The Risk Factor: Health & Social Care webinar series

RACHEL PHILLIPS: Good morning, everybody, and welcome to The Risk Factor, Health & Social Care webinar where we're going to help you strengthen your preparedness and resilience against active assailant threats. We will be recording this session, and your cameras are off and your mics muted for the duration until the end when we will open for questions. And if you have a question, please pop it into either the Q&A or the chat box.

This session will explore the active assailant risk landscape and the implications specifically for health and social care organisations, both for assets and people. And at WTW, health and social care for us embraces charitable care and charities. We'll also look at the background to the forthcoming legislation, the Terrorism Protection of Premises bill, formerly referred to as Protect Duty or Martyn's law, you may have heard. And also leave you with some practical risk management steps to enhance your preparedness and resilience.

This webinar touches upon actual active assailant attacks and their impact on individuals and communities. Topics may include descriptions of violence, trauma, and related experiences that could be distressing to some participants. We encourage you therefore to prioritise your wellbeing and if you feel uncomfortable at any point, you're welcome to step away or seek support.

My name is Rachel Phillips. I lead the health and social care practice in GB for WTW, and I'm delighted to be joined today by my two colleagues, Patrick Rodgers and Becky Forster. Patrick leads our risk advisory practice within Alert 24, WTW's internal security and crisis management consulting practice. He is certified security and resilience specialist who has worked with some of the world's largest organisations on a broad variety of complex issues.

His experience includes global security and intelligence, consultancy, crisis response services, counter-piracy consultancy, and security and human rights in over 35 countries. And Patrick is also featured in various international media as a security and crisis management specialist. Patrick and his team specialise in active assailant risk management, working with our clients around the world, including many health and social care clients, to help build resilience. So he is WTW's primary specialist as well on the forthcoming protect duty legislation in the UK.

Becky is a stress and mental health risk specialist, well-being consultant, and trainer within our health and well-being practice at WTW. Becky's focus is on supporting organisations managing risk to psychological health and safety, sometimes referred to as psychosocial risk. Almost NEBOSH qualified, hopefully in the next few days,

Becky's practical experience includes communications and engagement, and she supported multiple organisations across many sectors, including spending time working for the mental health charity mind. Becky helps organisations implement preventative strategy and action in line with ISO 45003 guidance, and Becky speaks at multiple external events on the subject. Passionate trainer and advocate for workplace well-being as well as an approved mental health first aid instructor. So to begin, Patrick, can you tell us about the active assailant risk landscape?

PATRICK ROGERS: Thank you, Rachel. So as mentioned, Rebecca and I will do a bit of a double act, and I'll start by doing a bit of scene setting for us with an overview of the risk. Firstly looking across Europe and then into the UK. But firstly, the best place I think would be is to begin with a definition of what an act of assailant is. And before I do so, it might be useful to do a quick poll at the start as well to warm you guys up.

So, Becky, if you can pull that up. And really what I'm looking for is, in small, few words, what do you consider an act of assailant to be? And this is important because to each different group of people and most importantly geography, people view this slightly differently and we will touch on what that means operationally. So I'll just give you a few minutes to just type out. As I said, just a few, small words or just one word if you want to, and we'll come back to that.

Lone attacker. OK, I'll just give you 20 more seconds if anyone else wants to add anything. Yeah, attackers. OK, great. So I'll give you the definition that we use here at WTW for our active assailant insurance policies and this is taken from similar definitions used by the UK government and also in the US as well. Obviously, they refer to it more as active shooter. So the likes of the FBI and Department of Homeland Security.

But the definition is an event that involves the use of a vehicle, an explosive device, or any weapon and is intended to harm another person or group of persons and is carried out by any person or group acting alone or in connection with an organisation. So actually very broad there, and I think that's really key. And we'll address some of the points here where people have especially focused on things like terrorism, which is a very UK association to the term active assailant. But we'll touch on how that can be broader as well.

So ultimately, the term active assailant can be used to describe situations in which an assailant's actions pose an ongoing threat, often necessitating a rapid and coordinated response to mitigate harm and protect potential victims. And the focus in such cases is on neutralizing, to use a police term, the assailant to prevent harm and ensure the safety of bystanders.

Now, this definition is particularly important in the context of Europe and in the UK because it's ideologically agnostic. So where you've mentioned terrorism, actually, it's broader than that. And also the use of phrases like any weapon. So it can be a knife, it can be a firebomb, it can be a crowbar - can be pretty much anything other than your hands.

