Workplace Violence Protection
Key Takeaways
- OSHA/NIOSH classify workplace violence into four types: Type I criminal intent, Type II customer/client, Type III worker-on-worker, and Type IV personal relationship.
- Type I (criminal intent, no legitimate relationship to the workplace) is the leading cause of workplace-violence fatalities overall, largely through robbery-related incidents.
- The WAVR-21 (Workplace Assessment of Violence Risk) is a structured 21-item professional-judgment instrument used by threat-assessment teams to evaluate targeted violence risk.
- A multidisciplinary threat-assessment team -- security, HR, legal, and behavioral health -- is the operational core of a workplace-violence prevention program.
- Substance-abuse reduction is a workplace-violence risk-mitigation control because substance use is a documented situational risk factor that can accelerate an individual toward violence.
Understanding Workplace Violence Risk
Workplace violence protection is a core Personnel Security competency in the CPP Body of Knowledge. It requires the security manager to design prevention, intervention, and response tactics; support a threat-assessment team; and build organization-wide education and awareness -- including programs that address substance abuse as a contributing risk factor.
The Four Types of Workplace Violence
OSHA and NIOSH classify workplace violence into four types based on the perpetrator's relationship to the workplace. The exam expects candidates to correctly classify a scenario into one of these four types, because the appropriate protection strategy differs by type.
| Type | Perpetrator relationship | Description | Example |
|---|---|---|---|
| Type I -- Criminal intent | No legitimate relationship to the workplace | Violence incidental to another crime, such as robbery or trespass, or terrorism | Armed robbery of a retail store |
| Type II -- Customer/client | Recipient of the organization's services | Aggressor is a customer, client, patient, or inmate receiving services | Patient assaulting a nurse |
| Type III -- Worker-on-worker | Current or former employee | Aggressor is an employee or ex-employee of the workplace | Terminated employee attacking a supervisor |
| Type IV -- Personal relationship | Personal relationship with an employee, not with the business | Perpetrator has no employment connection but a personal tie to a worker | Domestic partner assaulting an employee at work |
Type I is the most common cause of workplace-violence fatalities overall (largely robbery-related), while Type II dominates in healthcare and social-service settings. Type III and Type IV are the categories most directly addressed by personnel-security prevention programs, since they are the types an organization can most influence through hiring, termination, and awareness practices.
Threat Assessment and the WAVR-21
A multidisciplinary threat-assessment team -- typically drawing on security, human resources, legal counsel, and behavioral-health expertise -- is the operational core of a workplace-violence prevention program. The team receives reports of concerning behavior, gathers information, and determines the level of risk and the appropriate management response, rather than leaving that judgment to a single manager.
The WAVR-21 (Workplace Assessment of Violence Risk) is a structured professional-judgment instrument used by threat-assessment teams and consulting behavioral-health professionals to evaluate targeted violence risk. It codes roughly twenty violence risk indicators -- motivational, historical, behavioral, and situational factors, plus a protective-factor scale -- to support a structured, defensible risk rating rather than an unaided clinical guess. Its value to a CPP-level manager is procedural: it standardizes how the team documents and communicates a risk finding across cases.
Prevention, Intervention, and Response Tactics
A layered program addresses the full timeline of risk:
- Prevention -- pre-employment screening, a clear workplace-violence policy, physical-security controls such as access control and visitor management, and a reporting mechanism for concerning behavior.
- Intervention -- early identification of escalating behavior (threats, stalking, erratic conduct), referral to the threat-assessment team, and, where appropriate, employee-assistance-program referral or a safety plan for a targeted victim.
- Response -- an incident-specific active-assailant/violence response protocol, coordination with law enforcement, and post-incident support.
Education, Awareness, and Substance-Abuse Reduction
Training is the connective tissue of the program. Employees and supervisors need to recognize behavioral warning signs -- explicit or implied threats, sudden performance decline, fixation, escalating grievances -- and know the reporting channel. Supervisors specifically need training on how to respond to a disclosed threat without either dismissing it or overreacting in a way that further escalates the situation.
Substance-abuse reduction is treated as a workplace-violence risk-mitigation element because substance use is a documented situational risk factor that can accelerate an individual toward violence, particularly when combined with other stressors such as termination, relationship breakdown, or financial crisis. Programs typically pair a written substance-free workplace policy with employee-assistance-program access, supervisor training to recognize impairment, and, where legally permitted, testing tied to reasonable suspicion or post-incident triggers rather than indiscriminate blanket testing.
Applying the Framework
On the CPP exam, a workplace-violence scenario question typically asks the candidate to classify the incident by type, select the correct escalation path (report to the threat-assessment team versus immediate law-enforcement response), or identify the best prevention control for a described gap. The security manager's job is not to predict violence with certainty -- no instrument does that -- but to build a structured, documented, multidisciplinary process that catches warning signs early and responds proportionately.
Industry and Labor Regulations
Workplace-violence prevention is increasingly a statutory obligation, not just a best practice. Under the federal Occupational Safety and Health Act, the General Duty Clause requires employers to furnish a workplace free from recognized hazards likely to cause death or serious harm, and OSHA has applied that clause to workplace violence in high-risk sectors such as healthcare and late-night retail. A growing number of states go further with explicit written-plan mandates: California's SB 553, effective July 1, 2024, requires most California employers to implement a written workplace violence prevention plan, train employees on it, and maintain a violent-incident log, with narrow exceptions such as very small non-public worksites and specifically regulated healthcare settings. A CPP-level manager tracks these state-by-state labor requirements the same way physical-security and life-safety codes are tracked, since a program built only to federal General Duty Clause expectations can still fall short of a specific state mandate.
Key Program Elements
- Written workplace-violence prevention policy with a non-retaliation reporting channel.
- Multidisciplinary threat-assessment team with defined intake and escalation criteria.
- Structured assessment tools, such as the WAVR-21, to support -- not replace -- team judgment.
- Supervisor and employee training on warning-sign recognition.
- Substance-abuse policy integrated as a risk-mitigation control, not a standalone HR issue.
A terminated employee returns to the office weeks later and assaults a current supervisor. Which OSHA/NIOSH workplace-violence type does this represent?
Which tool is a structured, roughly 21-item professional-judgment instrument used by threat-assessment teams to evaluate the risk of targeted workplace violence?