Risk Assessment & Compliance

Why We Need to Switch to a Risk-Based Security Model – School Stabbing at Franklin Regional, Active Shooter Incidents at Fort Hood (twice), LAX, and The Washington Navy Yard.

Posted on April 15, 2014 8:42 pm by Caroline Ramsey-Hamilton Comment

When I turned on the news today, I was in the middle of writing an article on the 2^nd Shooting
at Ft. Hood from last week, and then saw that there had been a violent knife attack at a
Pennsylvania high school, with 20 casualties and at least eight injured critically, the next day,
there was a hate crime shooting at the Jewish community center in Overland Park, Kansas.

Once again, we see violence on a mass scale, the FBI has been brought in, and next will come
information on the victims. With two major events, in two weeks, what can we deduce about the
security in place at both Franklin Regional High School, Pennsylvania, and Fort Hood, Texas.

NEWS FLASH: THE CURRENT SECURITY MODEL IS NOT WORKING!

CURRENT SECURITY MODELS

Disaster preparedness is improving, Emergency Management is working, but security is
still not where it needs to be. It is a systemic problem based on the fact that security around
the U.S. is still locked in a REACTIVE mode, not a PROACTIVE mode.

The main reason for this reactive mode in security organizations, is because most security
officers come from a law enforcement background, with a model which is based on crimes
and arrests, and it is totally REACTIVE. A crime happens and police officers go into action
and arrest the perpetrator(s).

CRIME HAPPENS = PERP IS IDENTIFIED = PERP IS ARRESTED

Unfortunately, this reactive model does not work for preventing security incidents and mass violence
because it is INCIDENT DRIVEN, not Risk-Driven. It focuses on individuals, not on a more holistic,
generalized view of Threats, and it totally leaves Solutions (Controls) out of the equation.

After studying pages of after action reviews, post-incident analyses and media sources, the one
recommendation that makes sense is that organizations need to switch to a RISK-BASED,
PROACTIVE mode for security to work.

This was highlighted in a remark made by a Pentagon official, commenting on the 2^ndFort Hood
Shooting on April 2, and the fact that new DOD recommendations for security, had just been released.

“After the Navy Yard shooting in September 2013, another round of recommendations were made
to improve security at all DOD installations, however, a Pentagon official said that the new
recommendations had not yet been put into effect at Fort Hood. At Fort Hood, very little had
changed from 2009 regarding security procedures for soldiers at the entrance gates.”

The question for the Department of Defense is “how could this happen again at the same military
base? I took extra time to study the 89-page document called An Independent Review “Protecting
the Force”, one of 3 reports created after the initial Fort Hood Shooting, whene 13 were killed, and
43 injured.

If you look at the recommendations, they are very bureaucratic and procedural. They could have
been written by an efficiency expert, not by anyone with a background in security, and covered things
like policy changes, and having screening for clergy and psychologists, and improved mental health
programs. These are all important, but they do not provide a secure environment.

The LAX after action analysis’ Number One recommendation was to change
the security focus to a Risk-Based approach.

RISK-BASED SECURITY

The problem with a reactive approach is that you can’t screen and lock down everyone. At Fort
Hood, for example, there are 80,000 individuals living on the base, and probably hundreds of
visitors who go in and out every day. It’s impossible to assess the mental health, and the
‘intentions’ of all of them.

That’s why a Risk-Based Approach works – because it focuses on the potential threats and then evaluates the existing controls to see whether they offer the required amount of protection based on the likelihood of the threat occurring.

You stop violent events by controlling access and by controlling weapons. No matter how unpopular they are, you use metal detectors at certain points, you use security officers at key entrances, you control entrances and exits.

Once the event starts, you can improve security by having faster notification (panic alarms), ability
to block, or disable weapons and attackers, adequate transport, better emergency response, but to
avoid the violence, you need to have strong access control.

The Risk-Based approach makes use of annual risk assessments that are holistic in nature. They
are not done in stovepipes, they include the entire organizations, they include input from staff
members, visitors, students, vendors, soldiers, patients on how they see security from their point
of view, which is always dramatically different from management or administration.

A risk-based approach requires an organization to:

Define potential security risks.
Develop standardized risk assessment processes, for gathering and
analyzing information, and use of analytical technology
Risk-Based Security focuses on PREVENTION OF NEW INCIDENTS
whether they are active shooter, general violence, etc.
Enhances security’s ability to rapidly respond to changes in the threat environment.

