The Complete 2025 Guide to Building a Behavioral Threat Assessment Team (With Free Templates)

By Warren Pulley, BTAM Certified | CrisisWire Threat Management Solutions

Every organization faces a critical question: How do we identify and manage individuals who may pose a threat before violence occurs?

The answer isn't more cameras, stronger locks, or armed guards—though these have their place. The answer is a structured, multidisciplinary Behavioral Threat Assessment Team (BTAM Team or Threat Assessment Team) that can identify concerning behaviors, evaluate risk levels, and coordinate intervention before threats escalate to violence.

After 40 years protecting lives across nuclear weapons facilities, Los Angeles streets, Baghdad's combat zone, and university campuses—and now helping organizations nationwide establish threat assessment capabilities—I can state unequivocally:

Organizations with functional threat assessment teams prevent violence. Organizations without them react to it.

The difference between tragedy and near-miss is almost always whether someone recognized warning signs and whether the organization had systems in place to act on those warnings effectively.

This comprehensive guide provides everything security directors, HR leaders, and organizational executives need to build, train, and operate effective behavioral threat assessment teams in 2025.

Why Every Organization Needs a Threat Assessment Team

The statistics paint a sobering picture of workplace and institutional violence in America:

Workplace Violence: Two million workers experience workplace violence annually, costing U.S. businesses over $130 billion. Homicide is the third-leading cause of fatal occupational injuries. Yet 48% of incidents go unreported until it's too late.

School Violence: Active shooter incidents continue occurring despite billions spent on security infrastructure. The FBI's research consistently shows that perpetrators engage in observable pre-attack behaviors—pathway to violence indicators that threat assessment teams are specifically designed to identify.

Campus Violence: Universities face unique challenges managing diverse populations with complex mental health needs, free speech protections, and limited authority over adults. Campus safety programs require sophisticated threat assessment capabilities that balance security with educational mission.

Healthcare Violence: Healthcare workers face violence rates significantly higher than other sectors. Hospital security programs must address threats from patients, visitors, and occasionally staff.

Corporate Insider Threats: Malicious insiders, negligent employees, and compromised accounts cause 34% of data breaches, costing organizations an average of $17.4 million annually. Traditional security measures designed for external threats often miss internal ones.

The common thread? Violence is rarely sudden or unpredictable. Perpetrators typically exhibit warning signs—behavioral indicators that trained professionals can recognize and act upon before violence occurs.

Threat assessment teams provide systematic frameworks for:

• Receiving and triaging concerning behavior reports

• Investigating and evaluating threats

• Coordinating multidisciplinary response

• Implementing and monitoring interventions

• Documenting decisions for legal defensibility

Organizations without these capabilities operate reactively, responding to incidents rather than preventing them. Organizations with effective threat assessment teams operate proactively, identifying and managing threats before they materialize.

Understanding the BTAM Framework

Before building a team, understanding the behavioral threat assessment and management framework is essential. BTAM represents evidence-based methodology developed through decades of research by the FBI, Secret Service, Department of Homeland Security, and academic institutions.

Core BTAM Principles

Principle #1: Violence is a Process, Not an Event

Perpetrators don't suddenly "snap." They move along a pathway to violence involving:

• Grievance development (perceived injustice requiring action)

• Ideation (thinking about violence as solution)

• Research and planning (studying targets, methods, previous attackers)

• Preparation (acquiring weapons, conducting surveillance, rehearsing)

• Breach (approaching target, testing security)

• Attack (executing violence)

Threat assessment teams intervene at early stages—ideation or planning—before situations become critical. My book The Prepared Leader explores these pathway dynamics in detail, providing frameworks for recognition and intervention.

Principle #2: Behavior is Observable and Reportable

Unlike profiling (which relies on demographic characteristics), threat assessment focuses on behavior. People planning violence engage in observable activities: research, communication of intent, preparation, boundary testing. These behaviors can be seen, reported, and investigated.

Creating cultures where people report concerns requires training, clear procedures, and organizational commitment to act on reports appropriately.

Principle #3: Threats Are Investigable and Manageable

Most situations involving concerning behavior don't require criminal intervention. Many involve individuals experiencing personal crises, mental health challenges, or situational stressors requiring support rather than punishment.

Effective threat assessment teams coordinate appropriate responses: mental health services, conflict resolution, academic accommodations, workplace modifications, security measures, or when necessary, law enforcement involvement.

Principle #4: Multidisciplinary Collaboration Is Essential

No single discipline possesses all expertise required for effective threat assessment. Security professionals understand protection measures. Mental health clinicians understand psychological dynamics. HR professionals understand employment law. Legal counsel ensures policy compliance. Effective teams integrate these perspectives.

Essential Team Member Roles and Responsibilities

Successful threat assessment teams require specific functional roles. While team size and composition vary by organizational type and size, certain core functions are essential.

