Violence can take many forms – ranging from physical assault and verbal abuse to intimidation and low-level threatening behaviour. Violence or threats of violence are never acceptable.
This fact sheet explains how a person conducting a business or undertaking (PCBU) that is office-based can prevent or deal with violence at work.
While this guidance has not been updated to reflect current work health and safety legislation (the Health and Safety at Work Act 2015 and regulations), it may still contain relevant information and practices to keep workers and others healthy and safe.
Please read this guidance in conjunction with all relevant industry standards that apply to you as a PCBU. This guidance will be progressively reviewed and either updated, replaced with other guidance, or revoked.
So far as is reasonably practicable, you must ensure the health and safety of workers, and ensure that others are not put at risk from your work.
Violence or threats of violence at the workplace can come from clients, co-workers or even a worker’s family members or acquaintances. You can follow the PLAN-DO-CHECK-ACT approach to work out whether violence is a risk to your workers or others, and if so, how you could prevent or deal with it.
PLAN – Assess risk and identify control measures
Assess risk
Risk has two components – the likelihood that it will occur and the potential consequences (degree of harm) if it happens. To manage risk, you can reduce the chances of it occurring or reduce how serious the potential harm is if it does occur, or ideally both.
For risks that have unacceptable outcomes (such as the potential for a person to die or be seriously harmed as a result of violence), even if they have a low likelihood of occurring you should look at credible worst case scenarios.
To work out if violence may be a risk to your workers or others:
- Look at previous incidents in your organisation including threats of violence. Any threatening behaviour (including written and verbal threats, such as on social media) should be taken seriously.
- Ask your workers about any experiences they have had or heard about – you must engage with your workers when identifying  risks.
- Find out what similar organisations have experienced.
If you share premises with other organisations/businesses, you must consult, cooperate and coordinate with these PCBUs so that you can all meet your health and safety duties.
You must engage with your workers about the ways to eliminate or minimise risks.
Identify control measures
You must eliminate risks that arise from your work so far as is reasonably practicable. If you can’t eliminate the risk, you must minimise it so far as is reasonably practicable.
- Reasonably practicable means you do what is reasonable in your circumstances to ensure health and safety (eg what a reasonable person in your position would be expected to know and do) – you do what is reasonable to first try to eliminate the risk. If the risk can’t be eliminated, then you must minimise it.
- Just because something is possible to do, doesn’t mean it is reasonably practicable in the circumstances. However, cost can only be used as a reason to not do something when it is grossly disproportionate to the risk.
Possible control measures split into five types:
- architectural/layout
- policies and procedures
- training
- emergency and
- other security measures.
It is likely that you will need control measures from all five types.
Possible control measures
Architectural/Layout
Your workplace’s layout must, so far as is reasonably practicable, allow people to enter, exit and move about without risks to health and safety – both under normal working conditions and in an emergency.
Layout that allows safe and rapid evacuation (eg clear escape routes/access to safe rooms or areas).
In customer service areas consider methods to restrict physical access to workers – placement of counters/screens/restricted access to the general work area/staff only zone (such as having a separate dedicated reception area, controlled door access).Â
Policies and procedures
Implementing a zero-tolerance policy against all forms of violence.
Risk profiling of clients to produce tailored management plans which may include meetings by appointment and alerts of previous bad behaviour.
Use alternatives for high risk clients (eg phone only contact, specialised engagement units, meetings attended by security guards).
Procedures for:
- how to deal with customers including what unacceptable behaviour is and what to do about it
- how to keep workers safe (eg position themselves so they have an escape route)
- what to do when confronting acts of violence including an armed incident (see emergency planning)
- locking back doors and windows
- carrying out banking
- notifying you of incidents
- recording incidents and investigating them
- warning and trespassing clients (across multiple sites if applicable) and calling Police.
Expectations that all incidents will be notified to you – encourage workers to report and positively recognise those that report appropriately.Â
Emergency planning
Your workplace must have an emergency plan that is implemented in an emergency.
You must also provide adequate first aid equipment/facilities and access to first aiders.
Plans should include:
- exactly what workers should do when acts of violence occur (eg not confronting attackers, getting to a safe place asap via an evacuation route, calling for help)
- how you will support workers if an emergency occurs.
Drills should be run to regularly test the plan.Â
Training
You must provide your workers with the training/ supervision they need to work safely.
Training should include:
- procedures for working safely
- what to do in an emergency including evacuations
- special training for security personnel on their role if an incident unfolds.Â
Other security measures for example ...
Panic buttons/duress alarms to seek help and alert other workers to potential danger.
CCTV with warning signs.
Signs that set out clear expectations of the behaviour of customers (eg no bad language, no verbal abuse, no physical intimidation) and consequences of bad behaviour.
Some control measures will be common for all offices, such as emergency planning, training, zero tolerance for violence, while others may only be appropriate for certain workplaces or work (eg panic buttons when working alone with a  client).
It is likely that you will need different types of control measures that work together to achieve your goal. For example, for workers to evacuate safely, you will need a clear evacuation route, a safe place to evacuate to, an emergency plan and workers trained on when/how to evacuate.
Choose the control measures that effectively eliminate or minimise the risk. It’s better to protect your workers and others from violent acts occurring, rather than dealing with the aftermath.
Give preference to control measures that protect multiple people at once.Â
DO – Implement control measures
As soon as possible after you have made a decision, implement the control measures and ensure your workers know about them.Â
CHECK – Monitor performance of control measures
Implement the means for incidents and near misses to be reported. Encourage workers to report incidents or near misses.Â
ACT – Take action on lessons learnt
Routinely review the effectiveness of your control measures at scheduled periods. Talk to your workers about how the control measures are working, and review the reports of incidents or near misses to check if your control measures are effectively eliminating/minimising the risk and if your risk level is changing.
Keep aware of any increases of violence in your area that may require you to re-look at your control measures, by talking to other similar organisations or paying attention to media reports.
Use the results of your reviews, investigations into reports of incidents and near misses, and the outcomes of your emergency drills to continually improve control measures.
More information
A further source of information is the  Protective Security Requirements(external link) (PSR). While the PSR was introduced as a protective security framework for mandated government agencies, it can be adapted and used as security best practice by any business.
Related information
Last updated