Integrating Critical Incident Response Teams with Corporate Security: Five EP Perspectives

We’ve been getting an increasing number of questions about critical incident response teams (CIRTs) from existing and potential clients. This is natural due to the many active shooter incidents reported not only in schools but also in public areas and workplaces. There is even a website called Mass Shooting Tracker that documents this disturbing trend and reported in 2018 more than 2,000 incidents in which four or more people were shot since 2013 in the U.S. alone

We do this as executive protection professionals because our approach is definitely colored by that experience. But we also do it as specialist partners who have spent a lot of time working with corporate security and procurement departments over the years – and know that good security has many stakeholders in the corporation – all of whom need to be included and respected.

1.  CIRTs are a high-criticality niche within the security services niche.

What CIRTs do matters. Yes, all security is about protecting lives and assets, and everything security teams do matters. But since this part is specifically about the highest criticality incidents, it’s no exaggeration to assign CIRTs a life-and-death level importance.

Within the niche of specialized security services, CIRTs represent an even narrower niche. What CIRTs do (or do not do) as part of their job has great impact on the organization as a whole and on any corporate employee involved.

2. You need more than a couple of armed people to set up an effective CIRT.

Just because you carry a gun doesn’t mean you’re an active shooter expert. To be truly effective – and to do more good than harm – a CIRT program really must be more than hiring one or more persons who know how to shoot. You need a plan, and the plan has to include a number of different elements and considerations.

Like executive protection, the first goal of any CIRT is keeping trouble as far away from the people to be protected as possible to prevent harm. The second goal is to react quickly in case we were not able to foil trouble.

Without turning this blog into a tactical how-to, we ask you to consider just a few points.

Think outside-in: Stopping enemies at the gate is way better than dealing with them inside the castle walls. This means you need eyes on the outside to enable early detection of any trouble before it happens. How do you do this with available resources? Do you have people working the parking and arrival areas? Have you considered surveillance detection? You’d better think it through.

Check your choke points: For most organizations, the reception and/or lobby area are the first places a perp is going to run into resistance. The first point of resistance is where things most often go south and most often happens in the morning. Are you ready? Have you trained your friendly receptionist to know what to look for? Do the security guards handle the trouble, or is the CIRT so close-by that they can respond to trouble?  Have you worked with facilities to integrate bullet-resistant glass where relevant, lock-down procedures, and other containment barriers?

Consider competencies carefully: Most companies already have security guards on site. This isn’t good enough. Make sure to assess competencies of the people you may need to look to in a high-intensity situation.

Break down organizational silos: There are a whole lot of moving parts that have to work together with extreme precision to effectively prevent – or neutralize – an active shooter. In the real world, unfortunately, the left hand might not know what the right hand is doing. The left hand might just shoot the right hand, actually. How are your security guards, EP agents, facilities management people, local law enforcement resources, and CIRT teams going to choreograph their responses when things get crazy, fast? What about regular, non-protective employees – some of whom might even be carrying? You’re going to need a plan, training and exercises to make it all work.

3. CIRTs have very particular recruitment, training, and management requirements.

No corporate HR department and few corporate security departments have the insight or expertise to organize and operationalize CIRTs for long-term success. Consider these three factors for starters:

• CIRT programs have highly specific recruitment requirements: Does your corporate HR department have what it takes to write job descriptions, attract the necessary talent and identify the best candidates?
• CIRT professionals have highly specific training needs – both prior to job start and on an ongoing basis: How are corporate HR and security departments to know who needs what?
• CIRT organizations demand highly specific management skills to keep team members sharp and avoid complacency: Fortunately, critical incidents are rare. Most of the time, nothing happens that requires the team’s immediate response. This doesn’t mean you don’t need a CIRT. When things do go wrong, managers want rock-solid SOPs to kick in immediately. When no incidents occur, managers consistently need to combat complacency and improve team readiness.

4. Cookie-cutter CIRT solutions can be implemented quickly but are rarely sustainable.

The knee-jerk reaction to setting up a CIRT is to hire a few people with backgrounds in law enforcement or the military. You should make sure they’re capable of stopping a shooter, and set up a schedule for when they should be where.

That’s all fine and good but that’s not enough. Just like EP programs, CIRT programs are much more likely to be successful in the long term if they are customized to fit the organization’s culture and operating procedures. This customization obviously includes superficial things like how the CIRT team is dressed (should they fit in or stand out?), but also more subtle things like personality fit and soft skills.

How CIRTs are identified within the organization is important. Some employees will be happy to know that there are highly-trained and well-armed professionals standing by to keep them safe. Others will be concerned, and others will be terrified and wonder: if my workplace is unsafe enough to require weaponized response teams, is this company a place I want to work?

CIRT programs can involve almost none or practically all corporate employees. The corporation can choose to keep them in the background or shine a spotlight on them. They can include them in employee-facing activities or not. For example, there are advantages to providing everyone in the organization with safety awareness and critical incident training, but there are also disadvantages.

Sensitivity to company culture and organizational practices is an important foundation of CIRT programs that are built to last.

5. What CIRTs do before and after any incident is also critically important.

Just like executive protection, much of what CIRTs do is preventive. Proactive procedures dedicated to identifying potential threats before they actualize – and deterring or pre-empting them before anyone is hurt – are far preferable to responding to live incidents. Team and individual SOPs must recognize this and act accordingly. Training is key.

Consider, for example, key stakeholder’s response protocols in the case of a critical incident.  Training in the form of tabletop exercises with key response personnel and decision makers enables responsible individuals to know what to do, what to say, and how to do things if an incident occurs. Smooth and thorough responses to critical incidents help the organization improve business resilience and continuity.  Reducing unnecessary chaos, stress, delayed decision-making, and inappropriate/ill-advised communications all saves lives and boosts employee confidence in duty of care.

Similarly, CIRT programs benefit greatly from after-action reviews and analysis. Not only after a critical incident occurs, but also on an ongoing basis when nothing out of the ordinary happens. Managers need to be able to collect and analyze team performance data on a regular basis and use such analyses to correct performance gaps and keep the team focused on what’s important.