How to Build a School Threat Assessment Team in 30 Days

By Warren Pulley, CrisisWire Threat Assessment Expert

Most schools create threat assessment teams after a crisis forces action. By then, it's too late—the incident has already occurred, lawsuits are filed, and administrators scramble to demonstrate they're "taking safety seriously."

The schools that prevent violence establish threat assessment teams before they're needed. Having implemented these programs across K-12 districts and universities serving 40,000 students, I've refined the process to 30 days from authorization to operational capability.

This isn't theoretical planning. When the Choctaw Nation needed threat assessment expertise for their Head Start facilities, they didn't wait months for committee meetings. They implemented evidence-based protocols immediately—the same frameworks I detail in my Threat Assessment Handbook.

Here's your 30-day roadmap to establish a functional threat assessment team using Secret Service methodologies proven to prevent targeted school violence.

Week 1: Foundation and Team Selection

Day 1-2: Secure Administrative Authorization

Action: Present the superintendent or principal with a one-page proposal explaining why threat assessment teams are required, not optional.

Key points:

• The Secret Service research shows 93% of school attackers communicated their intentions beforehand

• Without assessment teams, these warning signs go unaddressed

• Legal liability increases when schools fail to act on known threats

• Federal guidelines recommend multidisciplinary threat assessment teams

What you need: Written authorization establishing the team's authority to assess concerns, coordinate interventions, and access student records as permitted by FERPA.

Day 3-5: Identify Core Team Members

The comprehensive approach I detail in The Prepared Leader requires five essential roles:

1. Administrator (Team Leader)

• Authority to implement safety measures immediately

• Typically assistant principal or dean of students

• Makes final decisions on case management actions

2. Mental Health Professional

• School psychologist or counselor

• Assesses concerning behavior vs. mental health symptoms

• Coordinates treatment resources

3. Law Enforcement Liaison

• School resource officer or local police contact

• Investigates criminal concerns

• Provides threat assessment training background

4. Legal Counsel Representative

• District attorney or compliance officer

• Ensures due process protections

• Advises on FERPA, Title IX, and disability law implications

5. Security or Safety Coordinator

• Facilities manager or security director

• Implements physical security measures

• Coordinates emergency response protocols

Critical requirement: Team members must have protected time for assessment duties. This isn't an "additional duty as assigned"—it requires dedicated hours weekly.

Day 6-7: Establish Operating Protocols

Document these five protocols:

1. Reporting mechanism: How staff, students, and parents report concerns

2. Initial screening: Who conducts preliminary assessment of reports

3. Full team convening criteria: Which concerns trigger full team meetings

4. Information sharing: What data can be accessed under FERPA exceptions

5. Documentation standards: How assessments are recorded and stored

Template available: My published research on school threat assessment includes operational protocols that comply with federal guidelines.

Week 2: Training and Framework Implementation

Day 8-10: Conduct Secret Service Framework Training

Your team needs structured methodology, not intuition. The FBI's Making Prevention a Reality provides the foundation used nationwide.

Core training elements:

• Threat vs. warning behavior distinction

• Pathway to violence stages (ideation → planning → implementation)

• Risk factor assessment (grievance, capability, intent)

• Protective factor identification (support systems, intervention opportunities)

• Case management decision trees

Training options:

• FEMA courses: IS-906, IS-907

• CrisisWire consultation: crisiswire@proton.me

• Video training: Behavioral Threat Assessment Fundamentals

Day 11-12: Create Assessment Tools

You need four standardized instruments:

1. Initial concern report form: What information must be collected when threats are reported

2. Behavioral checklist: Structured evaluation of warning signs and risk factors

3. Interview guide: Questions for subjects of concern, witnesses, family members

4. Case management plan template: Intervention strategies, monitoring protocols, success metrics

The frameworks I developed during campus safety operations—detailed in Campus Under Siege—provide ready-to-implement templates rather than building from scratch.

Day 13-14: Establish Information Sharing Agreements

Legal requirement: Document what information can be shared under FERPA's "health and safety emergency" exception.

Agreements needed with:

• Local law enforcement for background checks and threat intelligence

• Mental health providers for treatment coordination

• Parents/guardians for student welfare collaboration

• Court systems for protective order notifications

Common mistake: Assuming FERPA prohibits all information sharing. The law allows sharing when legitimate safety concerns exist—but you must document the justification.

Week 3: Operational Launch and Faculty Training

Day 15-17: Conduct Faculty Briefing

Your entire staff needs to know:

• The threat assessment team exists and has administrative backing

• How to report concerning behavior (anonymous tip line, direct contact, online form)

• What happens after reports are made (timeline, confidentiality, feedback)

• What behaviors require immediate reporting vs. general monitoring

Training approach: 60-minute faculty meeting covering the seven warning signs detailed in my research—fixation on violence, leakage, pathway behaviors, isolation, grievance, weapon access, and concerning digital footprints.