But in Europe in particular, generally, we're good at compartmentalising these events into their ideological boxes. So be that Islamist terrorism, far right issues, or a mental health emergency. And what this does though is dilute the statistics of active assailant events and, as importantly, societies, our perception of the risk as a whole. And that obviously influences how, as organisations, we view the risk and manage the risk in the best way.

So as the headline points, we'll all be aware that in the last 15 to 20 years, the risk has predominantly been centered around Islamist terror attacks. And that risk, obviously, does remain. In the UK, Islamist attacks make up about 75% of successful attacks in the last 10 years.

However, what may surprise you is that the four most deadly active assailant attacks in Europe in 2023 were actually all non-Islamist terror events. And they were all single-issue events that centered around mental health episodes. Be that focused around bullying or, in one case, actually, a far right belief as well. And they targeted University in Prague, a Jehovah's Witness Hall in Hamburg, and a school in Belgrade.

And what may also surprise you is the prevalence of firearms in those incidents. And the fact that they were all used, they were all active shooter events, and they were all white, disenfranchised males under 35. So that really is the archetypal active shooter in the US, as we would see it. And I think and I'll touch on why that's important as well in a minute.

But as I talk more broadly about wider Europe, we obviously have had several headline events here in the UK as well, such as the Borough Market or the parliament attacks in the late 2010s. But there's also plenty of events that you might not be routinely aware of that are considered to be active assailant events.

And also, in the UK, we have many historically that have involved firearms, so terrible events. But things like Dunblane in the '80s, even Raoul Moat. There was the Plymouth active shooter attack in 2020, I think that was. There was an active shooter event on the Isle of Skye last year where two people were killed and five were injured.

And then there was the Derrick Bird active shooter attack in Cumbria as well that killed 12 in 2010. So yes, in the UK, guns are not prevalent. But it doesn't need to be a machine gun. It doesn't need to be illegally procured. And in almost all of those cases, they were legal weapons at one stage. So the risk, even from a shooting perspective, is certainly real.

So the purpose of this slide is really to recognise the prevalence of these types of attacks in the UK still. And actually, most notable some of the most high-profile active assailant events or threats at least have occurred in the last three to four years. They've centered around the health and social care sector around assets that we in WTW, anyway, would consider within that sector. So anything from healthcare through to social care and charities.

But before I highlight some of these events, it's worth providing an overall context that since 2017, MI5 and the police have together disrupted 43 late-stage attack plots. So these are where plotters were trying to get hold of firearms or explosives or undertake active assailant attack like in Borough Market where we use multiple modus operandi, things like a vehicle and knives.

And the headline split of that is that counter-terror work remains roughly about 75% of that, but also or not focused on Islamist extremists, but actually increasingly focused on the far right as well. So about a third of those failed attacks are actually far right agendas now, not just Islamist attacks. And it's key to mention that the terrorist level remains substantial, as the government would term it, in the UK. So that's that an attack is likely.

Now, I'm not going to go into the gory details of these events, some of which are pretty shocking and traumatic. But what's clear is obviously that the breadth of these types of incidents that take place. These are the very high-profile, terrorist-inspired incidents.

And even when I come back to some of the perception around what active assailant is, the community center the dance school attack in Southport this year, there's a lot of interest from the press and from MPs and, I suppose, society a little bit to try and box this into a terror issue.

It so far hasn't been classified as such. He has been charged under a terrorist sorry, under terror legislation because he viewed terror-inspired content, but that's really him just learning a modus operandi of how to undertake an attack, it doesn't explicitly mean that he is a terrorist. Whereas the hospital bomb plot in Leeds in 2023, that actually was that's been identified as a terror threat. But it doesn't have to be that as well.

And there are examples here, such as the active assailant knife attack in Nottingham this year, which could have very quickly impacted the sector, and particularly the health sorry, the social care sector where the perpetrator actually attempted to try to get into a care home following the attack and that could have obviously been a much more serious event if he was successful.

So it doesn't have to be you as the sole focus, there's assets, there's operations. You can also be collateral as a part of a wider incident. And as you see here, there's a real broad mix of agendas, really. So you've got some where there are mental health episodes, it's desperation, and the whole situation is exacerbated into a more serious event, and then you've got some very targeted attacks as well.