MORE BANG FOR THE BUCK

According the LAX (LAWA) after action report, “Simply adding more security does not
necessarily provide better security. Determining priorities and where to achieve great
value for the dollars invested requires regular, systematic assessment of the likelihood
and consequences (risks) associated with a range of threat scenarios that morph and
change more quickly now than ever before.

Collaborative engagement in a security risk assessment process across the community builds
the buy-in needed to develop and sustain a holistic security program over time. Leaders must
be open to challenging established practices and demonstrate a willingness to change direction”.

Making the switch to a Risk-Based security program is the best recommendation for those who
want to protect their staff, students, patients, vendors, clients, soldiers, and visitors from a mass
casualty event, or for all the organizations who don’t want to have a terrible incident happen in
the first place!

Caroline Ramsey-Hamilton

President, Risk and Security LLC

Caroline@riskandsecurityllc.com

www.securityinfowatch.com/blogs

www.riskandsecurityllc.com

Loss of Malaysian Airlines Flight Points Out Airline Security Weaknessess

Posted on March 24, 2014 12:02 pm by Caroline Ramsey-Hamilton Comment

Monday, March 25, 2014.

This morning the Malaysian Government stated that based on all their “new”
calculations, they have concluded that Flight 370 went down in the southern
Indian Ocean.

Has terrorism been counted out for this flight – no. Until the whole story is known,
it will be impossible for anyone at this point to say that this happened because of pilot
error, mechanical failure, bad weather, or anything else. However, as we watched
the near continuous news coverage of this ill-fated flight, it was impossible to ignore
the many security weaknesses that were revealed as the drama played out, and
experts proposed possible new theories, even alien abduction!

The airlines around the world, and even the Federal Aviation Administration (FAA),
have always maintained their unique security standards, unlike other industries
which have generally accepted security practices that are used worldwide. This
standardization of security elements has made it easier for multinational corporations
with offices worldwide, to secure their supply chains, ensure improved safety and
security for their employees, contractors and vendors, and, in my opinion,
contributed to making the world a safer place.

Unfortunately, this uniformity and standardization of security practices is not
mirrored in the airline industry globally, and even blatantly ignored by other
airlines, operating in other countries.

International travelers often see the little sign that says something like: THIS
AIRPORT HAS BEEN CLASSIFIED AS UNSAFE. Of course, because these
airports are often the only airport in the country, they are used anyway.

But the fate of Flight 370 has shocked some security experts by uncovering the
lack of security at a respected airport, generally thought to be safe and secure.

For example, right after 9/11, the FAA moved quickly to security the cockpit of
U.S. planes, and keep them locked and secure during flight. So it was quite a
surprise to have a young girl smiling and telling CNN how she partied with the
co-pilot in the cockpit during a recent flight.

“The FAA rule sets new design and performance standards for all current and
future airplanes with 20 or more seats in commercial service and all cargo
airplanes that have cockpit doors. Specifically, the rule:

Requires cockpit doors to remain locked. The door will be designed to prevent
passengers from opening it without the pilot’s permission. An internal locking device
will be designed so that it can only be unlocked from inside the cockpit.

Controls cockpit access privileges. Operators must develop a more stringent
approval process and better identification procedures to ensure proper
identification of a jump seat rider.”

As the tragedy has unfolded day by day, security experts can see vulnerabilities
in the way security controls are both either not required or are not correctly and
consistently implemented on planes around the world.

The “Tombstone Mentality” of the airline industry and civil aviation organizations now
have the tombstones for 370 individuals, and everyone hopes that even though we
don’t know know exactly why this flight went down, we can all see that there are
weaknesses in international security that need to be addressed in the aftermath of
this tragedy.

After Action report on LAX Shooting Recommends Risk Assessments

Posted on March 19, 2014 1:26 pm by Caroline Ramsey-Hamilton Comment

The Los Angeles World Airports (LAWA) released the long-anticipated After
Action Analysis on the LAX Active Shooter Incident in 2013.

The 83-page report was written by an independent consultant who analyzed
all aspects of the Shooting incident and includes a list of “Major Observations
and Recommendations.” The recommendations are “to provide focus for
LAWA’s efforts toward continuous improvement in it’s security and emergency
preparedness programs.