Critical message: "If you see something concerning, report it. We'll assess whether it's a threat. Your job is observation, not investigation."

Day 18-19: Launch Student Reporting Systems

Multi-channel approach:

• Anonymous tip line (monitored 24/7 during school year)

• Online reporting portal (accessible from mobile devices)

• "See Something, Say Something" posters in hallways

• Trusted adult identification for direct reporting

When ABC7 documented the security systems I tested at Valley Vista High School, reporting mechanisms were integrated with physical security—because prevention requires both behavioral assessment and protective barriers.

Day 20-21: Coordinate with Community Resources

Build partnerships before crises:

• Local mental health providers for crisis intervention

• Juvenile services for case management support

• Community organizations for family assistance

• Hospital emergency departments for psychiatric evaluation access

Goal: When your team identifies a student requiring immediate mental health intervention, you know exactly who to call and they're expecting your contact.

Week 4: First Cases and System Refinement

Day 22-24: Conduct Practice Scenarios

Before handling real cases, run tabletop exercises:

Scenario 1: Student posts social media content referencing school shooting with countdown timer

Scenario 2: Teacher reports student essay describing detailed violence fantasies

Scenario 3: Peer reports student showing weapon photos and making vague threats

What you're testing:

• Can team members convene within 24 hours?

• Does everyone understand their role?

• Are assessment tools effective?

• Do information-sharing agreements work?

• Can you reach parents/guardians quickly?

Adjust protocols based on what fails during exercises, not after real incidents expose gaps.

Day 25-27: Handle Initial Cases

Start with low-level concerns to build team confidence:

• Student making generalized angry statements

• Concerning artwork without specific threats

• Behavioral changes after family crisis

Document everything:

• Initial concern details

• Assessment process and findings

• Intervention strategies implemented

• Monitoring plan and timeline

• Resolution or ongoing case status

The case management protocols in Locked Down: The Access Control Playbook integrate behavioral assessment with physical security measures—because some cases require both counseling support and temporary access restrictions.

Day 28-30: Review and Improve

Team debrief covering:

• What worked during first cases?

• What took longer than expected?

• What information was missing?

• What resources are needed?

• What additional training would help?

Immediate adjustments: Revise assessment tools, reporting forms, or protocols based on real-world application. Your team won't be perfect on day 30—but it will be operational and improving.

Common Implementation Mistakes

Mistake #1: Waiting for consensus Threat assessment teams require administrative authorization, not unanimous faculty approval. Some staff will resist any security measures. Launch anyway.

Mistake #2: Creating teams without authority Teams that can only "recommend" actions to administrators who may or may not act are useless. Your team needs authority to implement interventions immediately.

Mistake #3: Lacking dedicated time Team members with "whenever they have time" assignments never have time. Protect 5-10 hours weekly for case management.

Mistake #4: Focusing only on high-risk cases Most referrals won't be serious threats. But low-level cases build assessment skills and community trust that enables effective response when high-risk situations arise.

What Happens After Day 30

Month 2-3: Build capability

• Handle increasing case volume

• Refine assessment tools based on experience

• Expand community partnerships

• Track outcomes and prevention metrics

Month 4-6: Establish credibility

• Faculty see that reported concerns are taken seriously

• Students trust that tips lead to help, not punishment

• Parents recognize the team as resource, not adversary

• Administration sees prevention outcomes justifying resources

Year 2+: Continuous improvement

• Annual training updates incorporating new research

• Protocol revisions based on case reviews

• Integration with emergency response planning

• Regional collaboration with other schools' teams

My research on implementing threat assessment programs demonstrates that teams operational within 30 days prevent more violence than those spending months in planning paralysis.

Get Started Now

This week: Present this 30-day framework to your superintendent or principal. Emphasize that every day without an operational threat assessment team is a day your school lacks the capability to assess and manage behavioral threats.

Need consultation? CrisisWire provides implementation support for districts establishing threat assessment programs. Email crisiswire@proton.me or visit bit.ly/crisiswire for:

• Team training and exercises

• Assessment tool customization

• Legal compliance review

• Case management protocols

• Emergency consultation for active concerns

Free resources:

• CrisisWire Blog for implementation guides

• Workplace Violence Prevention Training adaptable to school settings

Your school doesn't need months to establish prevention capability. You need 30 days, administrative commitment, and evidence-based frameworks proven to stop violence before it starts.

Don't wait for tragedy to force action. Start building your threat assessment team today.

About Warren Pulley

Warren Pulley is a CrisisWire Threat Assessment Expert with 40 years of experience spanning the U.S. Air Force, LAPD, Baghdad Embassy Protection operations, and campus safety programs.

Featured in ABC7 Los Angeles and NPR's LAist for his expertise in school security systems, his methodologies are detailed in five published books including The Prepared Leader, Threat Assessment Handbook, and Campus Under Siege.

His research is available at Academia.edu.

Connect: LinkedIn | Twitter/X | Instagram | Facebook | Quora