And this is just a collection of incidents that I could fit onto one slide. There are more that I could have, and a good example, especially on the charity side, is also going back to the Fishmongers Guild attack or the second London Bridge attack, as it's sometimes known, which was a charitable event that was being held.

And for me, that one in particular is close to home as my office was actually directly connected to Fishmongers Guild. So it was literally happening of 50 meters from my desk as the crow flies. So key takeaway though is that, yes, active assailant events can be motivated by high-profile agendas, like terrorism, and that will often target indiscriminately. Or they can actually be mental health emergencies or can, in many cases and we see this particularly in the US domestic abuse issues, which can be much more targeted. So this is people turning up to a care home or a hospital and shooting a partner or someone they believe to be involved with their partner.

And it's a broad spectrum, and in that context, if your assumptions individually, but most importantly as an organisation, that your sector isn't a target for any one of these agendas, that it will only occur at your high-profile locations in places like London. I mean, if you look here, there's only one of these case studies that is in London, and that was very much in the suburbs and isolated incident away from some of the bigger assets and operations that organisations run.

If you're active assailant, if you think that active assailant attacks are only perpetrated by terrorists and that the attackers will be outsiders and that you won't be targeted, I'm here to tell you otherwise, basically. And I'm not trying to overegg the risk, I'm not saying that this is coming for you tomorrow. But it's important that organisations face some of what I've just said about debunking these assumptions. Otherwise, these risks are never going to be managed as effectively as they could be within organisations.

And that leads quite nicely into talking about the risk with colleagues in the UK. And we do a lot of work with multinational clients who have significant issues with rolling out these types of security strategies and risk management protocols around be that workplace violence or active assailant, active shooter. Policies and protocols that have proven effective elsewhere in the world.

But as soon as you try to bring it to Europe, we take a very hostile approach to it to say, hang on a second, you're talking about potentially active shooter event. That's a US problem, that's not ours. And actually, that's really unhelpful because, as I hopefully have indicated, much of this comes down to perception and in particular the labels that we put on it. You want to call it terrorism or you want to call it active shooter.

But generally, the modus operandi and most crucially, the impact that these events could have to as an organisation, whether it's a knife attack, a gun attack, etcetera, are the same, OK? And we'll get into what some of those implications could be. But if the impacts are going to be the same, then actually frankly, cutting away the labels and some of the emotions that these labels have associated to them is important to make sure that you can implement the right risk management strategies, which ultimately are the same.

And here, I've got just two quick graphics of run, hide, fight in the US, which is unsurprisingly very American to get the fight in there. But that's a spin off of the run, hide, tell approach that we take here in the UK for active assailant events, OK? So very, very similar. So as I say, the trying to completely differentiate us is by geography and others is unhelpful.

So coming on to legislation. So many of you will know this either as Martyn's Law or Protect Duty. The actual official bill is called the Protection of Premises Bill. So that helps make it slightly confusing. But really, this is designed to increase the societal resilience to terror events. So this is off the back of the Manchester Arena attack and a campaign run by one of the victim's mothers called Figen Murray.

And it's now eventually, it's been spoken about for a very, very long time, as far back as 2020. And there have been lots of assumptions that would be in place by now. And actually funnily enough, about half an hour before Rishi Sunak called the election this year, he had committed to Figen Murray that they were going to get the legislation passed in the conservative parliament term. So you can see how much it's effectively been gaslit as well through the years.

However, the current government are taking it more seriously, and it's currently just about to have its third reading in parliament, which we think will happen before the end of the year. But what is crucial to say is that what you may have heard of back in even last year, 2023, in terms of what the implications would be, it's evolved significantly from the first iterations that date back to 2021.

So what we currently have is this information that's been publicly released. It is being amended again slightly. We don't know quite how. But there are going to be some tweaks to the final legislation. But it will probably be based similar to what we have here. And this is why, again, the risk from active assailant is being increasingly legislated around the world. And we're seeing, especially working with clients across sectors, that there's this pressure of compliance and regulation coming down from the top and also societal expectation and duty of care coming together. And it's meeting in the middle. And that is putting a burden or an expectation, at the very least, on organisations of all types, to be taking these types of risks more seriously and demonstrate that they are taking appropriate steps to mitigate the risks.

