The Missing Link in Every Workplace Violence Prevention Program

A written workplace violence prevention program satisfies regulators. It does almost nothing to stop an attack. The gap between the two is behavioral threat assessment: the discipline of noticing, reporting, and acting on the concerning behaviors that precede nearly every act of targeted workplace violence, months before the policy binder is ever opened.

What Is a Workplace Violence Prevention Program, and Why Isn’t Compliance Enough?

A workplace violence prevention program is a written plan, required by law in California and recommended everywhere else, that defines how an employer identifies, reports, investigates, and responds to violence risk. Under California’s SB 553, every covered employer must maintain one, complete with a violent incident log, hazard evaluation procedures, and documented training. California’s Occupational Safety and Health Standards Board is required to formally adopt its general industry standard no later than December 31, 2026, with enforcement expected to follow closely behind, according to the California Department of Industrial Relations.

That deadline is why most companies currently building a program are focused on the document. Names and titles of responsible parties. Reporting procedures. A training log. All of it defensible in an audit, none of it aimed at the actual mechanism of violence.

The federal data on where violence in the workplace originates is unambiguous about the mismatch. Over the 2023–2024 period, private industry recorded 78,340 nonfatal violent-act cases resulting in days away from work, restriction, or job transfer, an annualized rate of 3.7 per 10,000 full-time workers with a median of 11 days lost per incident, according to the Bureau of Labor Statistics. Those numbers describe outcomes. A compliance plan describes paperwork. Neither one, on its own, describes the person of concern six weeks before the incident, which is where prevention actually happens.

What Warning Signs Does Behavioral Threat Assessment Actually Catch?

Behavioral threat assessment catches the pattern of observable behavior that precedes violence: not a single red flag, but a cluster of them building over time. The FBI’s Behavioral Analysis Unit, studying active shooter incidents between 2000 and 2013, found that attackers displayed an average of four to five concerning behaviors observable to others before they acted, most frequently tied to deteriorating mental health, breakdowns in interpersonal relationships, and “leakage” (the intentional or unintentional disclosure of violent intent).

None of those signals show up on an OSHA log. A previously engaged employee who abruptly withdraws from colleagues. A grievance that calcifies into fixation rather than fading. A divorce or custody dispute that HR already knows about but never flags to security. Individually, each looks like an HR matter, a performance issue, or none of the company’s business. Assessed together by a team trained to connect them, they form a recognizable pathway. The FBI’s follow-on report on threat management found that people of concern are roughly 16 times more likely to escalate toward violence when they display these behaviors to bystanders who never intervene, according to the FBI Behavioral Analysis Unit’s findings as reported by ASIS International’s Security Management magazine. The absence of intervention, not the absence of warning, is usually the failure point.

Why Do HR and Security Operate in Separate Silos, and What Does That Cost?

HR and security operate in separate silos because their systems were never built to talk to each other, and that separation is precisely what lets warning signs go unconnected. HR holds the personnel history: the disciplinary record, the leave-of-absence pattern, the exit interview nobody escalated. Security holds the incident data: the access anomaly, the parking lot altercation, the visitor who won’t leave. A functioning threat assessment program needs both data sets in the same room, evaluated by the same team, on a recurring cadence, not reconstructed after the fact during an incident review.

In the assessments we run for mid-market clients rebuilding their workplace violence program from scratch, the finding that surprises HR leaders most isn’t a missing policy. It’s that three or four people across the organization each held one piece of a pattern that, assembled, would have qualified for intervention months earlier. No process existed to assemble it.

This is also where a compliance-driven build tends to stall. A workplace violence prevention program gets written to satisfy the statute, then filed. What’s actually needed is a standing, cross-functional team with defined intake, evaluation, and escalation authority, the kind of structure ASIS International’s forthcoming Workplace Violence Prevention and Intervention Standard, open for public comment through July 2026, is attempting to formalize industry-wide.

What Does the SB 553 Deadline Mean for Employers Outside California?

The SB 553 deadline is a California-specific mandate, but it functions as a national preview: it is the clearest signal yet that regulators expect behavioral threat management, not just a policy document, to sit underneath workplace violence compliance. California Labor Code section 6401.9 took effect July 1, 2024, and the Occupational Safety and Health Standards Board must adopt a corresponding general industry standard by the end of this year.

No other state currently mandates a program with this level of specificity. That will not last. Multi-site employers with any California footprint are already building their programs to the SB 553 standard rather than maintaining two versions, and a handful of other states have workplace violence legislation moving through committee. Waiting for a home-state mandate to force the issue is a bet against the direction every serious regulatory and insurance body is currently heading.

Who Should Own Your Workplace Violence Prevention Program?

Ownership belongs with a named, credentialed individual who has both the security judgment to assess threat severity and the standing to pull HR, legal, and facilities into a room on short notice — not a shared responsibility scattered across departments that each assume someone else is watching. Most mid-sized organizations don’t have a full-time chief security officer role to give that person, and building one for this purpose alone rarely pencils out.

A fractional chief security officer engagement solves that gap directly: an experienced security executive who builds the threat assessment structure, trains the intake team, and stays accountable for the program’s effectiveness, not just its paperwork, without the cost of a full-time hire. Pairing that leadership with structured workplace threat and vulnerability assessment work and formal workplace violence prevention plan development and training turns a compliance document into an operating program. For the behavioral indicators HR teams are best positioned to catch first, see our related analysis on behavioral early-warning indicators in workplace violence prevention.

Executive Takeaway

In the next 30 days, name one accountable individual for your workplace violence prevention program and give that person explicit authority to convene HR, security, and legal on short notice. Audit whether your current program exists only as a document or functions as a standing behavioral threat assessment process — most fall into the first category. If you cannot say who reviewed a concerning-behavior report in the last 90 days, you don’t have a program. You have a policy.