Core Team Members

1. Team Chair/Coordinator

The team chair provides leadership, coordinates meetings, ensures follow-through on decisions, and maintains accountability. This role typically resides with:

• Universities: Dean of Students, Director of Campus Safety, or VP of Student Affairs

• K-12 Schools: Principal, Assistant Principal, or School Counselor

• Corporations: Security Director, Chief Security Officer, or HR Director

• Healthcare: Security Director, Risk Manager, or Chief Safety Officer

Responsibilities:

• Schedule and facilitate team meetings

• Ensure timely case reviews

• Coordinate information gathering

• Track interventions and outcomes

• Maintain case documentation

• Report to senior leadership

• Ensure legal compliance

The chair doesn't need to be the subject matter expert on every issue—they need strong organizational and leadership skills to coordinate multidisciplinary collaboration effectively.

2. Mental Health Professional

Clinical expertise is crucial for assessing psychological factors, evaluating mental health conditions, recommending treatment options, and determining whether individuals pose genuine threats or require support services.

Qualifications: Licensed psychologist, psychiatrist, clinical social worker, or licensed professional counselor with experience in threat assessment, violence risk assessment, or forensic psychology.

Responsibilities:

• Assess psychological state and stability

• Evaluate suicide risk (self-harm often precedes or accompanies violence toward others)

• Recommend mental health interventions

• Coordinate treatment referrals

• Provide duty-to-warn guidance

• Advise on fitness-for-duty evaluations

• Help distinguish concerning behavior from protected disabilities

Organizations without in-house mental health professionals can contract with external clinicians or Employee Assistance Programs (EAPs) for consultation.

3. Security/Law Enforcement Representative

Security professionals provide protective measures expertise, investigative capabilities, emergency response coordination, and connections to law enforcement agencies.

Qualifications: Security director, campus police chief, corporate security manager, or liaison to local law enforcement with training in threat assessment, protective intelligence, or investigative procedures.

Responsibilities:

• Conduct security investigations

• Assess protective measure needs

• Coordinate emergency response plans

• Maintain law enforcement relationships

• Implement security interventions (access restrictions, monitoring, protection details)

• Evaluate weapon access concerns

• Advise on criminal conduct thresholds

My background investigating violent crimes with LAPD and protecting diplomats in Baghdad under daily threat taught me that security professionals must balance vigilance with proportionality—not every threat requires law enforcement intervention, but teams need expertise to make those determinations.

4. Human Resources Representative

HR professionals provide employment law expertise, personnel records access, policy enforcement authority, and coordination of workplace accommodations or disciplinary actions.

Qualifications: HR director, HR business partner, or employee relations specialist with knowledge of employment law, ADA, FMLA, workers' compensation, and disciplinary procedures.

Responsibilities:

• Provide personnel history and performance information

• Advise on employment law compliance

• Coordinate fitness-for-duty evaluations

• Implement workplace accommodations

• Manage disciplinary actions or terminations

• Coordinate leave management

• Interface with legal counsel on employment matters

HR's role is particularly critical in workplace violence prevention programs where employment law intersects with security concerns.

5. Legal Counsel

Legal expertise ensures threat assessment activities comply with constitutional rights, privacy laws, employment regulations, education statutes, and organizational policies while managing liability exposure.

Qualifications: Attorney with expertise in education law (for schools), employment law (for workplaces), or general counsel familiar with institutional operations and liability concerns.

Responsibilities:

• Advise on legal compliance (FERPA, HIPAA, ADA, Title VII, constitutional rights)

• Review threat assessment policies and procedures

• Guide information sharing decisions

• Advise on duty-to-warn obligations

• Manage subpoenas and legal proceedings

• Ensure documentation standards

• Limit institutional liability

Legal counsel may not attend every team meeting but should be accessible for consultation on complex cases involving legal questions.

Additional Team Members (As Needed)

Student/Academic Affairs Representative (Higher Education): Provides insight into student behavior, academic performance, campus resources, and Title IX issues. Essential for university threat assessment teams managing student cases.

Facilities/Physical Plant Representative: Offers building security expertise, access control knowledge, and implementation capability for physical security measures.

IT/Cybersecurity Representative: Addresses digital threats, monitors concerning online behavior, advises on electronic evidence, and implements technology-based security measures—increasingly important given insider threat trends.

Union Representative (Unionized Workplaces): Ensures collective bargaining agreement compliance and maintains labor relations during threat assessment investigations involving union members.

Public Relations/Communications Representative: Manages internal and external communications during crisis situations, coordinates media response if incidents occur.

Step-by-Step Implementation Guide

Building an effective threat assessment team requires systematic planning and implementation. Here's the proven process I've used helping organizations nationwide establish these capabilities.

Phase 1: Foundation Building (Weeks 1-4)

Step 1: Secure Executive Sponsorship

Threat assessment teams require organizational commitment and resources. Begin by educating senior leadership about:

• Violence prevention benefits and ROI

• Legal liability for foreseeable violence

• Industry best practices and regulatory requirements

• Resource requirements (time, personnel, training, systems)

Present a business case using your organization's specific risk profile. Schools emphasize student safety and regulatory compliance. Corporations focus on employee protection and business continuity. Healthcare facilities highlight worker safety and patient care quality.