These areas were highlighted in the report as “7 priority observations that merit
special consideration.

Recommendation 1.1: Evolve the LAX Security Program to reflect a more
integrated assessment of security risk and provide for the ongoing development
and management of mitigation measures.

Recommendation 1.2: Based on the RISK ASSESSMENT and updated security
plan, consider the focus and structure of security functions to determine whether
realignment and integration are needed.

Recommendation 1.3: With the benefit of recent vulnerability and risk assessments,
take a risk-based approach to evaluating current security programs and explore
intelligent use of technology.”

Once again, doing frequent Security Risk Assessments and managing the security
program and enhancements to follow the recommendations of the Risk Assess-
ment are the first recommendations in the After Action Analysis of an Active
Shooter Incident.

In my experience, in most organizations, Facility Security Risk Assessments are
not conducted correctly, are not reported to senior management, and not used as a
tool to ADJUST AND FOCUS the security program based on RISK.

Why aren’t security risk assessments done more often?

1. People don’t have the right expertise to do a full risk assessment.

2. Security managers view Security Risk Assessments are too difficult
to undertake.

3. Law enforcement personnel still do not understand the concept of risk
assessments and instead, tend to rely on checklists of controls or
security elements, rather than integrating all the information to
create a true Risk-Based model for security.

The solution to this problem is to use affordable, easy to use software tools, like
the Risk-Pro Application for Facilties Security Assessment and their Risk-Pro
Application for Active Shooter Incident to simplify the process of doing more
frequent risk assessments and using them as a management tool to focus
security so it will be able to recommend the security enhancements that are
needed, and not only how MUCH to spend, but actually dictate the order
of necessary controls.

Far from being a boring, intellectual exercise, well done security risk
assessments can dramatically reduce the possibility of an active shooter
event, and also mitigate the many negative consequences that come
from such disruptive incidents.

Putin Analyzes his Risk on Invading Crimea

Posted on March 3, 2014 9:40 pm by Caroline Ramsey-Hamilton Comment

The invasion of Ukraine’s Crimea region by Putin’s “un-labeled” troops
illustrated two major principles of a Risk Assessment.

#1 – Secure your Critical Assets First

It’s not about the citizens of Crimea, not about the Ukraine wheat fields, or
even it’s use as a pipeline pass-through area. It’s all about the Black Sea
Ports. These ports are absolutely critical to Russia (and also to PUTIN
– the EGO), because they are a critical place to ship gas and oil from,
and they also give Russia their only access to the Mediterranean,
in case Putin urgently needs a gelato!

The second principle of a risk assessment is

#2 – Analyze all the Potential Threats

I read a great article over the weekend about how Putin had sized up the
EU and the European bankers, and calculated that the threat of any interruption
of the Russian-European banking relationship was zilch – zero. Bankers are
not going to reduce their profits by refusing to do business with Putin.

The next potential threat is U.S. retaliation or sanctions. Putin correctly
calculates that the US didn’t get out of Iraq and almost out of Afghanistan
to immediately send any boots on the ground to Crimea or eastern Ukraine.
We can threaten to curtail his trips to Vegas and Disneyland, but the U.S.
is not going to start a war over this.

Putin did his risk calculation and decided that his chance of getting in any
serious trouble was VERY SMALL and his potential gain was VERY HIGH:

1. He gets to look like a tough guy again.

2. He gets lot of media attention from the whole world (doesn’t care what
media writes about him, as long as they spell P*U*T*I*N correctly and
gets him back on the world stage again.

3. And, the clincher is that he can pull the troops out anytime he wants,
send them back home, and no real harm done.

But I did pay attention in my history class, and I am hoping out loud that
we are not on the precipice of another war!

Get Management’s Attention for Security – Shooter Kills the Hospital Administrator

Posted on January 6, 2014 12:14 pm by Caroline Ramsey-Hamilton Comment

Every Security Officer I’ve ever met has mentioned how difficult it can be to get funding for additional security! It is a never-ending mission, to get the budget for a security program that will truly protect an organization.

Hospitals are no exception. They have suffered their own financial problems and because security is not seen as a ‘clinical’ or ‘patient care’ issue, it is easy to take money from security and put it somewhere else.

But there’s one sure way to get management’s attention for Security — having a security incident. And if you don’t have one at your organization, high profile security incidents at other facilities will all grab management’s attention.