So, how protect duty is split is between standard tiers, and it's important to state up front, that health and social care operations and assets are captured within this. But most importantly and charities, but most importantly so are our events as well, OK? So it doesn't need to be your fixed asset and your routine portfolio. It's also anything that you put on.

So perhaps a benefit event or something similar, if it falls into these categories, you fall under the legislation, and you will need to take appropriate actions, which I'll talk through now. So you have a standard tier, which is between, which is basically any asset where it's routine for there to be between 200 and effectively 800 people on site.

The purpose of the standard tier is to get some level of resiliency built in, but it not be too onerous. And what I mean by that is that what is expected of organisations at this level is relatively benign or simple in the sense of, it's focused around staff preparedness and awareness of procedures. And you're not having to spend too much resources on it.

And the key thing is that the government are providing you with these tools. So yes, you will need to apply them or make people aware of them. But some of the previous versions of the legislation were more onerous around this, which was some quite detailed risk assessments and mandatory training of staff. That's being cut away in this version of the legislation, so it does simplify it a little bit.

Now, where it gets more complicated is in the enhanced here. And these are operations where there are routinely over 800 individuals on site. And this is where the assets will be or the events will be scrutinized more. So this is where it starts to moving to things that might result in costs, certainly, a time burden, and other aspects. So do you need to install CCTV? Do you need to up your guarding? Do you need to do more training? Do you need to introduce more rigor around your risk assessments?

And the legislation is loosely modeled on HSE regulation. So much of the terminology and the enforcement process, you'll be familiar with. But it does have its own spin, and it really focuses around things like evacuation, invacuation, lockdown and the communications you use. These are all distinctly characterised within the legislation and terms reasonably practicable in terms of what you can do to control these.

And the key things for enhanced tiers is, as it says here, monitoring vicinity, controlling movements of into and out of premises. That's things like guarding or scanners or controlled access of various types. Physical security measures that could even extend to more expensive assets like CCTV or hostile vehicle mitigation and actual physical design of things. And then the key thing around how you inform on security.

So what has been unclear for a long time, and still partly is, is the role that the regulator will have. The security industry authority or SII, as you may know, have been chosen as the regulator. There are a lot of questions still that need to be answered around them and their role moving forward, because they're not traditionally a regulator. And therefore, the infrastructure behind them is lacking. But they will be there to advise on the implementation and enforce these like the health and safety executive.

Now, what the penalties look like they'll be, and I think there's some question marks around this, sort of confidentiality. People aren't quite sure if these will be fixed, but there's a range of compliance components within the legislation. The focus is predominantly around compliance notices and restriction notices.

So if you are in breach or what you submit, for instance, for an event where you would have to submit, especially if it's enhanced here, if it's over 800 people on site, you'd have to submit a risk assessment to be reviewed in advance. If that is unsatisfactory, then there may be either compliance notices to tell you, you need to fix within this timeline, or a complete restriction of the event, i.e., it would be canceled.

In the most extreme, they have incorporated quite similar to almost GDPR penalties around percentage of revenue being paid, etcetera. But these are, they even say in the legislation that they're very unlikely to occur. And then in the extreme, a criminal offense. So directors being prosecuted for failure to comply and deliver on duty of care.

So coming into what can you do as an organisation. So when we, as mentioned, my team globally, we do a lot of work on this. And when we come into organisations of all shapes and sizes, many in health and social care, particularly in the US, we'll come in, and most of what we see when we ask, OK, what do you do for the risk? will focus around the active response, OK?

So really focused on the incident. And they might have an incident/ lockdown procedure. They might have procedures for run hide fight. But it would be very much this just in isolation, and we'll have a conversation about other mechanisms within the business that will help build resilience to it. But again, they'll all typically be stood in isolation. And this goes for some of the world's biggest and most complex businesses with some very well-resourced security and risk management functions.

And one of the issues is that risks like active assailant really need to be managed by committee. It doesn't just fall on safety and security. It's HR, it's legal, it's insurance and broader risk management functions within the business. So when we tell people that actually, a mature, active assailant risk management programme looks like this, it can cause a bit of surprise.

And what's important is to say is that this is obviously much more extensive. It covers internal and external risks, and it's really looking at the risk much further before the incident and also then after as well, should the very worst happen. And it really goes back as far as your code of conduct. So things like anti-bullying and then also your internal and external grievance mechanisms.