Frequently Asked Questions

What should be included in a workplace violence prevention program? An effective program includes a written policy, a named responsible party, reporting and investigation procedures, a violent incident log, and recurring training. Beyond the required elements, it needs a standing cross-functional team empowered to evaluate reported concerns and intervene before behavior escalates — the piece most compliance-only plans omit entirely.

Is a workplace violence prevention plan legally required? Yes, in California, where SB 553 requires nearly all employers to maintain a written plan as of July 1, 2024. No federal mandate currently exists, though OSHA’s general duty clause obligates every U.S. employer to maintain a workplace free of recognized hazards, which increasingly includes violence risk.

What’s the difference between a workplace violence policy and a behavioral threat assessment program? A policy is a document describing procedures and responsibilities. A behavioral threat assessment program is the operational practice of identifying, evaluating, and intervening on specific individuals showing concerning behavior. Employers frequently have the first without the second, which limits the policy’s practical effect.

Who should be responsible for workplace violence prevention at a company? A named, credentialed security leader with cross-departmental authority should own the program, supported by a threat assessment team spanning HR, legal, and facilities. Diffusing ownership across departments without a single accountable leader is one of the most common reasons programs fail during an actual incident.

How do you identify warning signs of workplace violence before an incident occurs? Warning signs cluster rather than appear in isolation: withdrawal from colleagues, fixation on a grievance, deteriorating mental health, and leakage of violent intent. FBI research found active shooters displayed an average of four to five such behaviors beforehand, which is why cross-functional reporting matters more than any single indicator.

Does workplace violence prevention training actually reduce risk? Training reduces risk when it teaches employees to recognize and report specific behavioral patterns, not just policy awareness. Programs that stop at “know your emergency exits” leave the behavioral detection gap wide open; programs that train managers and HR to recognize and escalate concerning behavior close it.

Building or auditing a workplace violence prevention program that goes beyond the compliance document requires the kind of judgment a checklist can’t provide. Read Outsourced. Exposed. Out of Time. for a fuller look at where security programs are structurally exposed, and what closing that gap requires.


Sources

Sign up!

For industry-leading guides and analysis sign up for our blog below.

  • This field is for validation purposes and should be left unchanged.

Latest News

A female face with binary code and facial recognition patterns on her face to represent facial recognition and autonomous security robots for business security 2026
Facial Recognition and Autonomous Security Robots for Business: The Real Conversation Security Leaders Should Be Having in 2026
You sat through your last security briefing feeling conflicted. The technology sounds impressive. Everyone says adoption is coming. But something felt off. Here's the honest truth: technology adoption without strategy is just ...
Read More
Group of protesters holding signs demanding climate action - commercial security strategy can help reduce or eliminate the impact of protests and civil disruption
When Protests Go Local: What Civil Unrest in 2026 Will Demand of Commercial Security Strategy
In December, Verisk Maplecroft published its annual Civil Unrest Index with a clear projection: 2026 will be more disruptive for property and political-violence insurers than 2025 was. The judgment was based on ...
Read More
corporate travel risk
The New Geography of Corporate Travel Risk: What Summer 2026 Demands of Executive Travel Programs
Summer travel season begins this year in a measurably more hostile global environment than it did even twelve months ago. In February, Willis Towers Watson reported that threats to individuals or client ...
Read More
Mature manager meeting with warehouse worker to discuss supply chain security procedures
The New Anatomy of Supply Chain Risk: 2025’s Lessons for Corporate Security Leaders
In 2025, organized criminals stole an estimated $725 million in cargo across the United States and Canada — a 60% increase over the prior year. The number of theft incidents barely moved. ...
Read More
An engineer and the safety team walking a construction site discussing risk awareness and executive protection
When the Hardest Target Isn’t Hard Enough: Executive Protection Lessons from the Correspondents’ Dinner Attack
On the evening of April 25, a 31-year-old California man with a master's degree in computer science, no criminal record, and no detectable history of political extremism walked through a Washington, D.C. ...
Read More
women's history month employee spotlight feature four leaders from Chesley Brown
Women in Security: Empowering the Future of Risk Leadership
Security leadership doesn’t look like it did ten years ago. Today’s environments move faster, threats cross boundaries, and reputational damage can spread before an incident report is even written. The job is ...
Read More
Security lessons for Businesses in 2025 and 2026
Top 10 Security Lessons Businesses Learned in 2025
Written by: James Hart Companies face an ever-evolving series of security threats, making contingency planning and preparedness essential. One of the best ways to improve security is by learning from past incidents. ...
Read More
Silhouettes of Two business Professionals taking about a physical security strategy
Maximizing Value and Resilience in Physical Security: A C-Suite Guide for Multi-Asset Organizations Facing Emerging Threats and Higher Costs
Written by: Max Briggs Physical security used to be a straightforward operational line item—gates, guards, cameras, and access control. Today, it’s a board-level function tied directly to risk, resilience, tenant satisfaction, and ...
Read More
Stacy Stockton - Corporate Director of Business Development
Employee Spotlight: Stacy Stockton
At Chesley Brown, we believe people are our greatest asset and that starts with bringing on team members who are passionate about protecting what matters most. We’re proud to welcome Stacy Stockton ...
Read More
Holiday theft prevention: A young family holiday shopping
Black Friday Security Playbook: How Retailers Can Prevent Holiday Crime
Written By: James Hart The holiday shopping season isn’t just the most important time of year for retailers. It’s also when their risk of theft shoots up. In 2023, retailers saw a ...
Read More
Outsourced. Exposed. Out of Time.