Step 2: Establish Governance Structure

Document the team's:

• Authority: What decisions can the team make autonomously? What requires leadership approval?

• Scope: What populations does the team assess (employees, students, visitors, contractors)?

• Reporting Structure: To whom does the team report? How often?

• Resources: What budget exists for training, consultation, interventions?

Create a formal charter or policy establishing the team's legitimacy and authority. Without clear governance, teams lack mandate to operate effectively.

Step 3: Identify Team Members

Select individuals with:

• Relevant professional expertise

• Good judgment and emotional intelligence

• Ability to maintain confidentiality

• Commitment to regular participation

• Respect across the organization

Diversity in perspectives strengthens teams—avoid homogeneous groups that reinforce biases. Include representatives from different departments, backgrounds, and disciplines.

Phase 2: Policy and Procedure Development (Weeks 5-8)

Step 4: Develop Threat Assessment Policy

Create comprehensive policy addressing:

• Purpose and scope

• Team composition and roles

• Reporting procedures

• Assessment methodology

• Intervention options

• Documentation requirements

• Confidentiality and information sharing

• Legal compliance framework

My Threat Assessment Handbook provides detailed policy templates and implementation guidance based on proven frameworks.

Step 5: Create Standard Operating Procedures

Document specific procedures for:

• Intake: How are reports received? Who screens them? What constitutes reportable behavior?

• Triage: How quickly must different threat levels be assessed? What criteria determine urgency?

• Investigation: What information is gathered? From what sources? Who conducts investigations?

• Assessment: What risk evaluation tools are used? How are threat levels determined?

• Intervention: What responses are available? Who implements them? How is compliance monitored?

• Documentation: What records are maintained? How are they stored? What are retention periods?

• Case Closure: What criteria justify closing cases? What follow-up occurs post-closure?

Standard operating procedures ensure consistency, reduce liability, and facilitate training of new team members.

Step 6: Address Legal and Compliance Requirements

Work with legal counsel to ensure policies comply with applicable laws:

Educational Institutions:

• FERPA (Family Educational Rights and Privacy Act)

• Clery Act reporting requirements

• Title IX sexual misconduct protocols

• ADA reasonable accommodation obligations

• State-specific student privacy laws

Workplaces:

• OSHA General Duty Clause

• ADA disability discrimination protections

• Title VII civil rights compliance

• State workplace violence prevention laws

• Union collective bargaining agreements

Healthcare:

• HIPAA protected health information

• Joint Commission safety standards

• CMS conditions of participation

• State healthcare security regulations

Legal compliance frameworks vary by sector—generic policies often miss critical requirements.

Phase 3: Training and Capacity Building (Weeks 9-12)

Step 7: Provide Team Training

All team members require comprehensive training in:

Behavioral Threat Assessment Fundamentals:

• Warning signs and risk factors

• Pathway to violence concept

• Assessment vs. prediction

• Risk vs. protective factors

• Evidence-based methodologies

Investigation Techniques:

• Information gathering methods

• Interview protocols

• Evidence evaluation

• Documentation standards

Legal and Ethical Considerations:

• Privacy law compliance

• Constitutional rights

• Duty to warn obligations

• Liability management

Intervention Strategies:

• Mental health referrals

• Conflict resolution

• Security measures

• Crisis management

• Case monitoring

Training should combine classroom instruction with case study analysis, role-playing exercises, and tabletop scenarios. Teams need both knowledge and practical application skills.

Organizations can access training through:

• University programs (several universities offer BTAM certification)

• Professional associations (ATAP - Association of Threat Assessment Professionals)

• Consulting firms like CrisisWire providing customized organizational training

• Government agencies (FBI, Secret Service, DHS offer training resources)

• Online courses and certifications

Step 8: Train the Broader Organization

Threat assessment teams can't identify threats they don't know about. Organization-wide training creates reporting cultures:

All Staff Training (Annual):

• What is behavioral threat assessment?

• Warning signs of potential violence

• How to report concerns

• What happens after reports are made

• Confidentiality and protection from retaliation

Supervisor/Manager Training (Enhanced):

• Recognizing concerning employee/student behaviors

• Initial response to threats or concerning behavior

• Documentation requirements

• When to involve threat assessment team

• Performance management vs. threat assessment

Specialized Training:

• Front desk/reception staff: Recognizing and responding to concerning visitors

• IT staff: Identifying concerning digital behavior

• Residence life staff (universities): Recognizing student distress

• Security staff: Initial threat response protocols

I've delivered workplace violence prevention training to thousands of employees across diverse sectors. The consistent finding: education increases reporting, improves intervention timing, and strengthens organizational safety culture.

