How to Create a Workplace Violence Prevention Plan That Works

A workplace violence prevention plan is not a binder for the audit shelf. It is the operating document that tells managers, employees, HR, and security how the organization will reduce the likelihood of an incident, respond if one occurs, and recover afterward. Most plans fail in the same way: they list policies without naming owners, they assume training will happen without scheduling it, and they treat security as a reaction rather than part of prevention. This guide walks HR directors and safety officers through what a workplace violence prevention plan actually needs to contain, who should build it, and how professional security fits into the structure.

Why most workplace violence prevention plans underperform

The United States Bureau of Labor Statistics has tracked workplace homicides for years, and the patterns are consistent. In one published workplace homicides factsheet , BLS reported 458 workplace homicides in a single year, with the largest assailant categories being robbers and co-workers or work associates. Beyond fatalities, nonfatal assaults drive tens of thousands of lost-time injuries annually. The data point matters because it shapes plan design. A plan written only around the active-shooter scenario misses the much larger volume of risk: armed robbery in customer-facing roles, escalating conflict between coworkers, and intimate-partner violence that follows an employee onto the worksite.

A useful prevention plan addresses all of these. It also accepts that prevention is a program, not a document. Calendars, drills, refresher training, periodic risk reassessment, and clear escalation paths are what convert the policy into operating practice.

Start with the OSHA four-type framework

The Occupational Safety and Health Administration organizes workplace violence into four categories, and naming them in the plan keeps the program from drifting into the single-scenario trap. Each type calls for different controls.

• Type I, criminal intent. The perpetrator has no legitimate relationship to the business. Robbery of a retail counter, late-night convenience store assault, and warehouse intrusion fall here.
• Type II, customer or client. The perpetrator is a customer, patient, student, or other client of the business. Healthcare, education, social services, and public-facing roles see the most Type II exposure.
• Type III, worker on worker. The perpetrator is a current or former employee who attacks coworkers or supervisors. Layoff disputes, harassment escalations, and unresolved interpersonal conflict are common precursors.
• Type IV, personal relationship. A spouse, partner, or relative of an employee enters the workplace to commit violence. Intimate-partner violence frequently spills across the work boundary.

A plan that addresses only one of the four leaves systematic gaps. The risk assessment process described later in this guide should produce a profile for each type that is relevant to your operation.

Build around the NIOSH five program components

The National Institute for Occupational Safety and Health, the research arm of the CDC, has long published a five-part structure that practitioners reuse because it works. Any written plan should map to these five components:

1. Management commitment and worker participation. Senior leadership signs the plan, names accountable owners, and funds the program. Workers participate in hazard identification and review.
2. Worksite analysis and hazard identification. The organization maps where, when, and how violence is most likely to occur, including incident history, near-miss reports, and physical site conditions.
3. Hazard prevention and control. Engineering controls (lighting, visibility, access), administrative controls (staffing levels, cash-handling rules, opening and closing procedures), and behavioral controls (de-escalation, conflict resolution policy) reduce exposure.
4. Safety and health training. Every employee receives baseline training. Managers and team leads receive additional content on warning signs, reporting paths, and response.
5. Recordkeeping and program evaluation. Incidents, near-misses, complaints, and training completions are documented. The program is reviewed at least annually and after every reportable incident.

The five components are not a checklist completed once. They cycle. Worksite analysis informs control selection, training operationalizes the controls, recordkeeping feeds the next analysis. A plan that does not show this loop on paper rarely runs it in practice.

Assemble a threat assessment team

A workplace violence prevention plan that works has a standing cross-functional team responsible for it, not a single overworked HR generalist. Most organizations build the team from five seats:

• HR leadership, as program owner and the keeper of employee records and policy interpretation.
• Safety or facilities, for the physical site, OSHA exposure, and engineering controls.
• Legal counsel, for documentation standards, restraining order coordination, and termination risk.
• Executive sponsor, typically a C-level or VP who can authorize spending and policy changes.
• Security advisor, either an internal director of security or a contracted partner such as Cascadia Global Security, providing operational input on physical controls, response protocols, and officer deployment.