So a good case study is the CEO of UnitedHealth Group who sadly was murdered in New York yesterday. We've worked with similar clients in that sector. That's health insurance, obviously not strictly health care. But we work with clients where the grievance mechanism has failed and you are getting threats directly from disgruntled patients who are in one case that I've worked on terminally ill, unhappy, trying to lash out at reason why.

This hasn't worked out for them, and blaming the health function, the whole process. In that case, insurance and hospitals, etcetera, and some of the doctors involved. And they had a viable threat against them because of that. And that's really where the grievance mechanisms have fallen down and the threat was only picked up right at the end when it was at its most extreme.

Now, when we look at other things more around the incident and post incident, I'll just call out two of these, which is around roll call. So in crisis management terms, key principles are good decisions are made on good information. So what you're trying to do at the start of a crisis is to gather as much of that information as possible, accurate information as possible so you can as quickly as possible make those good decisions as quick as you can.

In an active assailant event, roll call or taking a register of who's been killed or injured or affected in some negative way is incredibly important, but also incredibly difficult to do. Because the difference between you having people on site who have been unharmed, but slightly potentially traumatized or at least disrupted and then 20 to 30 people killed, potentially, the scale of that crisis is significantly different.

And that's why it's really important to try and work out as quick as you can, what is the impact to you as an organisation and your people? But as I say, if you're teaching everyone to run, hide, and fight, they want to disappear, they want to go and hug their families. They don't want to inform you as an organisation immediately that everything's OK necessarily. So it's quite a difficult process to work out.

And the other one is law enforcement liaison and I talk about this kind of ex point with law enforcement in these events. So it comes back to the point that you as an organisation, you're building everything up to make yourself more resilient to help mitigate the risk. Or if it does happen, end it as quick as it can. And law enforcement are trying to do something very similar, which is neutralise the attacker as quick as they can.

So you'll all come together, hopefully, to locate where the perpetrator is and neutralise them. So you get to that point. And then actually, you'll go very, very different ways after the incident has been resolved. So yes, they're your friends, but they can also be a part of the risks that you need to manage moving forward afterwards.

So that can be either around business continuity. There'll be a crime scene. You might not have access to the site or things that you need to do. So you need to consider those aspects. There will then be reputational management. So the police and law enforcement will start communicating information about the event.

If your liaison is poor between that and you aren't aware of it, whilst you're also trying to manage your own employees, customers, the families of victims, etcetera, if the police are putting out information that you're unaware of, that will catch you out. And also in some cases, quite often, that is wrong in the initial instances.

But their focus is on reassuring the public. Your focus is on reputation largely to manage it from an organisation. So you can immediately have contradictory information or information that, frankly, is unhelpful to you. Worst case in that instance is if it's one of your own who have done this and you're unaware of that as well.

And then the final piece is really around culpability as well. Law enforcement and other legal bodies will be looking to find some level of culpability or negligence in the process as well at some stage. And again, that's where you are going to take two very different ends of the spectrum. You'll be defending your position, and they will be looking for some of that in that process as well.

So that's really much focused on the operational risk, the kind of risk treatment side of things. It would be remiss of me not to mention that there is also a risk transfer solution around this as well and this is a policy that we've developed within crisis management. And really what this did, because it was relatively pioneering, was try and bridge the people and asset risks that traditional insurance cover, things like terrorism, had gaps in frankly, as the modus operandi has changed.

So yes, you'll always need your traditional terror cover for those really big, expensive total losses. But if the modus operandi of attackers is really more focused around people, how can we bridge that as an industry? So this is much more focused around things like personal injury, around psychiatric support and around business interruption, those sorts of aspects that focus a little bit more on people risk.

So if there is an attack and it doesn't have physical damage, you're still covered. But it would likely have an impact on business interruption, loss of attraction for some of the assets that you have, and your legal liability in particular. But what this policy also does, and generally the policies in the market, they mirror almost a kidnap for ransom sort of model where you'll also have a response company on the back of it.

So they will come in, and they will help you manage the crisis after it's happened. But also before the incident as well, help work with you to build your resilience around it. And there's bursaries associated to it as well that you can leverage to help assess yourself or develop certain aspects of your programme.

But these are the key things that, I suppose, differentiate this and provide both the level of risk treatment and transfer for these types of risks as well. And this has been a really growing product, especially in the US but in Europe, we're seeing a similar trajectory where, as I say, it's been recognised as filling a gap. So with that, I will pass over to Becky.

