Background

The Origins of Behavioral Threat Assessment

The first organization to discern the presence of prior signs of targeted violence in schools was the U.S. Secret Service (USSS), which – thanks to its core mission of protecting American presidents from would-be assassins – excels at the science of assessing human behaviors, communications and actions for early indications of a threat.

Following the Columbine tragedy a joint team of USSS and U.S. Department of Education (DOE) experts spent two years combing through historical data on school shootings, looking for patterns and trends that would lead them to a more effective approach to proactively identify and prevent – rather than merely respond to – school mass casualty events.

In May 2002 the agencies published a landmark report, Threat Assessment in Schools: A Guide to Managing Threatening Situations and to Creating Safe School Climates, which found that “incidents of targeted violence in school were rarely impulsive; that the students who perpetrated these attacks usually planned out the attack in advance – with planning behavior that was oftentimes observable; and that, prior to most attacks, other children knew that the attack was to occur.”

Based on their findings about the prior ‘knowability’ of these acts, the report’s authors advocated for applying longstanding risk assessment principles to schools, while simultaneously stressing the importance of fostering safe school climates where students would feel empowered to share their concerns.

With the right climate and the right reporting policies and assessment procedures in place, the report concluded that “it may be possible to prevent some future school attacks from occurring – and that efforts to identify, assess, and manage students who may have the intent and capacity to launch an attack may be a promising strategy for prevention.”

our passion

The Secure Passage Approach

We are passionate about public safety in general, and school safety in particular. More than a decade ago, we designed and launched our first school safety solution for managing campus risk, based on in-depth discussions with district leaders, school administrators, security directors and district police chiefs, campus law enforcement personnel, counselors, teachers and operations staff.

In 2014, we deployed the first “Haystax School Safety Center” platform as a statewide solution in Florida (Haystax is ‘finding the needle in the haystack). Known as the Florida Safe Schools Assessment Tool (FSSAT), the tool initially focused on managing school asset information and conducting physical security assessments at approximately 4,200 public schools and 700 charter schools across all 67 districts in the state.

FSSAT capabilities have since grown to encompass:

• Incident alerting
• Mobile field reporting
• Event scheduling
• Safety drill management and digital monitoring
• Analysis of third-party data.

In addition, our School Safety Center has been deployed in K-12 districts and regional government agencies in California, Texas, Arizona, Virginia and elsewhere.

Our history with behavioral threat assessments dates back even further. In 2008 we were tasked by the Pentagon with providing evidence-based analytics for assessing terrorist risk, and in 2011 we began our work with the Gates Foundation to assess a variety of personal threats to Bill and Melinda Gates and their family members. Within two years Haystax data scientists had additionally developed a software-based predictive model for identifying potential insider threat behaviors, which has been used by leading banks, government agencies and other large organizations.

In 2018 Haystax developed its first behavioral threat assessment application for schools at the request of a district security director who was already using our core school safety platform apps to protect nearly 30,000 students, plus more than 2,000 staff and faculty, at dozens of campuses and facilities. The behavioral assessment app is still in use today and has provided the district with a robust platform for identifying, assessing and managing behavioral threats of all types and a secure repository of data, plus supporting records, on all open and closed cases.

How it Works

Overview: School Behavioral Threat Assessment with Case Management by Secure Passage

Our newest solution, the Student Behavioral Threat Assessment, or SBTA, has been designed from the ground up to provide administrators, security directors, mental health professionals and other assessment team members with the intelligence and insights they need to make evidence-based decisions regarding emerging campus security threats in time to avert a more serious crisis.

The solution can be configured to reflect the unique requirements of each district or state, taking account of existing systems, workflows, investigative approaches, assessment frameworks and team structures.

All functionalities and workflows within the SBTA platform are housed in a series of tightly integrated applications, wrapped in a case management module, that support incident reporting, verification, investigation, assessment, recommendation and resolution.

Additionally, the SBTA allows users to analyze data across multiple cases to glean deeper insights on emerging trends and shifts in behavioral threat assessment patterns, and to report tailored results to a broad array of stakeholders.

Because it is built on a separately hosted SaaS platform that employs robust data encryption protocols and strict user access controls, all data resident in the SBTA ‘ecosystem’ is secured against unauthorized access. Personally identifiable information (PII) and other sensitive information is kept behind a wall, ensuring compliance with current regulations regarding student privacy and mental health.