In organizations with employee assistance programs or behavioral health resources, a clinician or EAP coordinator should also sit on the team or be available on call. The clinical role is critical because the threat assessment team does not investigate or diagnose. It coordinates information, evaluates risk, recommends controls, and routes individuals to the appropriate professional resource.

The team meets on a defined cadence (monthly is common) and convenes ad hoc when a credible threat is reported. Decisions are documented. Turnover on the team is anticipated, and onboarding for new members is part of the plan.

Run a structured risk assessment

The first deliverable of the threat assessment team is a current-state risk assessment. The assessment looks at the operation in three layers.

People

Who interacts with whom, under what conditions, and where do those interactions carry elevated risk? Frontline employees handling money, public-facing customer service teams, healthcare staff dealing with distressed patients, and night-shift workers in isolated locations carry different exposures. Review the past 24 to 36 months of incident reports, workers' compensation claims, security reports, and employee complaints for patterns.

Place

Physical site analysis covers lighting, line of sight, parking lots and garages, single-employee work areas, access control at entries, and post-incident sheltering options. Industries with elevated Type I or Type II exposure, retail, healthcare, multifamily housing, and parking facilities, typically warrant a walkthrough conducted with a security professional. For organizations with multiple locations, the assessment is repeated at each site rather than generalized from the headquarters.

Process

How are staffing levels set during high-risk windows? What is the cash-handling protocol? How are terminations conducted, and is security coordinated? What is the policy on visitors, contractors, and former employees on the premises? Process gaps are often where prevention plans fail in audit even when the physical site is reasonable.

The National Safety Council's workplace violence resources provide a useful starting framework for the risk assessment categories that a general-industry plan should cover, and the four NIOSH-aligned categories map cleanly to the OSHA typology already in this article.

Write the policy components

A written prevention plan should include, at minimum, the following sections. Length is less important than clarity about ownership and procedure.

• Statement of commitment from senior leadership.
• Definitions of covered conduct, including verbal threats, intimidation, harassment, physical assault, and weapons on premises.
• Scope, covering employees, contractors, vendors, visitors, and customers as appropriate.
• Reporting procedure. Multiple channels (manager, HR, anonymous hotline, security) with the explicit policy that no employee is required to report through their direct supervisor if the supervisor is the source of concern.
• Investigation and response. Who is notified, who leads, what interim protective measures are available (transfer, schedule change, escort, leave of absence).
• Consequences and disciplinary framework, written in conjunction with legal counsel.
• Confidentiality and non-retaliation protections.
• Resources for affected employees: EAP, counseling referrals, victim assistance.
• Coordination with law enforcement, including the criteria that trigger a 911 call versus a non-emergency referral.
• Recovery and continuity, covering post-incident operations, communications, and return-to-work planning.

The policy should be reviewed by counsel before publication and refreshed at least every 24 months or after a material incident.

Train at three levels and on a real cadence

A training program that lives only in onboarding is not a training program. Effective plans deliver content at three levels with documented refresher intervals.

• All-employee awareness training. Warning signs of escalating behavior, reporting procedures, the response protocol (often a run-hide-fight variant adapted to the worksite), and an introduction to the resources available. Annual refresher is the common cadence.
• Manager and supervisor training. Adds documentation expectations, escalation paths, conflict resolution, and termination protocols. Semi-annual or annual.
• Threat assessment team training. Deeper content on warning indicators, structured assessment tools, coordination with law enforcement, and tabletop exercises. Quarterly review of recent cases is common in larger organizations.

Tabletop exercises with local law enforcement, run annually, surface gaps that classroom training cannot. The cost is low and the operational value is high.

Where professional security fits in prevention

Officers and security programs play a defined role in a prevention plan, and the role is narrower than many leaders assume. Trained officers contribute through visible deterrence, observation and reporting, controlled access at entries, response coordination, and post-incident documentation. They are not investigators of employee conduct, they are not clinicians, and they are not termination personnel. Those responsibilities sit with HR, legal, and behavioral health providers.