Phase 4: Operations Launch (Week 13+)

Step 9: Establish Meeting Rhythms

Determine meeting frequency:

• Standing Meetings: Weekly or bi-weekly for ongoing case reviews

• Emergency Meetings: As-needed for urgent threats requiring immediate attention

• Quarterly Reviews: Program evaluation and continuous improvement

Create meeting protocols:

• Standard agenda format

• Case presentation structure

• Decision documentation process

• Action item tracking

Consistency in operations builds team effectiveness and ensures nothing falls through cracks.

Step 10: Implement Case Management System

Document every case systematically:

• Initial report details

• Investigation findings

• Risk assessment conclusions

• Intervention decisions and rationale

• Monitoring activities

• Case outcomes

Case management systems serve multiple purposes:

• Operational: Track ongoing cases and action items

• Legal: Document decision-making for liability protection

• Analytical: Identify trends and program effectiveness

• Continuous Improvement: Learn from past cases

Systems range from secure spreadsheets to specialized threat assessment software platforms—choose based on organizational size, complexity, and budget.

Risk Assessment Frameworks and Tools

Effective threat assessment requires structured evaluation methodology—not intuition or gut feelings. Several evidence-based frameworks guide assessment:

Risk Factor Analysis

Teams evaluate presence and significance of known risk factors:

Dynamic Risk Factors (Changeable):

• Recent loss or grievance

• Mental health deterioration

• Substance abuse escalation

• Social isolation increase

• Fixation on targets

• Communications suggesting intent

• Research into violence or weapons

• Preparation activities

• Boundary violations

Static Risk Factors (Historical):

• Prior violence history

• Weapons training or access

• Previous threat assessment history

• Criminal record

• Childhood abuse or trauma

Protective Factors (Risk Mitigators):

• Strong social support systems

• Employment stability

• Positive relationships

• Mental health treatment engagement

• Insight into their situation

• Effective coping strategies

• Reasons for living

Risk assessment is never simple arithmetic—multiple risk factors don't automatically equal high threat. Context matters. Professional judgment informed by structured analysis produces best results.

Threat Level Classification

Most teams use three or four-level classification systems:

Four-Level System:

• Low: Behavior concerning but minimal indicators of violence risk; monitoring sufficient

• Moderate: Some concerning indicators present; investigation and basic interventions warranted

• High: Multiple serious indicators present; intensive intervention and monitoring required

• Imminent: Immediate danger exists; emergency response activated

Three-Level System:

• Level 1: Minor concerns; monitoring and basic support

• Level 2: Significant concerns; formal intervention required

• Level 3: Serious/imminent threat; intensive response needed

Classifications guide response intensity but aren't rigid—teams can escalate or de-escalate as situations evolve.

Structured Professional Judgment

The gold standard in threat assessment combines:

• Evidence-Based Risk Factors: Research-validated indicators

• Structured Assessment Tools: Consistent evaluation framework

• Professional Expertise: Clinical and investigative judgment

• Contextual Analysis: Situation-specific considerations

This approach outperforms both unstructured clinical judgment (too subjective) and purely actuarial tools (too rigid) in violence risk assessment.

Intervention Strategies and Case Management

Identifying threats accomplishes nothing without effective intervention. Teams need diverse response options matching threat levels and individual circumstances.

Intervention Options

Mental Health Interventions:

• Voluntary counseling referrals

• Mandatory fitness-for-duty evaluations

• Crisis mental health services

• Psychiatric hospitalization (emergency)

• Ongoing treatment monitoring

• Medication management coordination

Support Services:

• Employee assistance programs

• Financial counseling

• Substance abuse treatment

• Conflict mediation

• Academic support services

• Housing assistance

Workplace/Educational Modifications:

• Schedule changes

• Location transfers

• Duty reassignments

• Academic accommodations

• Reduced workload/coursework

• Leave of absence

Security Measures:

• Enhanced monitoring

• Access restrictions

• Protective orders

• Security escorts

• Threat subject notification

• Law enforcement involvement

• Emergency response planning

Administrative Actions:

• Performance improvement plans

• Disciplinary actions

• Suspension or administrative leave

• Termination or dismissal

• No-contact orders

• Persona non grata designations

Effective teams use least restrictive interventions likely to manage risk while supporting individuals in crisis. Punitive responses often escalate situations—therapeutic interventions frequently resolve them.

My experience establishing campus safety programs taught me that most concerning student behaviors stem from mental health crises or situational stressors, not malicious intent. Compassionate intervention prevents violence while supporting individual wellbeing.

Case Monitoring

Intervention without monitoring risks situations deteriorating undetected. Monitoring includes:

Compliance Verification:

• Is individual attending counseling as required?

• Are medications being taken as prescribed?

• Are no-contact orders being followed?

• Are work/academic modifications effective?

Behavioral Observation:

• Has concerning behavior decreased?

• Have new risk factors emerged?

• Is individual engaging positively with interventions?

• Have protective factors strengthened?