In my Risk-Pro Security Incident Report today, a shooter killed four, wounded three, and then killed himself. What was unusual about this incident was that the shooter went to the Hospital Administrator’s house and shot the administrator dead, and then shot his wife who was taken to an area hospital.

Most executives and administrators think about security as sort of an abstract concept, that doesn’t directly affect them. But it might, and by sending your management a copy of our Risk-Pro Incident Report, you’ll get their attention this time!

(Subscribe to the Risk-Pro Incident Report program by sending an email with the word SUBSCRIBE on it to info@riskandsecurityllc.com)

New Active Shooter App Announced on October 20, 2013

Posted on October 19, 2013 12:27 pm by Caroline Ramsey-Hamilton Comment

FOR IMMEDIATE RELEASE

New Active Shooter app released to reduce likelihood of an Active Shooter Incident.

Active Shooter incidents have increased both in the number of incidents, as well as the number of people killed and injured in the last five years. As an aspect of workplace violence, the active shooter has become is a serious recognized occupational hazard, ranking among the top four causes of death in workplaces during the past 15 years. More than 3,000 people died from workplace homicide between 2006 and 2010, according to the Bureau of Labor Statistics (BLS). Additional BLS data indicate that an average of more than 15,000 injuries were annually during this time.

The latest figures show that high-risk organizations like hospitals, schools, malls, universities, military installations and even hair salons have experienced an active shooter incident and are likely to have a dramatically increased risk for experiencing an active shooter incident in the future.

Risk & Security LLC has released a new web-based app, Active Shooter Risk-Pro©, which offers an easy to use risk assessment program that assesses your organizational risk of an active shooter incident, as well as recommending solutions to prevent an incident from occuring in the future.

In additional to using the Department of Homeland Security (DHS) Guidelines on Active Shooter Response, the OSHA standard 3148 (Guidelines for Preventing Workplace Violence for Health Care, the FBI and Secret Service Guidelines on Active Shooter Incidents, and the new OSHA Inspection Directive, Enforcement Procedures for Investigating or Inspecting Incidents of Workplace Violence, from September, 2011, are both included in the new, easy-to-use application.

The program has been tested on some of the largest organizations in the US, and runs on a laptop, PC or tablet, and even on a smartphone!. Active Shooter Risk-Pro© is built to be affordable and simple to use.

The web 2.0 program, includes newly compiled, updated threat databases, new active shooter incident analysis metrics, and automated web-surveys based on the DHS Guidelines..

The new program gives human services and security professionals a quick and easy way to conduct a active shooter, or general workplace violence that will recommend that will pass an audit!

The Risk-Pro© model has been used for easy software applications by the Department of Defense and over hundreds of organizations, hospitals, and local, state and federal government agencies.

About Risk & Security LLC

Risk & Security LLC is a security risk assessment and risk analysis company with over 30 years of combined expertise in security risk assessment. It develops specialized programs and applications which are easy to use, affordable and which help organizations assess their risk, the likelihood of becoing a target, and which recommend cost-effective solutions.

Risk & Security offers full service consulting on critical risk assessments including HIPAA Risk Analysis, Facilities Security Assessments, Hospital Security Assessments, Workplace Violence, Active Shooter Incident Assessment, Environment of Care and more. Risk & Security partners with security companies around the world to provide state-of-the-art security expertise to analyze risk and recommend cost-effective security controls justified by return on investment metrics.

The team of risk and security experts is led Caroline Ramsey-Hamilton, who has created more than 40 software programs, and conducted more than 200 specialized security risk assessments in a variety of environments, including companies in the United States and around the world, including in Abu Dhabi, Hong Kong, Japan, South Africa and Qatar.