That clarity is what makes the security layer effective. An unarmed guard at a lobby checkpoint changes who can walk into a workplace unannounced. A mobile patrol on a defined route through a multi-building campus or after-hours warehouse shifts the risk profile for late-shift workers. Armed security is appropriate for higher-risk environments such as cash-handling operations, pharmaceutical distribution, or executive protection contexts where the risk assessment supports it.

For corporate and commercial office environments, the role often centers on access control, visitor management, and coordinated response to elevated threats identified by the assessment team. In healthcare , multifamily housing , retail , hospitality , and warehouse and distribution settings, the deployment model adjusts to the dominant violence type in each sector. Coordination with off-duty law enforcement is appropriate for higher-risk events, terminations of concern, or transitions where additional sworn presence is justified.

Document everything

Documentation is the component most often missed. The prevention plan, training rosters and dates, incident reports, near-miss reports, threat assessment team meeting minutes, risk assessment outputs, and after-action reviews together form the record that an OSHA inspector, insurance carrier, or plaintiff's counsel will request. They are also what allows the program to improve. Patterns that are not written down do not get analyzed. The recordkeeping system can live in an HR information system, a dedicated EHS platform, or a structured shared drive, as long as access is controlled and retention complies with legal counsel's guidance.

What this means for HR and safety leaders

A workplace violence prevention plan that works is the product of a standing team, a current risk assessment, written policy with clear ownership, training delivered on a real cadence, and a security layer scoped to its appropriate role. Plans built in isolation by a single department, or written once and shelved, will not produce the operational outcomes the organization needs. Plans built around the OSHA four-type framework and the NIOSH five-component structure, with documentation that supports continuous improvement, will.

For organizations refining or rebuilding their plan, the local operating context matters. Threat patterns in a Seattle distribution center, a Chicago commercial property , or a Seattle business will differ in detail even when the framework is identical.

Bringing in a security partner

Cascadia Global Security supports HR directors, safety officers, and facilities leaders building or refreshing workplace violence prevention plans across multiple markets. The work typically begins with a site assessment, alignment on the security role within the broader plan, and a deployment model scaled to the risk profile of the operation. Officers contribute deterrence, observation, access control, and coordinated response, while the clinical, HR, and legal components of the plan stay with the internal team and its specialist partners.

To start the conversation about how a security layer should fit into your prevention plan, request a quote or call (800) 939-1549.

Frequently Asked Questions

What is a workplace violence prevention plan?

A workplace violence prevention plan is a written program that defines how an organization identifies, reduces, and responds to violence at work. It maps to OSHA's four-type framework (criminal intent, customer or client, worker on worker, and personal relationship) and to the NIOSH five-component structure covering management commitment, worksite analysis, hazard control, training, and recordkeeping.

Who should be on the threat assessment team?

The threat assessment team usually includes HR leadership, safety or facilities, legal counsel, an executive sponsor, and a security advisor. An employee assistance program coordinator or behavioral health clinician supports the team for individual assessments. The team coordinates information and recommends controls. It does not investigate misconduct or provide clinical care.

How often should the plan be reviewed?

The plan should be reviewed at least annually and after any reportable incident. Training is refreshed on a documented cadence: annual for all employees, semi-annual or annual for managers, and quarterly review of cases for the threat assessment team. The risk assessment is rerun when the operation changes materially or every 24 months at a minimum.

What is the role of security in a prevention plan?

Security officers provide visible deterrence, controlled access, observation and reporting, and coordinated response. They document incidents and support law enforcement coordination. They do not lead investigations of employee conduct, perform clinical assessment, or carry out terminations. Those responsibilities sit with HR, legal counsel, and behavioral health providers.

Does OSHA require a written workplace violence prevention plan?

OSHA does not have a single federal standard mandating a written plan for all employers, but the General Duty Clause requires employers to provide a workplace free from recognized hazards. Several states have additional requirements, and industries such as healthcare face sector-specific guidance. Consult legal counsel for the requirements that apply to your operation and jurisdictions.