Regular Case Reviews:

• Weekly for high-risk cases

• Monthly for moderate-risk cases

• Quarterly for low-risk cases

• As-needed for any status changes

Assign specific team members responsibility for monitoring activities—don't assume someone else is handling it.

Case Closure Criteria

Cases can be closed when:

• Threat indicators have resolved

• Individual has stabilized

• Protective factors are strong

• Sufficient time has passed without incident

• Individual has left the organization/institution

• Risk has been transferred (e.g., individual incarcerated)

Even closed cases may require post-closure monitoring if individuals remain in the organization. Consider creating "closed-monitoring" status for periodic check-ins without active intervention.

Common Challenges and Solutions

Every organization faces obstacles implementing threat assessment teams. Here are common challenges and proven solutions:

Challenge #1: "We Don't Have Resources for This"

Solution: Threat assessment teams use existing personnel performing threat assessment functions as part of broader roles. Start with core team (security, HR, mental health, legal) meeting monthly. Expand as capacity grows.

The question isn't whether you can afford threat assessment capabilities—it's whether you can afford the liability, tragedy, and costs of preventable violence.

Challenge #2: "People Won't Report Concerns"

Solution: Create reporting cultures through:

• Comprehensive training on warning signs

• Multiple reporting channels (phone, email, online forms, in-person)

• Anonymous reporting options

• Clear protection from retaliation

• Visible follow-up on reports (while maintaining appropriate confidentiality)

• Leadership modeling—when executives take threat assessment seriously, others follow

Challenge #3: "Legal/Privacy Laws Prevent Information Sharing"

Solution: FERPA, HIPAA, and other privacy laws contain emergency exceptions allowing information sharing to prevent imminent harm. Work with legal counsel to understand when information sharing is permitted—often more than people assume.

Document legal bases for information sharing decisions. Train team members on privacy law requirements. Err toward protection of potential victims when genuine emergency exists.

Challenge #4: "We Don't Have Mental Health Expertise"

Solution: Contract with external mental health consultants or EAP providers for case consultation. Many organizations can't justify full-time threat assessment psychologists but can afford per-case consultation fees.

Alternatively, partner with local mental health agencies, university counseling centers, or private practitioners willing to provide consultation services.

Challenge #5: "Team Members Don't Have Time"

Solution: Emphasize that threat assessment prevents more time-consuming crises. Position team participation as risk management reducing future emergencies.

Gain explicit leadership support for team member participation. Include threat assessment responsibilities in position descriptions. Recognize and reward participation.

Challenge #6: "How Do We Handle Requests for Threat Assessment Team Formation?"

Solution: Document decisions to decline cases with rationale. Not every concerning behavior warrants threat assessment team involvement—establish clear thresholds.

Create screening/triage process where designated individual (often team chair) reviews reports and determines whether full team review is needed. This reduces burden while ensuring appropriate cases receive attention.

Legal Considerations and Liability Protection

Threat assessment involves significant legal considerations. Teams must balance multiple obligations:

Duty to Warn vs. Confidentiality

Mental health professionals have ethical obligations to maintain client confidentiality. However, most jurisdictions recognize "duty to warn" or "duty to protect" exceptions when clients pose serious threats to identifiable victims.

The landmark Tarasoff v. Regents of University of California case established that mental health professionals must take reasonable steps to protect foreseeable victims—sometimes including warning threatened individuals or law enforcement.

Threat assessment teams navigate these obligations by:

• Involving mental health professionals in decision-making

• Consulting legal counsel on duty-to-warn situations

• Documenting threat assessment rationale and protective actions

• Implementing least intrusive interventions likely to manage risk

Due Process Rights

Educational institutions must respect student due process rights when imposing discipline. Workplaces must comply with employment law when taking adverse actions. Healthcare facilities must balance patient rights with safety.

Threat assessment isn't disciplinary process—it's risk management. But threat assessments often inform disciplinary decisions. Teams must understand:

• When due process is required

• What procedures must be followed

• How threat assessment evidence can be used

• What appeal rights exist

Discrimination and Disability Laws

ADA prohibits discrimination based on disability. Many individuals exhibiting concerning behavior have mental health conditions qualifying as disabilities under ADA.

Teams must:

• Distinguish between disability-related behavior and genuine threats

• Consider reasonable accommodations

• Focus on behavior, not diagnosis

• Document that decisions are based on direct threat assessment, not disability status

Understanding these legal frameworks protects both organizations and individuals being assessed.

Documentation for Legal Defensibility

Comprehensive documentation protects organizations in litigation:

Document:

• Information considered in assessment

• Assessment methodology used

• Risk factors identified

• Threat level determination and rationale

• Interventions implemented and why

• Monitoring activities conducted

• Case outcomes

Don't Document:

• Speculation without factual basis

• Personal opinions about individuals

• Protected health information unless legitimately needed

• Discriminatory comments or bias

Quality documentation demonstrates reasonable, non-discriminatory decision-making based on objective assessment of behavior and risk.

