Campus Security Threat Management and Violent Incident Preparedness: Does Your Strategy Reflect Today’s Realities?

Security risk management professionals share lessons learned from working with higher education institutions to establish comprehensive threat and risk management plans.

Campus Security Threat Management and Violent Incident Preparedness: Does Your Strategy Reflect Today’s Realities?

(Photo: bfk92, Adobe Stock)

The views expressed by guest bloggers and contributors are those of the authors and do not necessarily represent the views of, and should not be attributed to, Campus Safety.


The best threat preparedness programs balance investments in prevention and detection capabilities with response strategies. A significant part of prevention in today’s hyper-connected world is using the right technology to identify potential risks and executing interventions before they impact a campus community. As we have seen in many incidents, bad actors may have a substantial digital footprint that, when properly analyzed, can alert campus security to potential security challenges.

Integrating advanced technology solutions into risk management plans is a natural extension of what campus security teams have in place already. Most campus security teams do a good job of implementing incident preparedness training for employees (security, faculty, operational teams) that focuses on response plans, tactics, and information flows that will be activated in the event of an on-campus incident. These complement highly visible security infrastructure—features like blue light emergency phones, strategically placed lighting, video surveillance monitoring, and multiple security stations and patrol officers. Those components are still necessary but are insufficient to completely address today’s security challenges.

In our work with campus organizations, we often find threat and incident management plans that were developed 10 or more years ago. However, threat management is a dynamic process, just as campuses are dynamic environments, and should be updated to reflect changes to the surrounding environment and risk management strategies.

The good news is that many plans could be updated efficiently with a handful of improvements that don’t require significant costs in more security personnel or infrastructure. Our goal in this article is to share what we at Kroll have learned from working with higher education institutions, as well as other public and private sector organizations, to improve threat and risk management cost-effectively so that students and employees can focus on the institution’s primary goals: learning and teaching.

Getting the Most Value from What You Already Do

Most campuses have defined incident reporting processes for staff, yet their impact is frequently not as powerful as it could be. With a few adjustments, campus security teams could enhance insights they glean from these processes and improve their understanding of on-campus risks.

1. Standardize and Automate Incident Reporting to Facilitate Insight Generation

Even though the digital age is in its fifth decade, many campus security teams still rely on suboptimal manual incident reporting to track problematic activity. This approach has several downsides. One is timeliness. With no digital application to facilitate quick upload, some teams may collect reports at the end of an employee’s workday or shift, rather than require that reports be submitted as the incident is investigated. Information and insight are delayed, and the ability to connect the dots among similar incidents is undermined if not lost.

Even when reports are submitted as events are under investigation, our experience is that the content and completeness of reports can vary significantly among team members. To be most useful, security leaders should require reporting officers to complete every field on an incident report, at a prescribed level of detail, using clearly understood and defined terms. Standardized reporting, preferably through mobile applications, allows for an apples-to-apples comparison that can detect a pattern of concern or prioritize threats and responses. It also saves valuable staff time by avoiding the need to revise reports or seek clarification from the reporting source.

The University of Calgary Campus Security team adopted a solution that makes information available as soon as it is reported by using a customized, built-in report generator. The software automatically captures activity and incident information and then formats and presents it in a mobile-friendly way.

“For years, our people were playing catch-up when they came in to start their shifts,” reported Robert (Bob) King, Patrol Supervisor with Campus Security. “With these reports, they are already a step ahead from the start.” i

Automating incident reporting and submission through mobile applications not only expedites reporting, but it also facilitates data analysis that generates insights and identifies trends that can be acted on more quickly than manual analysis. These are the ultimate goals of all information collection. Analysis could reveal hot spots where incidents occur at predictable times or intervals, for example, leading to an increase in security presence or enhancements.

Finally, automating incident reporting allows institutions to develop a digital historical record that is less likely to be lost, stolen, compromised, or ruined.

2. Make it Easy for Non-Security Personnel to Report Incidents

Campus security personnel are only a fraction of the campus population. A large, public university may have a standing security force of 50 to 100 members, yet the student and employee population could exceed 50,000. These students, faculty, and employees see and hear things that the security team does not. Consequently, it is imperative that the institution has a system that allows non-security personnel to report suspicious activity easily and quickly.