Contact Information:

Caroline Ramsey-Hamilton, CHS III

Email: caroline@riskandsecurityllc.com

Phone: 301-346-9055

Twitter: www.twitter.com/riskalert

Last-Minute HIPAA Compliance Tips

Posted on September 20, 2013 12:35 pm by Caroline Ramsey-Hamilton Comment

With only 2 weeks (15 days) left to meet the HIPAA Omnibus Rule, let’s say you
have done everything you could possibly do, to be in full compliance with every
part of HIPAA:

1. Finish a current HIPAA Risk Analysis – CHECK

2. Rewrite Business Associate agreements – CHECK

3. Rewrite Policies & Procedures – CHECK

4. Get PHI off the office copiers – CHECK

5. Gather Documentation in one place – CHECK

6. Start HIPAA Security Awareness Program – CHECK

7. Update HR Sanctions Policies – CHECK

8. Finalize Contingency Plans – CHECK

9. Add more encryption – CHECK

10. Implement Plan for Smartphones & Mobile Devices – CHECK

11. Have staff sign new Affirmation Agreements – CHECK

And in spite of your careful preparation, you walk into work on Monday, and the OCR
regulators are sitting in the Lobby, and they’ve been there since 7:00 AM!

No matter what else you have done, or started, and have not done, your insurance policy is to be
able to pull out your most current (in months, not years) HIPAA Risk Analysis and then pull out all
your supporting documentation including:

1. All information, including network diagrams, on where the PHI is on your network, and the
automated network controls you have implemented.

2. A record of every application, every database, etc. that hold PHI, are used to create,
manage, or share PHI, in both electronic and paper form.

2. Rosters going back 3 years of everyone in the organization who’s taken HIPAA training.

3. A copy of the Policies and Procedures, and Security Plans, printed out and labeled in 3-ring
Binders.

4. List of all HIPAA controls that are currently in place and verification documents.

5. Copies of all Business partners agreements and contracts

6. A notarized statement signed by the Board Director, CEO or Administrator formally
stating the organization’s Commitment to HIPAA Security & Privacy & Omnibus Rules.

7. Copies of recent employee surveys validating their stated compliance with all HIPAA
Security, Privacy, and Omnibus Rules.

All of these elements should be printed in their most current versions and put in D-Ring
binders, which you will pull out of a cabinet designed for high security. Nothing thrills a regulator
or auditor more than getting everything you ask for in a neatly labeled, giant 3-ring binder.
It says “PREPARED” in a way that having files on the network never will.

And, BTW, you HAVE completed all these steps – right?

For More Information, Contact Caroline Hamilton at caroline@riskandsecurityllc.com

What Happens if OCR Shows up – Asking about your HIPAA Compliance?

Posted on September 8, 2013 2:09 pm by Caroline Ramsey-Hamilton Comment

With only 2 weeks (15 days) left to meet the HIPAA Omnibus Rule, let’s say you have
done everything you could possibly do, to be in full compliance with every part of HIPAA:

1. Finish a current HIPAA Risk Analysis – CHECK
2. Rewrite Business Associate agreements – CHECK
2. Rewrite Policies & Procedures – CHECK
3. Get PHI off the office copiers – CHECK
4. Gather Documentation in one place – CHECK
5. Start HIPAA Security Awareness Program – CHECK
6. Update HR Sanctions Policies – CHECK
7. Finalize Contingency Plans – CHECK
8. Add more encryption – CHECK
9. Implement Plan for Smartphones & Mobile Devices – CHECK
10. Have staff sign new affirmation Agreements – CHECK

And in spite of your careful preparation, you walk into work on Monday, and the regulators from
OCR are sitting in the Lobby, and they’ve been there since 7:00 AM!

No matter what else you have done, or started, and have not done, your insurance policy is to be
able to pull out your most current (in months, not years) HIPAA Risk Analysis and then pull out all
your supporting documentation including:

1. All information, including network diagrams, on where the PHI is on your network, and the automated
network controls you have implemented.

2. A record of every application, every database, etc. that hold PHI, are used to create, manage, or
share PHI, in both electronic and paper form.

2. Rosters going back 3 years of everyone in the organization who’s taken HIPAA training.

3. A copy of the Policies and Procedures, and Security Plans, printed out and labeled in 3-ring
Binders.

4. List of all HIPAA controls that are currently in place and verification documents.

5. Copies of all Business partners agreements and contracts

6. A notarized statement signed by the Board Director, CEO or Administrator re-stating
the organization’s Commitment to HIPAA Security & Privacy & Omnibus Rules..

7. Copies of recent employee surveys validating their stated compliance with all HIPAA
Security, Privacy, and Omnibus rules.

It says “PREPARED” in a way that having files on the network never will.

And, BTW, you HAVE completed all these steps – right?

