Current Issue

Incidents of violence in workplace settings happen all too frequently. In March, for example, a gunman opened fire at a King Soopers grocery store in Boulder, Colorado, killing 10 people including a local police officer. In April, eight people were killed by a former employee in a shooting at a FedEx Ground facility in Indianapolis. These tragedies serve as yet another reminder of the critical need for every organization to develop workplace violence prevention programs to provide a safe environment for employees, customers and visitors.

Prioritizing violence prevention efforts is not only the right thing to do, it is also required under the General Duty Clause of the OSHA Act of 1970. In addition to compliance with hazard-specific standards, the clause requires that all employers provide a work environment “free from recognized hazards that are causing or are likely to cause death or serious physical harm.” This unquestionably includes workplace violence.

Workplace violence leaves an indelible mark on an organization, and can have a wide range of impacts to the enterprise and its workers. These include both direct and indirect costs. Traumatized staff may require counseling. They may feel unable to return to work “as usual,” and may be less productive or leave the organization altogether.  The negative publicity can also cause reputation damage, and businesses may face OSHA fines and other penalties.

Given the volume of tragic incidents, preventing workplace violence often seems like a daunting task. To help get started, OSHA breaks the essential elements of a violence prevention program into five areas:

1. Management commitment and employee participation. Prevention starts with management making a commitment to establishing and maintaining an effective prevention program and ensuring employee participation. This should include assigning responsibility for the various aspects of the prevention program to ensure that all managers, supervisors and employees understand their personal obligations. It also requires allocating the appropriate authority and resources to all responsible parties. This not a single entity’s responsibility, and should involve subject-matter experts, including risk and legal counsel, human resources, security, occupational safety, emergency management, business continuity, and communications or public relations.

2. Worksite analysis and hazard identification. Next, the organization should conduct an objective assessment to determine the current state of the prevention program, if one exists, and its effectiveness. This should include:

  • The potential risks for violence from internal and external threats
  • Whether the organization has prevention plans and processes in place
  • If there is a person or group responsible for maintaining the plan
  • Whether there is a threat management team
  • How employees report incidents and concerns
  • Whether the security technology currently in use effectively screens and prevents unauthorized access
  • If there is an effective emergency communications program in place
  • Whether employees know about behaviors that can be indicators of impending violence
  • Whether domestic violence incidents are reported for monitoring
  • Whether there are processes to identify warning signs, such as threats, bullying, harassment, chronic unsubstantiated complaints, erratic behavior, preoccupation with violent themes, and expressions of homicidal or self-harm intentions

Review the required recordkeeping and evaluate whether the organization effectively collects and analyzes data, and meets applicable legal requirements and guidelines, including state laws and standards. To strengthen the program, OSHA recommends that organizations seek independent reviewers, such as safety and health professionals, law enforcement or security specialists, and insurance safety auditors. 

Assessments may identify gaps or opportunities for improvements, which should be addressed and enhancements made with guidance from subject-matter experts. Authorities that have jurisdiction to investigate these incidents will check whether gaps were identified and mitigation plans implemented. Organizations may be subject to large fines if they knew about gaps but did not at least develop plans to address them.

When analyzing potential violent threats, some organizations may find it easier to categorize them as internal or external. Internal threats, such as those from employees or students, are sometimes easier to detect and address. Organizations may need to do more to fulfill their obligation to protect staff from external incidents, such as domestic terrorism or violent visitors.

The organization’s risk profile drives the effective engineering controls that are needed. For example, for health care organizations, patients are the largest source of violence (80%), while visitors account for 12%, and other unidentified persons and assailants make up the remaining 8%. These threats drive the need for effective engineering controls such as visitor and staff access control and visitor management systems.

3. Hazard prevention and control. Organizations should have security technology experts conduct a technical assessment of any control and management system put in place. Be mindful, however, about whether these contractors can be truly objective, as some may steer recommendations toward their own products or outsourced services.

Organizations must also institute administrative controls such as policies and procedures to manage security concerns. If there is a complaint, investigators will review existing policies and procedures, and will look for evidence that they are followed. Documentation is also important because, as the saying goes: If it is not documented, it did not happen.

4. Safety and health training. Organizations usually conduct staff training on policies and procedures at orientation and repeat it periodically afterward. Strong training can make a tremendous impact in reducing workplace violence. The most effective training programs are tailored to the organization and focus on offering solid procedures to follow and tactics to use, not just theory. To ensure better response to an actual incident and help employees feel better equipped for risky situations, organizations should also run exercises or drills, either tabletop or functional. 

5. Recordkeeping and program evaluation. OSHA’s recordkeeping regulations require employers to record certain workplace injuries and illnesses. The OSHA Form 300 Log can be a valuable source of data for establishing baseline injury and illness rates.

Documentation should include more than just logs of injuries and illnesses, however. Records should provide detail on any investigations initiated in response to complaints or incidents, as well as what specific actions were taken to resolve the situation.

Lauris Freidenfelds is senior project manager for Telgian Engineering & Consulting, responsible for the project management of complex projects, focusing on security and emergency management. His 40+ years of experience include extensive knowledge of operational security, technology and emergency management programs. And, as a former director of security and emergency preparedness for a major metropolitan healthcare system, he has direct experience with emergency management personnel and operations. These include planning, organizing, and directing security programs and activities, as well as the development and coordination of disaster preparedness plans, the mitigation of, preparation for, and recovery from hazards and disasters.