REBECCA FORSTER: Thanks, Patrick. Sorry, I'm having a few technical difficulties with my microphone there. So for the next 10 to 15 minutes, my focus is going to be on psychological health and safety in the workplace. So usually, when I'm talking about psychological health in the workplace, I start with the reasons that managing it is essential. There are moral reasons, financial reasons and legal reasons.

Given the context we're talking about today, crisis management, active assailant threats, I probably don't need to stress the moral imperative for action. Reflect on some of the example incidents Patrick has mentioned today. The Southport attack, for example. Just take a moment to think about your personal reactions and responses to that news. Whether you saw it on the news, read about it on social media or had conversations with friends or family.

Even if you were far removed from the incident, it likely caused an element of distress and fear, as may have the civil unrest that resulted. I know I certainly had had a level of uncertainty and fear around traveling during that period. Perhaps also think about how that might have impacted your colleagues as well. Please keep those personal impacts in mind as we proceed through the session. I think that will help highlight the importance of addressing this topic in preventing, responding to, and recovering from active assailant threats.

So I'm not going to focus really on the financial impacts or the moral impacts today. I'm going to start with the legal impact, as you can see on the screen there, and specifically what the law says about psychological health and safety. So employers have duties to take care of not only the physical health and safety of their workforce, but also the psychological health and safety as well.

The Health and Safety at Work Act imposes a requirement on businesses to protect people from harm to their psychological health. That includes taking steps to make sure, where reasonably practicable, employees do not suffer stress-related illnesses as a result of their work. It is also a legal requirement for organisations to risk assess for work-related stress under the management of Health and Safety at Work Regulations.

Now, often when I go out and speak to clients, I find this is an area that can be missed. So you must have in place a documented organisational stress risk assessment. Ordinarily, what I find is that risk assessments are being done once somebody has already been harmed or they're being done on an individual basis.

And that's absolutely an essential part of managing work-related stress, it's important. But actually, we need to be looking at the organisation as a whole and identifying patterns and trends. Not sure what's happening on my slides there. If you just, thank you, Patrick. Just going to request control there, just so that I can navigate through those slides.

PATRICK ROGERS: OK. Sure.

REBECCA FORSTER: So we need to have that documented stress risk assessment in place to try and reduce the risk of harm in the first place. It's also worth considering the Equality Act. So a mental health condition can be considered a disability if it has a long term effect on somebody's normal day to day activity that is likely to last 12 months or longer.

That means, if we are aware that somebody has been diagnosed with a mental health condition or we ought to have known, reasonable adjustments need to be put in place. Now, those of you that work in the health and safety profession or experienced around health and safety at work might know that historically, there hasn't been too much enforcement action in this area by the regulator.

The UK regulator for this are the HSE. And historically, we haven't seen too much action. That is likely to change. So the HSE have identified stress and mental health as focus areas for the next 10 years, and we expect more interest to be taken in this area.

As you can see from their website, employers have a legal responsibility to help their employees. We need to be risk assessing for work-related stress and work-related mental health issues. It's also worth noting here that mental health should now be considered in the first aid needs assessment. So it's likely that as per our legal duties, we have physical first aiders in place. But what competence do we have in place around supporting somebody in a mental health crisis?

So you may have seen on Patrick's previous slides there, a mature approach to active assailant threat will have people who are appropriately trained to support somebody experiencing a mental health crisis, somebody that knows how to access professional help and can act promptly, safely and effectively until that help is available.

But in order to understand how stress impacts individuals, I think we need to understand that we all have a different vulnerability to stress, and know a little bit about what stress can actually do to us to see why this is relevant in all three of those different areas: prevention, response and recovery.

And I always like to use this, the idea of the stress container to talk about stress. So this is a stress container. We all have one. Some of us have smaller containers, some of us have larger containers. And that's down to a number of different what I'm going to call biopsychosocial factors. Our genetics, our life experiences and our environments.

Now, the size of our container represents our vulnerability to stress. That means somebody with a smaller container can accommodate less stress. Somebody with a larger container can accommodate more stress. Largely, the size of that container is out of our control. Stress is very individual, so it's important that we don't make judgments or assumptions about somebody's capacity to handle stress.