Measuring Program Effectiveness

Threat assessment teams must demonstrate value and identify improvement opportunities. Key performance indicators include:

Operational Metrics

• Number of reports received: Increasing reports often indicates growing awareness and reporting culture

• Report sources: Diverse sources (peers, supervisors, self-referrals) suggest broad participation

• Response times: Time from report to initial assessment, triage to intervention

• Case outcomes: How many cases proceeded to each intervention level?

• Closure rates: Are cases being resolved effectively or languishing?

Impact Metrics

• Incidents prevented: Difficult to quantify but critical to communicate

• Severity reduction: Did interventions de-escalate situations?

• User satisfaction: Do reporting parties trust the process?

• Institutional climate: Do people feel safer?

Compliance Metrics

• Training completion rates: What percentage of staff completed required training?

• Policy compliance: Are procedures being followed consistently?

• Documentation quality: Are case files complete and thorough?

• Legal requirements: Is team meeting regulatory obligations?

Regular program evaluation identifies strengths, weaknesses, and improvement opportunities. Annual reports to leadership demonstrate value and sustain organizational support.

Integration with Other Safety Systems

Threat assessment teams don't operate in isolation. Integration with related systems strengthens effectiveness:

Physical Security Systems: Security audits, access control, surveillance—physical measures implement team recommendations.

Emergency Management: Threat assessments inform emergency operations plans, active shooter response, and crisis management protocols.

Student/Employee Assistance Programs: EAPs and counseling services provide intervention resources teams coordinate.

Title IX/Civil Rights Offices: Sexual misconduct investigations may generate threat assessment referrals or vice versa.

IT/Cybersecurity: Digital behavior monitoring can identify concerning online activities requiring assessment.

Facilities Management: Building security improvements implement team protective recommendations.

Formalize relationships with these functions through memoranda of understanding, cross-training, and regular coordination meetings.

Conclusion: Building Capability That Saves Lives

Behavioral threat assessment teams represent our best tool for preventing targeted violence. They work—when properly established, trained, and supported.

But success requires organizational commitment beyond checking compliance boxes. Effective threat assessment requires:

Culture Change: From reactive response to proactive prevention Resource

Investment: Training, systems, personnel time Leadership Support: Backing team authority and decisions Continuous Improvement: Learning from cases and evolving practices

Having personally investigated violent crimes as an LAPD officer, protected diplomats under daily threat in Baghdad, and directed campus safety programs managing concerning student behaviors, I can state with certainty: violence is preventable when organizations have systems to identify warning signs and expertise to intervene effectively.

The frameworks in this guide—drawn from evidence-based research, federal agency guidance, and four decades protecting lives—provide blueprints for building those capabilities.

The question every organization faces is simple: Will you build threat assessment capacity before tragedy occurs, or react to preventable violence after?

Organizations that answer this question proactively—establishing teams, providing training, supporting operations—prevent violence that makes headlines. Those that wait react to tragedies they could have prevented.

The choice is yours.

Free Downloadable Resources

Ready-to-Use Templates

1. Threat Assessment Team Charter Template

[ORGANIZATION NAME]
BEHAVIORAL THREAT ASSESSMENT TEAM CHARTER

I. PURPOSE
The Behavioral Threat Assessment Team (BTAT) is established to identify, assess, and manage individuals who may pose threats of violence or harm to [organization] community members, property, or operations.

II. AUTHORITY
The BTAT operates under authority of [Senior Leadership Title] and reports to [Reporting Structure]. The team is authorized to:
- Receive and investigate reports of concerning behavior
- Access necessary information for threat assessment
- Recommend interventions and protective measures
- Coordinate with external agencies as appropriate
- Implement policies and procedures for threat management

III. SCOPE
The BTAT assesses potential threats involving:
- [Define populations: employees, students, visitors, contractors, etc.]
- [Define threat types: violence, self-harm, disruption, etc.]
- [Define locations: on-site, off-site affecting organization, etc.]

IV. MEMBERSHIP
Core members:
- Team Chair: [Position Title]
- Mental Health Professional: [Position Title]
- Security/Law Enforcement: [Position Title]
- Human Resources: [Position Title]
- Legal Counsel: [Position Title]

Additional members as needed:
- [List other potential members]

V. MEETINGS
- Standing meetings: [Frequency]
- Emergency meetings: Called as situations require
- Quorum: [Number] core members required for decisions

VI. CONFIDENTIALITY
All team members must:
- Maintain strict confidentiality
- Share information only on need-to-know basis
- Comply with applicable privacy laws
- Protect documentation security

VII. DECISION-MAKING
The team operates by consensus when possible. The Team Chair makes final decisions when consensus cannot be reached. Certain decisions require [Senior Leadership] approval:
- [List decisions requiring escalation]

VIII. DOCUMENTATION
All cases must be documented including:
- Initial report information
- Investigation findings
- Assessment conclusions
- Intervention decisions
- Monitoring activities
- Case outcomes

