Issue link: https://securitytechnologyexecutive.epubxp.com/i/656764
38 SECURITY TECHNOLOGY EXECUTIVE • February/March 2016 www.SecurityInfoWatch.com RISK MITIGATION "When an incident report concerning a threat on or to a campus is submitted, the first task of a threat assessment team is to collect as much information as possible to determine the potential for risk." for investigating all potential risks. Providing proper documentation used to be a difficult task, but TIPS allows us to be more efficient and easily track team investigation notes in one place – no more spreadsheets." Threat assessment record-keeping can be a difficult issue for threat assessment teams because threat records may include sensitive information or even criminal records that do not fit into previously established conventions, like student records systems. In fact, if your campus is currently placing threat assessment records in your student conduct or student information system (SIS), you may be inad- vertently putting this information at risk to unwanted exposure and liabilities. T h i s co m m o n m i s u n d e r s t a n d i n g a b o u t where to place and maintain threat assessment records is a very serious awareness disconnect with FERPA and is costing schools and colleges in numerous ways. Not only are threat assess- ment records put at risk in a SIS, some threat assessment team members are not putting key information into the SIS which means other threat assessment team members are not see- ing all of the right information and not able to make the right decisions. FERPA clearly iden- tifies "law enforcement unit" records can and should be kept separate from SIS records. The Virginia Threat Assessment State Law Guidance also recommends threat assessment teams keep their threat assessment records separate from student records and treat them as " law enforcement unit" records. T hreat assessment records should only be accessible to authorized threat assessment team members and/or "law enforcement unit" personnel. A n o t h e r va l i d at i o n fo r ke e p i n g t h re at assessment records in a secure centralized platform is the American National Standards Institute (ANSI) Workplace Violence Standard, co-developed by ASIS and SHRM. The ANSI Workplace Violence standard clearly states in their threat management protocol, that organizations should provide secure, "need to know" and anytime access to a centralized record keeping platform. Threat assessment team members can of course still access student information systems (SIS) to locate information like class schedules, contact information, etc. and share this infor- mation as needed within a platform like TIPS, T P S I PREVENT Students/Parents/Community Law Enforcement Staff/Employees Mental Health Secure Anytime Access Child Abuse/Neglect Cyber Bullying Stalking Suicide Weapons Threats to Harm Drugs/Alcohol Vandalism Hate Crimes Violence Hazing Gangs Violations Fraud Discrimination Domestic Abuse Harassment Bullying Theft Anonymous or Non-Anonymous Surveys Anonymous or Non-Anonymous Incident Reporting Customized Safety Teams Investigations, Interventions, Automated Reminders, Customized Escalation Teams, Secure Information Sharing and Searchable Reports with Documentation of all actions taken for accountability, compliance and legal obligations Awareness Vault Organization Specifc Training, Department Specifc Training, Policies, Procedures, Plans, Roles, Responsibilities, Regulations, and Updates w/Documentation showing all the right people have opened, read, understood and acknowledged accountability for responsibilities/actions