Now, regardless of the size of somebody's container, they all work in the same way. So everyday, stressors fill up our container. Now, think of stress as any kind of pressure, demand or responsibility. We need a certain level and I'm not saying that stress is all bad. We need a certain level of pressure in order to motivate us, to give us that healthy level of tension.

In fact, Patrick, Rachel, and I were talking about it before the session today, we have that healthy level of fear that enables us to prepare for the session and deliver it well. So your everyday stresses or pressures can be absolutely anything. Could be the fact that there is a weather warning for the entire weekend. That I've just had to turn the heating up. It might be an unexpected bill, it might be a disagreement at home or it might be caring responsibilities. Can be absolutely anything, and different stresses take up a different amount of room in different people's containers.

Of course, life events fill up the container, and bereavement perhaps, divorce, relationship, difficulties, even seemingly positive events: getting married, having a baby, going on holiday, starting a new job. These are all pressures that fill up our container.

We don't leave our stress containers at home when we go to work, nor do we leave our containers at work when we go home. So workplace stress fills up our container. That's what we're going to be focusing on today. As does what's going on in the world, whether that's nationally or globally.

Think back to what I mentioned there about the Southport attack. The impact of what we're reading in the news, seeing on social media, having conversations about, whether we realise it or not, it's having an impact on us. Stigma and discrimination, of course, have a negative impact on people's mental health and fill up our stress containers. Again, think about Southport, the civil unrest that happened as a result of Southport, how much that may have affected certain an individuals.

And of course traumatic events like some of the examples that we've spoken about today. So when we think about stress in this way, it's not surprising that many of our stress containers are overflowing and this is when difficulties develop. Chronic or sustained stress can contribute to both physical and mental illness.

Essentially, it affects how we think, how we feel, and how we behave, which is why we need to consider it in all three of those different areas: prevention, response and recovery. There is good news here, our stress container has a tap. I'm not going to be talking about the tap too much today. That's more of an individual level. I'll be focusing on organisational measures that can be taken to help, perhaps create capacity in people's containers and help us meet those legal duties to prevent harm from work-related stress.

So the health and safety executive. Identify six main areas of work-related stress if they are not well managed. Now, many of these are likely won't be a surprise to you. Demands we all know that our high workload, having too much to do can have a negative impact on us. But I think we need to think more broadly about demands. Particularly given some of the environments you work in within your sectors, are there physical demands? Are there perhaps emotional demands?

Next, we have control. Do people have control over the way that they do their work? Thinking about prevention here and how we want to create capacity for people before something happens. It has wider business benefits than active assailant risk management as well.

Support. Do people in our organisation feel supported by their line manager, by the organisation? Do we have appropriate mental health support in place? That's something I'll come back to shortly. Does the organisation promote positive, healthy working relationships? That links back to what Patrick mentioned around codes of conduct and doing everything reasonably practicable to minimise any bullying or harassment, which we should have a zero tolerance approach to.

Role and responsibilities. So this is about whether people understand what they're meant to be doing. Do they have conflicting roles and responsibilities? And perhaps from clients, conflicting responsibilities as a result of having multiple line managers. And then we have change. So this is about how the organisation manages change, whether that's large or small and the control measure there is communication.

Look, this isn't about eliminating stress at work, that's not reasonable. I don't think that would ever be seen as reasonably practicable, and we need that certain level of pressure. It is about achieving a balance. So it's likely that if somebody is under high demand, they have a high workload, that's going to have more of a negative impact on somebody's mental health if they have zero control, don't feel supported, nobody communicates with them and they have bad relationships at work.

So we want to think about managing work-related stress to prevent people from becoming unwell in the first place, and also to give them the best possible chance of being able to respond and recover in the event of an active assailant threat or crisis. It's also worth bearing in mind that the likelihood of being exposed to harm in these areas, or being exposed to these hazards, they are different to different individuals, increases exponentially in a threat.

Think about your crisis management team perhaps, if you have one in place and roles and responsibilities. Their roles and responsibilities may be well outside the norm, well outside of their day job. And they're also highly likely to be exposed to trauma, whether that's experiencing a traumatic event, witnessing it or hearing vivid repetitive details.

So I just want to touch briefly on trauma next. We won't go into specific details, but I think it's important to have a basic understanding of trauma when we're talking about active assailant threat. So Mind define trauma as experiencing very stressful, frightening or distressing events that are difficult to cope with or out of our control. Trauma is individual, sometimes we don't want to look at certain events as traumatic because different individuals react differently.

