Active Threat Preparedness | Part 3: Recover

This is part 3 of a 3-part series on our Active Threat Preparedness methodology.

Recovering After an Active Threat Event: What Organizations Must Do Immediately

An active threat event is one of the most traumatic and disruptive crises an organization can face. As we discussed in Part 1 and Part 2 of this series on the importance of proper training and response, the steps a company takes after an incident are also critical—for employee wellbeing, organizational resilience, and long-term business continuity. How leadership responds in the first hours, days, weeks, and months will shape recovery, morale, and operational stability. Equally important is that an organization’s response to a critical incident will define the organization’s culture!

Below are the key actions organizations should take immediately following an active threat event.

1. Ensure Safety and Account for All Personnel

Once law enforcement secures the scene, the organization’s first responsibility is to ensure every employee is accounted for and safe. This includes:

  • Activating employee recall and accountability procedures, ideally incorporating pre-planned mass notification via handheld devices
  • Establishing a designated reunification area
  • Coordinating with first responders to confirm casualty and injury status
  • Providing transportation or support for employees unable to return home

Clarity, accuracy, and compassion during this phase set the tone for the rest of the recovery.

2. Provide Immediate Psychological and Emotional Support

The emotional impact of an active threat event can be profound and long-lasting. Common reactions to a crisis often include:

  • Confusion and fear
  • Feelings of hopelessness or helplessness
  • Sleep problems
  • Anxiety, anger, or grief
  • Physical pain or other physical symptoms
  • Difficulty concentrating

At Tomahawk, we believe in a concept known as Psychological First Aid (PFA). PFA is an approach to helping individuals who have experienced a crisis or disaster by providing practical and emotional support to reduce initial distress and encourage adaptive functioning. It is not a replacement for therapy but a way to create a sense of safety, calm, and connectedness, focusing on an individual's needs in the immediate aftermath. Key goals include helping people feel safe, calm, and hopeful, as well as connecting them with support and resources. In the broadest sense this is about understanding the needs and recovery plan for the entire organization.

Companies must commit to supporting their workforce with:

Immediate Recovery

  • Initial assessment (Psychological Triage) to identify affected individuals and/or groups as well as scope of need.
    • Understand the timing of Critical Incident Stress Management services. For example:
      • Psychological First Aid
      • Crisis Management Briefing
      • Critical Incident Defusing
      • Critical Incident Stress Debriefing
  • Psychological First Aid (immediate access to mental health professionals for PFA)
    • Four Principles: Prepare, Look, Listen, and Think
    • Eight Core Helping Actions: Contact and engagement; safety and comfort; stabilization; information gathering, practical assistance; connection with social support; information on coping support; and linkage
  • Resources and support programs
    • Employee Assistance Program, peer support teams, chaplain services, etc.

Mid-term Recovery

  • Continue employee resources and support programs; modify based on feedback

Long-term Recovery

  • A long-term wellness plan, as trauma responses often emerge weeks or months later
  • Planned/scheduled check-ins for high-risk individuals/departments
  • Confidential behavioral health screenings
  • Return to work support
  • Organization-wide wellness initiatives
  • Workshops, webinars, small group meetings, training, stress management and resiliency offerings
  • Research support for the value and benefits of “Annual Reflection/Remembrance” events

Leaders should communicate openly, avoid speculation, and ensure employees know where to get help—without stigma or pressure. Moreover, care should extend to employee family members as needed. 

3. Communicate Early, Honestly, and Often

Transparent communication is essential. Employees, families, clients, and partners will need timely updates. Effective post-incident communication should include:

  • A clear internal message acknowledging the event and outlining immediate next steps. The messaging should be developed and segmented to account for executive leadership, shareholders (if applicable), employees, and employees’ families. 
  • External messaging coordinated with legal counsel, law enforcement, and other internal and external stakeholders
  • A commitment to routine follow-up communications as more information becomes available

Silence or inconsistent communication can worsen uncertainty and erode trust.

4. Secure the Facility and Preserve the Scene

Although the instinct may be to immediately clean up or restore operations, companies must allow law enforcement to complete their investigation. After clearance is granted:

  • Secure damaged areas
  • Assess structural damage and environmental hazards
  • Restrict access until recovery teams determine the site is safe for re-entry. This phase requires leadership to communicate expectations to employees considering it could be days or even weeks for them to retrieve their belongings. 

Rushing this phase can compromise employee safety and legal obligations.

5. Ensure Business, Mission, and Cultural Continuity (The Road to Recovery)

The Business Continuity Plan (BCP) should guide the next steps and, if properly written, is the long-term recovery plan. This may include:

  • Relocating essential operations to alternate workspaces and or locations
  • Mitigate disruption, short-term operational recovery
  • Financial recovery
  • Employee support, to include families
  • Client, Customer support
  • Prioritizing mission-critical functions
  • Information technology and data recovery 
  • Assessing impacts on supply chains and third-party provided services  
  • Return to normalcy (routine, usual, expected) 
  • Has the incident created a “new normal” and, if yes, what changes will be required

If an organization does not have a BCP, we recommend developing one immediately.

6. Conduct a Post-Incident Review

After stabilization, leadership should work alongside security professionals to conduct an After-Action Review (AAR). This review should:

  • Examine the incident and conduct a root-cause analysis
  • Identify gaps in the response and integration of first responders, communications, facility security, and training
  • Implement lessons learned
  • Update emergency action and risk management plans
  • Implement improvements across the organization

The goal is not to assign blame, but to strengthen resilience and identify lessons learned. 

7. Support Employees Before Reentry

Returning to the workplace can provoke anxiety. Companies should take thoughtful measures such as:

  • Communicating what the workspace will look like upon return
  • Offering phased or voluntary reentry
  • Holding team briefings and support sessions prior to reopening
  • Ensuring visible leadership presence during the transition

The return-to-work phase is a crucial opportunity to rebuild trust and stability.

8. Invest in Long-Term Preparedness

Recovery doesn’t end when operations resume. Organizations should make long-term commitments to:

  • Regular active threat training and scenario-based exercises
  • Strengthening physical security measures
  • Updating policies for reporting concerning behaviors
  • Building a security-oriented culture of preparedness and resilience

These steps demonstrate to employees that their safety remains a top priority.

Conclusion

An active threat event is devastating—but with decisive leadership, compassionate employee support, and disciplined planning, organizations can recover, rebuild, and strengthen their resilience. The actions taken immediately after an incident influence not only operational continuity, but also the long-term wellbeing and confidence of the workforce.

As we conclude this three-part series on Active Threat Preparedness, know that we are deeply committed to helping organizations through our Prepare, Respond, Recover framework. Our goal is to ensure teams are not only ready for a crisis, but positioned to emerge stronger—beyond surviving, toward truly thriving. Tomahawk stands alongside its clients to ensure this critical phase of active threat preparedness is never overlooked.

Remember: you are not alone. Identify and leverage available resources and partners at the private, local, state, and federal levels.

en_USEnglish
da_DKDanish en_USEnglish