision that fund these programs.