Incidents of violence in workplace settings happen all too
frequently. In March, for example, a gunman opened fire at a King Soopers
grocery store in Boulder, Colorado, killing 10 people including a local police
officer. In April, eight people were killed by a former employee in a shooting
at a FedEx Ground facility in Indianapolis. These tragedies serve as yet
another reminder of the critical need for every organization to develop
workplace violence prevention programs to provide a safe environment for
employees, customers and visitors.
Prioritizing violence prevention efforts is not only the
right thing to do, it is also required under the General Duty Clause of the
OSHA Act of 1970. In addition to compliance with hazard-specific standards, the
clause requires that all employers provide a work environment “free from recognized
hazards that are causing or are likely to cause death or serious physical
harm.” This unquestionably includes workplace violence.
Workplace violence leaves an indelible mark on an
organization, and can have a wide range of impacts to the enterprise and its
workers. These include both direct and indirect costs. Traumatized staff may
require counseling. They may feel unable to return to work “as usual,” and may
be less productive or leave the organization altogether. The negative publicity can also cause
reputation damage, and businesses may face OSHA fines and other penalties.
Given the volume of tragic incidents, preventing workplace
violence often seems like a daunting task. To help get started, OSHA breaks the
essential elements of a violence prevention program into five areas:
1. Management commitment and employee participation. Prevention
starts with management making a commitment to establishing and maintaining an
effective prevention program and ensuring employee participation. This should
include assigning responsibility for the various aspects of the prevention
program to ensure that all managers, supervisors and employees understand their
personal obligations. It also requires allocating the appropriate authority and
resources to all responsible parties. This not a single entity’s
responsibility, and should involve subject-matter experts, including risk and
legal counsel, human resources, security, occupational safety, emergency
management, business continuity, and communications or public relations.
2. Worksite analysis and hazard identification. Next,
the organization should conduct an objective assessment to determine the
current state of the prevention program, if one exists, and its effectiveness.
This should include:
- The potential risks for violence from internal
and external threats
- Whether the organization has prevention plans
and processes in place
- If there is a person or group responsible for
maintaining the plan
- Whether there is a threat management team
- How employees report incidents and concerns
- Whether the security technology currently in use
effectively screens and prevents unauthorized access
- If there is an effective emergency communications
program in place
- Whether employees know about behaviors that can
be indicators of impending violence
- Whether domestic violence incidents are reported
- Whether there are processes to identify warning
signs, such as threats, bullying, harassment, chronic unsubstantiated
complaints, erratic behavior, preoccupation with violent themes, and
expressions of homicidal or self-harm intentions
Review the required recordkeeping and evaluate whether the
organization effectively collects and analyzes data, and meets applicable legal
requirements and guidelines, including state laws and standards. To strengthen
the program, OSHA recommends that organizations seek independent reviewers,
such as safety and health professionals, law enforcement or security
specialists, and insurance safety auditors.
Assessments may identify gaps or opportunities for
improvements, which should be addressed and enhancements made with guidance
from subject-matter experts. Authorities that have jurisdiction to investigate
these incidents will check whether gaps were identified and mitigation plans
implemented. Organizations may be subject to large fines if they knew about
gaps but did not at least develop plans to address them.
When analyzing potential violent threats, some organizations
may find it easier to categorize them as internal or external. Internal
threats, such as those from employees or students, are sometimes easier to
detect and address. Organizations may need to do more to fulfill their
obligation to protect staff from external incidents, such as domestic terrorism
or violent visitors.
The organization’s risk profile drives the effective
engineering controls that are needed. For example, for health care
organizations, patients are the largest source of violence (80%), while
visitors account for 12%, and other unidentified persons and assailants make up
the remaining 8%. These threats drive the need for effective engineering
controls such as visitor and staff access control and visitor management
3. Hazard prevention and control. Organizations
should have security technology experts conduct a technical assessment of any
control and management system put in place. Be mindful, however, about whether
these contractors can be truly objective, as some may steer recommendations
toward their own products or outsourced services.
Organizations must also institute administrative controls
such as policies and procedures to manage security concerns. If there is a
complaint, investigators will review existing policies and procedures, and will
look for evidence that they are followed. Documentation is also important
because, as the saying goes: If it is not documented, it did not happen.
4. Safety and health training. Organizations usually
conduct staff training on policies and procedures at orientation and repeat it
periodically afterward. Strong training can make a tremendous impact in
reducing workplace violence. The most effective training programs are tailored
to the organization and focus on offering solid procedures to follow and
tactics to use, not just theory. To ensure better response to an actual incident
and help employees feel better equipped for risky situations, organizations
should also run exercises or drills, either tabletop or functional.
5. Recordkeeping and program evaluation. OSHA’s
recordkeeping regulations require employers to record certain workplace
injuries and illnesses. The OSHA Form 300 Log can be a valuable source of data
for establishing baseline injury and illness rates.
Documentation should include more than just logs of injuries
and illnesses, however. Records should provide detail on any investigations
initiated in response to complaints or incidents, as well as what specific
actions were taken to resolve the situation.