During the aftermath of any suspicious activity, emergency, hostile event, or disaster is a prime opportunity to examine organizational incident response procedures for any potential weakness. When weaknesses are identified, the solution may require a change in procedure, but many times will simply require more intentional training regarding established procedures – whether the procedures changed or not.
Over the past few months there have been several hostile events which organizations can draw from to assess their own security preparedness. Specifically, there were several incidents where effective training was credited for saving potentially hundreds of lives. Training is one element of the preparedness cycle and of an effective risk management program. Training is also a challenge for many organizations in terms of resources, time, ability, and effectiveness. However, well trained people and prepared organizations are better positioned to respond to events and potentially save lives, such as were the cases in the Walmart incidents in El Paso, Texas, and Springfield, Mo., as demonstrated by store employees and alert bystanders. In a time when threats are evolving daily, training is essential in fostering staff (and to some extent volunteers and visitors) who are alert, aware, and security-conscious. Effective training is also an important investment in people that benefits every organization and person in the long run.
Walmart embraces the training philosophy. Walmart employees undergo active shooter training during orientation and afterwards on computers four times per year. The company had done annual active shooter training until the Las Vegas attack in 2017, at which time they increased it to quarterly. Reassessing risks and preparedness are important to do periodically based on evolving threats and after notable events.
As exemplified in the above events, employees often represent the first line of defense, and in some physical security situations, they may be the first to make contact with a threat. Effective emergency preparedness means that everyone knows what to do when an event happens. The situation is already stressful, but lack of training will create confusion and add to the chaos. Regardless of organizational size or staff composition, every employee and volunteer has a role in the organizational security and preparedness plan.
Who to Train
Everyone – full-time, part-time, seasonal, organizational leadership, administrative, facility staff, volunteers and remote workforce. Every employee within an organization should be required to complete organization-wide mandated training. Faith-Based Organizations (FBOs) may also want to consider training members who regularly attend services, and potential higher-risk targets. With the number of attacks against FBOs during service hours, it is important for congregants to be aware of the emergency preparedness plan and what to do in exceptional circumstances. This should account for those with special needs or otherwise requiring assistance.
What to Train
“What to train” will vary for each organization and should be informed by the organization’s risk assessment, primary areas of concern, and available resources. Training focus could be broken into three phases or stages: mandatory/baseline, reinforcement, and enhanced.
General training for all staff. Many people may arrive at your organization with a baseline knowledge, but organizations should ensure general training is completed in accordance with each organization’s unique policies and procedures. Baseline training should be provided during the hiring/onboarding process before new staff are granted access to any physical or computer assets.
This builds upon Baseline Training and includes workplace training and refreshers at regularly scheduled intervals. This also represents training unique to a specific team or function within your organization and can be focused on a specific job or skill set.
Organizations need to critically assess and identify gaps in current training and provide opportunities for more specialized/advanced topics and training exercises. Through the assessment, you can identify gaps and propose solutions to leadership for consideration.
When to Train
Timeframes will vary, but the key is making training a routine part of the organization’s culture. It’s important to have a clearly established training calendar. Even if the organization uses online/automated training, it is still important to have training modules planned out to ensure staff completion. Ideally, this calendar will be part of a multi-year preparedness plan.
In the end, training does not take away from time on the job – safety and security directly impacts all jobs and should be required for all organizations. Some considerations for developing a training program:
- Leadership buy-in. Creating a culture of security must be demonstrated from the top.
- Tailorable. Training should be creative and tailorable to your specific organization and employees.
- Where appropriate, integrate online training. To promote accountability and comprehension, it is encouraged to incorporate short quizzes to reinforce key elements of training.
- Delegate responsibility. Make training an extra duty/responsibility “as assigned.” This will provide staff goals and additional criteria to evaluate performance.
- Integrate relevant topics and real-world examples. No one wants to sit through “death by PowerPoint.” Make training engaging by integrating real-world examples and inviting guest speakers.
- Lessons learned/after-action reviews. It’s important to identify successes and failures and adjust accordingly.
Jennifer Lyn Walker contributed to this report