New App does a Workplace Violence Baseline Assessment

Posted on March 13, 2013 10:21 am by Caroline Ramsey-Hamilton Comment

New Workplace Violence Prevention App helps companies do an OSHA Violence Baseline Assessment

DATELINE: Boca Raton, Florida, March 12, 2013

Workplace Violence in US companies is a problem that is getting worse. Workplace violence is a serious recognized occupational hazard, ranking among the top four causes of death in workplaces during the past 15 years. More than 3,000 people died from workplace homicide between 2006 and 2010, according to the Bureau of Labor Statistics (BLS). Additional BLS data indicate that an average of more than 15,000 nonfatal workplace injury cases was reported annually during this time.

The latest figures show that high-risk organizations like hospitals, behavioral health treatment, home health workers and late night retail establishments are at a dramatically increased risk for experiencing a violent incident at work.

OSHA, and over thirty state government regs recommend that companies do an annual Workplace Violence Basement Assessment, but these are time-consuming and difficult to manage.

To solve the problem, Risk & Security LLC has released a new web-based app, Workplace Violence Risk-Pro©, which makes security directors into Risk Professionals!

OSHA standard 3148 (Guidelines for Preventing Workplace Violence for Health Care &

Social Service Workers)and the new OSHA Inspection Directive, Enforcement Procedures for Investigating or Inspecting Incidents of Workplace Violence, from September, 2011, are both included in the new, easy-to-use application.

The program has been tested on some of the largest organizations in the US, and runs on a laptop, PC or tablet, and even on a smartphone!. Workplace Violence Risk-Pro© is built to be affordable and simple to use.

The web 2.0 program, includes newly compiled, updated threat databases, and automated web-surveys based on the exact OSHA Directives.

The new program gives human services and security professionals a quick and easy way to conduct a workplace violence baseline assessment that will pass an audit!

The Risk-Pro© model has been used for easy software applications with the Department of Defense and over hundreds of organizations, hospitals, maritime organizatons, and local, state and federal government agencies.

About Risk & Security LLC

Risk & Security LLC is a security risk assessment and risk analysis company with over 30 years of combined expertise in security risk. It specializes in consulting on risk assessment projects and global application development of risk solutions. Risk & Security partners with security companies around the world to provide state-of-the-art security expertise to analyze risk and recommend cost-effective countermeasures.

Why Workplace Violence is Always a Catastrophe

Posted on March 13, 2013 10:12 am by Caroline Ramsey-Hamilton Comment

Workplace violence incidents are one of the most damaging events that can happen to any organization. The good news is that workplace violence is one of the few threats that companies can actually prevent before it happens.

Unlike earthquakes, hurricanes, floods, war, and explosions, workplace violent incidents can be prevented if the organization makes a commitment to educate their employees, and give them the knowledge they need to address a potential problem with a co-worker before it gets to an explosive level, for example, making the active shooter drills part of the security program.

In many ways, workplace violence is worse than other kinds of violent incidents because it always involves a major violation of trust, and it also has a malicious component, where the perpetrator is deliberating focusing on violence against a fellow human that they know personally and may have directly worked with, sometimes for year.

According to OSHA, workplace violence is a serious recognized occupational hazard, ranking among the top four causes of death in workplaces during the past 15 years. More than 3,000 people died from workplace homicide between 2006 and 2010, according to the Bureau of Labor Statistics (BLS). Additional BLS data indicate that an average of more than 15,000 nonfatal workplace injury cases are reported every year.

As well as the violation of trust and the violence itself, the incidents usually terrorize both the victims and other employees, especially those who know violent individual and are left to wonder how they failed to recognize the danger signs.

Some organizations report that employees, even those who weren’t hurt in an incident, exhibit PTSD-type symptoms following an incident. And the company’s reputation is often damaged, just from the publicity of the event.

One of the main controls that protect against a violent incident, is doing a Workplace Violence Assessment. This specialized risk assessment involves interviewing employees at all levels of the organization, looking at the OSHA guidelines, such as those detailed in OSHA 3148, (www.osha.gov/Publications//osha3148.pdf).

The assessment also includes making sure that every violent, or threatening incident gets reported in a standardized way, that all the incidents are tracked, and that there is a de-escalation process that can be easily followed to prevent someone from getting to a violent stage.

There are new programs available that automate the Workplace Violence Assessment process and make it into a simple and standardized
project. To review a standardized, data-based, Violence Assessment Report, go to: www.riskandsecurityllc.com/.