Ideally, students and employees would have multiple channels to report troubling activity. These could include a mobile app and a hotline as well as reports to resident advisors in dorms. Many people want to do the right thing and report security-related concerns but wish to remain anonymous or limit their involvement. Ensuring confidentiality—even if most situations present no threat—is a reasonable accommodation if it increases the potential to identify and resolve the rare serious threat.

Understand and Analyze the Broader Threat Environment

Internal security teams can implement standardized reporting and multiple communication channels on their own. While it is tempting to focus on campus-based activities, security teams need to use a wider lens to understand the totality of potential threats and adopt proven methods to assess the threats, so they are able to make key decision-makers aware of external factors. Most colleges and universities have wide open, public spaces, easily accessible by community members. They also host a flow of visitors—from controversial speakers to rival sports teams (and fans) and high schoolers on college visits.

In addition, although many upperclassmen live off-campus, their off-campus activities and general safety and well-being affect the broader campus community. While campus security can’t control what happens in the community, it must take steps to understand it.

3. Widen Risk Mitigation Lens and Engage Community Partners

A comprehensive threat and risk management plan should include input from and connections to external law enforcement such as interaction with their respective Fusion Centers and community groups. This will allow campus security teams to accurately assess evolving risks in the surrounding area and establish a clear plan to share resources and information.

Leaders and campus security teams at several institutions have expanded community partnerships to address off-campus safety. Efforts underway at the University of Washington-Seattle, Temple University in Philadelphia, and the University of Denverii, among others, range from the traditional to the innovative. At many campuses, including the University of Denver, city police officers are now assigned to university posts during overnight weekend hours, when most problematic activity occurs. Other school systems support comprehensive, wrap-around community services that can address and mitigate threats earlier in a student’s life that bleed into the school environment. In Boston, referrals about a student’s problem behavior can result in a coordinated response from law enforcement as well as community program officials and clergy. Members of the response team visit the student’s parents or guardians weekly to discuss the warning signs of criminal activity or threatening behavior. Surrounding at-risk students with mental health and academic assistance, mentors, job programs, housing, and other resources can prevent many from joining a gang or acting in a threatening manner at school.

The campus-community barrier is porous, making collaboration a necessity among security forces and multijurisdictional incident response. During a violent incident, campus security teams that have established channels with area law enforcement benefit from their more substantial resources and are in a better position to keep their community safe.

After the 2013 Boston Marathon bombing, for example, Northeastern University, Harvard, and Boston College all followed the lead of the incident Joint Command Center over the two-day manhunt for one of the suspects, instituting lockdowns and communicating updates crafted by the command center. An after-action review stressed the need for a joint information center to remain operational after suspects were in custody and lockdowns were lifted, to assist organizations (including universities) in coordinating and validating information and messaging to reduce rumors and disinformation.

In contrast, a perceived lack of information and coordination among school, municipal, and state officials exacerbated the confusion and pain for families in Uvalde, Texas, following the mass shooting at Robb Elementary School.iii

Like the constant turnover of students on campus, leaders in municipal government and community organizations also change. Campus security teams need to establish and maintain connections with current leaders to facilitate information exchange and collaboration as needed.

4. Deploy Technology to Multiply the Impact of Information Gathering

Universities are information-rich environments, from ongoing incident reporting by members of the campus community, to video feeds, to social media accounts. Security teams have a lot of data that can help them quickly identify trends, analyze threats, and craft interventions. While the sheer volume of data and information from multiple sources can appear overwhelming, advanced data analytics can now help teams quickly categorize, validate, and prioritize risks. The deployment of these tools is one area where campuses would do well by learning from the private sector, which years ago adopted wide-scale use of information technology platforms to support risk management.

Unlike humans, artificial intelligence (AI)-based threat management solutions are capable of analyzing several data sets quickly to generate actionable intelligence. Inputs include:

  • Data from incident reports
  • Unstructured information from security cameras or sensors
  • Social media monitoring of activity on both traditional platforms (e.g., Twitter, TikTok, Instagram) as well as deep websites to assess risk signals embedded in digital chatter
  • Alerts from location solutions such as geographic information systems (GIS) and indoor positioning systems (IPS)

The result: campus security teams can identify, respond to, and resolve safety threats sooner, sometimes in near real-time, and deploy security resources where they are needed most. The synthesis and insights generated from incident management solutions allowed the public safety team at Humber College to identify at-risk areas and quantify the need for additional resources at a specific locationiv. The result: a significant reduction in the number of incidents on campus.