Approved by: _____________________ Date: __________
[Senior Leadership Name/Title]

2. Threat Report Form Template

CONFIDENTIAL THREAT REPORT FORM

REPORTER INFORMATION:
Name: _________________________________
Position/Title: __________________________
Department: ____________________________
Contact Phone: _________________________
Email: _________________________________
☐ I wish to remain anonymous

DATE & TIME OF CONCERN:
Date: _____________ Time: _____________
Is this an ongoing concern? ☐ Yes ☐ No

SUBJECT OF CONCERN:
Name: _________________________________
Position/Title: __________________________
Department: ____________________________
Relationship to you: _____________________

NATURE OF CONCERN (Check all that apply):
☐ Direct threat of violence
☐ Conditional/implied threat
☐ Intimidating behavior
☐ Stalking behavior
☐ Weapons possession/display
☐ Violence toward person or property
☐ Concerning communications
☐ Significant behavioral changes
☐ Self-harm concerns
☐ Other: _____________________________

DESCRIPTION OF BEHAVIOR:
Please describe in detail what you observed or heard:
___________________________________________
___________________________________________
___________________________________________
___________________________________________

Were there specific statements made? (Quote as precisely as possible):
___________________________________________
___________________________________________

WITNESS INFORMATION:
Were there other witnesses?
Name(s): ___________________________________
Contact: ___________________________________

PREVIOUS INCIDENTS:
Has this person exhibited concerning behavior before?
☐ Yes ☐ No ☐ Unknown
If yes, describe: _____________________________

ADDITIONAL INFORMATION:
Is there anything else the Threat Assessment Team should know?
___________________________________________
___________________________________________

REPORTER DECLARATION:
I certify that the information provided is true and accurate to the best of my knowledge.

Signature: _________________ Date: __________

FOR OFFICIAL USE ONLY:
Report received by: ________________________
Date/Time received: ________________________
Initial triage level: ☐ Low ☐ Moderate ☐ High ☐ Imminent
Assigned to: ______________________________
Case Number: _____________________________

3. Risk Assessment Matrix Template

THREAT LEVEL DETERMINATION MATRIX

RISK FACTORS PRESENT:
Dynamic Factors (Current):
☐ Recent significant loss (job, relationship, status)
☐ Expressed grievance or perception of injustice
☐ Mental health deterioration
☐ Substance abuse increase
☐ Social isolation
☐ Fixation on target(s)
☐ Research into violence/weapons
☐ Preparation activities
☐ Communications suggesting intent
☐ Boundary violations or testing
☐ Access to weapons
☐ Concerning online activity

Static Factors (Historical):
☐ History of violence
☐ Prior threats
☐ Criminal record
☐ Previous threat assessment history
☐ Childhood trauma/abuse
☐ Military/weapons training

PROTECTIVE FACTORS PRESENT:
☐ Strong social support system
☐ Employment stability
☐ Positive relationships
☐ Engaged in mental health treatment
☐ Effective coping strategies
☐ Insight into situation
☐ Reasons for living/future orientation
☐ Cultural/religious protective factors

THREAT LEVEL DETERMINATION:

LOW RISK:
- Minimal concerning indicators
- Strong protective factors
- No history of violence
- Situation appears manageable
ACTION: Monitor, basic support

MODERATE RISK:
- Some concerning indicators present
- Mixed protective factors
- Situation requires intervention
ACTION: Investigation, intervention planning, monitoring

HIGH RISK:
- Multiple serious indicators
- Limited protective factors
- Situation requires intensive management
ACTION: Comprehensive intervention, close monitoring, security measures

IMMINENT RISK:
- Immediate danger indicators
- Plans or means for violence
- Intent expressed
- Emergency response required
ACTION: Law enforcement notification, emergency protective measures, crisis intervention

Assessment completed by: ____________________
Date: ____________ Threat Level: _____________

4. Intervention Planning Template

INTERVENTION PLAN

CASE INFORMATION:
Subject Name: _____________________________
Case Number: ______________________________
Threat Level: ☐ Low ☐ Moderate ☐ High ☐ Imminent
Plan Date: _________________________________

INTERVENTION GOALS:
Primary Goal: ______________________________
Secondary Goals: ___________________________
___________________________________________

INTERVENTIONS TO BE IMPLEMENTED:

Mental Health Interventions:
☐ Voluntary counseling referral
☐ Mandatory fitness-for-duty evaluation
☐ Crisis mental health services
☐ Ongoing treatment monitoring
Provider: __________________________________
Responsible Party: __________________________
Timeline: __________________________________

Support Services:
☐ Employee Assistance Program
☐ Financial counseling
☐ Substance abuse treatment
☐ Conflict mediation
☐ Other: __________________________________
Responsible Party: __________________________
Timeline: __________________________________

Workplace/Educational Modifications:
☐ Schedule changes
☐ Location transfer
☐ Duty reassignment
☐ Academic accommodations
☐ Leave of absence
☐ Other: __________________________________
Responsible Party: __________________________
Timeline: __________________________________

