Building a Threat Assessment Team Without a Security Department
Most mid-market companies assume threat assessment requires a dedicated security team. It does not. The multidisciplinary threat assessment team model endorsed by the FBI, DHS, and the Association of Threat Assessment Professionals is designed to work with existing organizational roles.
The Myth
Companies with $50M-$2B in revenue often believe they are too small for a formal threat assessment capability. They handle concerning employee behavior through HR on a case-by-case basis, with no structured process and no cross-functional coordination.
This approach works until it does not. The U.S. Postal Service — an organization with a documented workplace violence prevention program — had 79% of incidents go unreported in a recent OIG audit. The problem was not policy. It was operational execution.
The Team You Already Have
A functional threat assessment team draws from five existing roles:
| Role | Contribution |
|---|---|
| HR business partner | Employee behavior expertise, conduct records access |
| Legal counsel | Employment law, restraining orders, privacy boundaries |
| Facilities/operations manager | Physical security, access controls, workspace changes |
| EAP provider | Behavioral assessment, fitness-for-duty referrals |
| Law enforcement liaison | Local PD contact for active threat coordination |
None of these require new hires. They require a charter, training, and a coordinator.
Making It Work
Three elements separate a functional team from a committee that meets once and dissolves:
A written charter. Define the team’s authority, confidentiality protocols, decision rights, and escalation thresholds before you need them. Without a charter, the team stalls on its first ambiguous case.
A trained coordinator. One person — usually HR or senior operations — receives all reports and decides when to convene the team. This is a role, not a full-time job. At most mid-market companies, it adds 2-5 hours per month.
An external consultant. Retain a threat assessment professional on a light retainer ($2,000-$5,000 per month) for the cases your internal team is not equipped to handle. Your team manages 80% of concerns. The consultant handles the 20% where experience matters most.
The Training Minimum
All team members should complete the free DHS Behavioral Threat Assessment and Management introductory training. The team coordinator should pursue ATAP Certified Threat Manager (CTM) certification over time. Neither requires pulling people from their primary roles for weeks — the DHS training is self-paced and the CTM exam draws on applied experience.
Where to Start
Identify the five role-holders. Schedule a 90-minute kickoff to draft the charter. Send everyone through the DHS BTAM training within 30 days. Open your first case file the next time a manager calls HR about a concerning employee.
The infrastructure is simpler than most companies expect. The hard part is not building the team. It is deciding to build it.