In addition to speed, consistency, and 24/7 availability, the flexibility of AI-solutions is a differentiator. Most solutions allow users to refine screening parameters and set new reporting thresholds as more is learned about possible threats. Other advantages include:

  • Ease of dissemination of information and insights in digital format to public and private sector partners during early-stage incident management
  • Detection of latent patterns of adversarial behavior against the institution and its assets, and evidence tracking for investigation
  • Documentation of threat management practices and information that can demonstrate prudent planning and preparedness in case of litigation and claims of negligence

Of course, predictive analytic threat management solutions cannot replace human security resources. In fact, getting the most out of AI-enabled solutions requires staff to understand threat reporting and exercise judgment to develop and execute appropriate response plans. This is facilitated by auto-generated dashboards that clearly prioritize issues and aberrations. By significantly expediting the analysis of an organization’s risk exposure, the solutions collapse the time between detection and mitigation, which in many cases will reduce or eliminate the threat or damage inflicted.

5. Review and Revise Threat Management Plans and Training Annually

The best test of a threat or incident management plan is how it performs in a real-life situation or at least a simulation. After-action reviews may be painful, but they provide necessary feedback on how well elements of the response worked. They allow an appraisal of the management of the event from onset to resolution, and should focus specifically on core elements such as:

  • Security team decision streams
  • Clarity, reach, and impact of internal and external communications
  • Accuracy of initial and secondary information gathering from various sources
  • Compliance of various campus groups—students, faculty, operations staff—with security protocols

Most campuses have not had to manage a major security incident, however, and have not gone through this exercise. That means many teams are operating with outdated and untested threat management plans. To be confident in their preparation, campus security teams could approach identifying and mitigating threats to a school or campus community as a dynamic process that requires multidisciplinary teams to continually share information regarding threats, periodically drill on response tactics, and evolve intervention strategies with community norms.

We recommend that teams review and update their threat management plans annually. This will create an opportunity for teams to specifically identify what has changed on campus and in the community, and incorporate lessons learned from incidents on other campuses. It also allows campus security teams to review protocols with faculty and campus employees as well as reconnect with community law enforcement and leaders.

The readiness and effectiveness of campus security teams is attracting more scrutiny from stakeholders. Community members want to be informed about and engaged in improving security while being confident that campus security teams can identify, anticipate, and manage the variety of threats that can arise on and around a campus. The right combination of effective reporting processes, community engagement, and technology solutions can equip teams to meet the challenges and expectations of the campus community.


Daniel Linskey, Jeff Kernohan, John Friedlander, and Chris Palmadesso are part of the security risk management team at Kroll, a provider of risk and financial advisory solutions. Harrison Levy is the director of product marketing for Resolver, a Kroll business that specializes in risk intelligence technology.


i Resolver Case Study. University Of Calgary Streamlines Security Operations. Accessed October 17, 2022.

ii Chris Burr. How three universities are reacting to gun violence outside their campuses, University Business, October 4, 2022. Accessed October 17, 2022.

iii Zach Despart. “Systemic failures” in Uvalde shooting went far beyond local police, Texas House report details,” Texas Tribune, July 17, 2022. Accessed November 4, 2022.

iv Resolver Case Study. Humber College Evolves Processes to Protect Students, Staff and Faculty. Accessed October 17, 2022.

Leading in Turbulent Times: Effective Campus Public Safety Leadership for the 21st Century

This new webcast will discuss how campus public safety leaders can effectively incorporate Clery Act, Title IX, customer service, “helicopter” parents, emergency notification, town-gown relationships, brand management, Greek Life, student recruitment, faculty, and more into their roles and develop the necessary skills to successfully lead their departments. Register today to attend this free webcast!

One response to “Campus Security Threat Management and Violent Incident Preparedness: Does Your Strategy Reflect Today’s Realities?”

  1. Hasan Babar says:

    Really very interesting post

Leave a Reply

Your email address will not be published. Required fields are marked *

Get Our Newsletters
Campus Safety Online Summit Promo Campus Safety HQ