Security in Action

Case Management

At the heart of our solution is a task-centered case management module that enables users to:

• Review and validate incoming incident reports
• Open a case
• Enter information on students, staff or other individuals relevant to the case
• Designate team members and their roles
• Assign member tasks using preset templates, or create custom tasks
• Upload files and integrate third-party data as supporting evidence
• Evaluate the threat using a commonly accepted assessment framework
• Determine the response – and intervention, if any
• Implement the chosen response
• Submit the case for review, and make further amendments if needed
• Close the case
• Analyze case records and submit reports to key stakeholders

In order for a case to be created, a report must be received – either by being entered manually or ingested automatically from linked data sources – indicating that an adverse incident or concerning behavior has occurred.

Designated assessment team members are immediately notified, so they can meet to assess the incident’s validity. Invalid or not-applicable incidents are archived but if an incident is deemed to pose a valid threat, the team opens a case.

The team lead’s first act is to assign tasks to individual team members. Task examples include:

• Importing and reviewing relevant information on perpetrators, such as their attendance records and grades, records of prior incidents and counselor evaluations.
• Scheduling and conducting interviews with the alleged perpetrator plus any intended victims, and collecting statements from students, staff and others (e.g., law enforcement, parents, etc.) who may have witnessed the threat or possess knowledge of important aspects of the case.
• Reviewing social media posts or other evidence for additional context surrounding the incident.
• Collecting videos, documents or other case-relevant files.

Each task can be given a due date, and automated reminders are sent to each team member (e.g., that the deadline for submitting a witness interview form is approaching). Other notification types include case status changes, such as scheduling shifts or the arrival of new evidence. Depending on the customer’s preference, notifications can originate from within the SBTAM module or be sent via email or text message – or all three.

During evidence collection, data for each case can be ingested automatically, entered manually or uploaded as files of any format (e.g., documents, photos and videos).

Teams also can begin interviewing perpetrators, victims or witnesses using forms pre-populated in the SBTAM. Interview data can be keyed in on-screen as an interview is taking place, written down on a pre-printed interview form, or drafted as written notes and entered later in the app. All interviews are logged for future reference.

At this point, team members begin recording their key observations, which provide critical context surrounding the case. One example would be a school principal who knew both the perpetrator and victim in a case and could attest to a long list of prior incidents involving both students. Team observations are captured on a checklist.

Once available evidence, interview transcripts and observations have been collected, the team meets to: (a) consider the circumstances under which the threat was made and the threatening individual’s intentions; and (b) classify the threat using one of several available assessment frameworks. The full range of details on each case can be viewed on a dashboard-style page.

During threat classification, passing or transient threats will lead to a response, but not direct intervention-however, these passing threats will include a managed case follow-up plan. More serious threats are considered to be "substantive" and trigget intermediate steps to review observations and suggest appropriate responses.

At this point in the decision process, there is a fork in the road: Substantive threats that are classified as “serious” will lead to the creation of intervention plan as part of the follow-up, but those that are classified as “very serious” will trigger a mental health assessment and a detailed safety plan and behavioral intervention plan. Only then can the very serious threat adhere to the follow-up and review protocols of lesser threats.

When the threat classification process is complete, the team lead can submit its assessment findings and response recommendations for review and approval by a supervisor. A case can be sent back for revisions, or approved and closed.

Flexibility in Implementation

Data Sources and Integrations

Virtually all of our existing customers rely on a diverse array of internal or third-party sources when managing risk. Accordingly, we excel at rapidly configuring our system to securely ingest existing data sets from virtually any source.

In cases where the data volumes and frequency are high (and the data source has an applications programming interface, or API), Secure Passage can ingest, process, filter and display that data. Our engineering team is particularly adept at linking to data sources that are most critical to security investigations, such as computer-aided dispatch (CAD) alerts from regional law enforcement agencies, or local news feeds. Even social media sources that can bring valuable context to individual cases.

For one-off data sets or less frequent ingestions, we use specially written import scripts. For example, each Secure Passage SBTA deployment typically includes securely linking to a district’s student information system (SIS), regardless of which system is in place. When needed, an assessment team member can query the SIS data from within the SBTA and extract background information on the students linked to a case. Similarly, school personnel and facility data sources can be accessed and imported as needed.