Security Measures:
☐ Enhanced monitoring
☐ Access restrictions
☐ No-contact order
☐ Security escort
☐ Law enforcement notification
☐ Emergency response plan
☐ Other: __________________________________
Responsible Party: __________________________
Timeline: __________________________________

Administrative Actions:
☐ Performance improvement plan
☐ Disciplinary action
☐ Suspension/administrative leave
☐ Termination
☐ Other: __________________________________
Responsible Party: __________________________
Timeline: __________________________________

MONITORING PLAN:
Monitoring Frequency: _______________________
Monitoring Method: _________________________
Responsible Party: __________________________

Compliance Checks:
- [Specific compliance indicators to monitor]

Behavioral Observation:
- [Specific behaviors to monitor]

Case Review Schedule: _______________________

SUCCESS INDICATORS:
How will we know interventions are working?
___________________________________________
___________________________________________

CONTINGENCY PLANS:
If situation deteriorates:
___________________________________________
___________________________________________

If subject is non-compliant:
___________________________________________
___________________________________________

TEAM MEMBER ASSIGNMENTS:
Team Member: _________ Responsibility: _______
Team Member: _________ Responsibility: _______
Team Member: _________ Responsibility: _______

Next review date: ___________________________

Plan approved by:
Team Chair: _________________ Date: ________
[Other signatures as required]

About the Author

Warren Pulley is founder of CrisisWire Threat Management Solutions and brings 40 years of continuous experience protecting lives across military, law enforcement, diplomatic, corporate, and educational environments.

Professional Credentials:

• BTAM Certified - Behavioral Threat Assessment & Management (University of Hawaii West Oahu)

• 20+ FEMA Certifications - IS-906 (Workplace Violence), IS-907 (Active Shooter), IS-915 (Insider Threats), Complete ICS/NIMS

• Former LAPD Officer - 12 years investigating violent crimes, organized crime, and vice operations

• U.S. Embassy Baghdad Security Director - 6+ years protecting diplomats under daily threat (zero incidents)

• Former Director of Campus Safety - Chaminade University of Honolulu

• U.S. Air Force Veteran - 7 years nuclear weapons security

• Licensed Private Investigator - California (former)

Published Works:

• The Prepared Leader: Threat Assessment, Emergency Planning, and Safety

• Threat Assessment Handbook

• Campus Under Siege: School Safety Strategies

• Locked Down: The Access Control Playbook

• Uniformed Silence: A Journey Through Security Careers

Academic Research:

• School Threat Assessments 2025: Preventing Violence Before It Happens

• Do Armed Guards Prevent School Shootings? Evidence and Alternatives

• How to Conduct an Insider Threat Audit in 10 Steps

• Leadership Liability in Crisis: How CEOs Can Be Held Responsible

• Executive Protection in 2025: Why ASIS's New Standard Changes Everything

Additional research available at: Academia.edu/CrisisWire

Connect With CrisisWire

Website: http://bit.ly/crisiswire Email: crisiswire@proton.me Quick Contact: bit.ly/crisiswire

Social Media:

• LinkedIn: Warren Pulley

• Twitter/X: @CrisisWireSec

• Instagram: @crisiswire

• Facebook: CrisisWire

• Quora: CrisisWire Profile

Training Videos:

• Workplace Violence Prevention Training Series

• Behavioral Threat Assessment Fundamentals

Get Professional Threat Assessment Implementation Support

Building a threat assessment team is complex. CrisisWire provides expert guidance throughout the process:

✅ Team Formation Consulting - Charter development, member selection, governance structure

✅ Policy & Procedure Development - Custom policies compliant with your industry and jurisdiction

✅ Comprehensive Training - Team member training, organizational awareness, specialized protocols

✅ Case Consultation - Expert guidance on active threat cases requiring immediate assessment

✅ Program Evaluation - Assessment of existing programs with improvement recommendations

✅ Legal Compliance Review - Policy review ensuring FERPA, HIPAA, ADA, Title VII compliance

Contact CrisisWire Today:📧 crisiswire@proton.me🌐 rypulmedia.wixsite.com/crisiswire🔗 bit.ly/crisiswire

Serving organizations nationwide with evidence-based methodologies proven across military, law enforcement, diplomatic, and institutional environments.

Tags: #ThreatAssessment #BTAM #BehavioralThreatAssessment #WorkplaceSafety #SchoolSafety #CampusSafety #ViolencePrevention #SecurityManagement #ThreatAssessmentTeam #WorkplaceViolence #EmergencyManagement

Related Articles:

• How AI is Changing Workplace Violence Detection in 2025

• School Active Shooter Preparedness: 7 Critical Mistakes Districts Make

• Insider Threats Cost Companies $17.4M in 2025: Early Warning Signs

© 2025 CrisisWire Threat Management Solutions. All rights reserved.