But if I think about some of the language that was used at the beginning of the session around knife, firebomb, terrorism, blade, explosive, vehicle as a weapon, firearm. It's quite easy to see how many of the incidents that we're talking about today are highly likely to cause trauma for an individual.

Now, some people recover from trauma within a couple of weeks. But for some individuals, it can lead to mental health issues like anxiety, depression and it can directly cause post-traumatic stress disorder which is something that I think we all need to be aware of in the context of crisis management.

So post-traumatic stress disorder is a mental illness some people may develop after experiencing, hearing about or witnessing distressing events. What's important to consider here, is that it can occur weeks, months, or even years after the event. So we need to have people appropriately trained, yet to assist while the event is ongoing, but we also need to have people in place that can spot the signs during the recovery process and signpost people to appropriate support. People like perhaps mental health first aiders.

Let's just consider an example briefly to bring this to life. Let's say two months on from an incident, one of your crisis management team calls in sick. Last time you saw them, they were arguing with a colleague, which was out of character. You ask them if they're OK, and they say I'm fine. They're just tired. I'm not sleeping well, and I've been having nightmares.

You ask them if they were because of what happened and they say, I need to go, and rush away from you. I'm going to bring up a poll now and see what you think here. In that brief case study, what warning signs are there that something is wrong? I'm just going to launch that poll now. What do you think? What warning signs are there that something might be wrong there? Let's give you 20 seconds or so.

Yeah, I can see arguing with a colleague there. Lack of sleep, absolutely. A few different things. The mention of nightmares. I think what's key here is behavior that is out of character. Mental health looks different for each of us, so what's usual and unusual differs for each of us.

So we need to be able to identify the signs, have people appropriately trained to identify those warning signs. And we also need to know what needs to happen next. Typically, when I ask this question during crisis management exercises, what needs to happen next, the response I get is, oh, we've got an employee assistance programme, people need to ring the EAP.

Now, what's worth bearing in mind here is that many employee assistance programmes, if not all of them, are designed to support people experiencing mild to moderate distress. Post-traumatic stress disorder, for example, usually isn't going to result in mild to moderate distress and requires specialist support. So again, we need people that are appropriately trained, like your mental health first aiders, to signpost to that appropriate support.

We need HR professionals and line managers who know what reasonable adjustments can be implemented to support people to perhaps stay in work. It's not the case that everybody experiencing mental illness needs time off work. And I think we also need an appropriate level of education so that people realise that, well, yes, mental illness can be a precursor to some of the incidents we're talking about today. People with mental health issues aren't dangerous and we need to emphasise the importance of early intervention.

Now, I'm conscious of time, so I'm just going to briefly show these control measures to preventing or minimising harm if we think about the HSE's management standards approach. These slides will be shared, I would recommend, as a result of this session, that you do review your risk assessment for stress and consider psychological health and safety in your emergency procedures.

But many of the themes are quite clear. And communication, training, procedures and taking an empathic approach with appropriate support. I'm just going to leave you here on this one. Organisations have a duty of care to keep their people safe from harm to psychological health. Risk assess, promote positive well-being, have competent people in your organisation, and ensure appropriate communication, training, support and implement reasonable adjustments where possible.

RACHEL PHILLIPS: Thank you very much, Patrick and Becky, for walking us through this, I guess, quite difficult subject. For me, there were some specific takeaways, just to share before we go into questions. This risk is very much real and can occur any time to any organisation anywhere in the world actually, but certainly in the UK.

And whilst the protect duty legislation will be coming into effect, and it will have certain requirements for organisations, actually, regardless of legislation and regardless of active assailant motivation, it's key that organisations are planning, preparing to manage this risk and building this into their incident response plans, their risk management framework.

I think the other takeaway that Becky talked to is around the legal and moral imperative around psychological health and safety. And again, I'd argue regardless of the health and safety execs focus and what they might do, from an empathetic perspective, we want to look after our workforce and make sure that stress, which impacts how we think, feel, and behave, which obviously has an impact on our organisation's productivity.

And obviously, PTSD and anxiety and depression, which can follow a traumatic event. These are important areas that we need to get to grips with our workforce and help them feel supported. And lastly, I guess the support offered needs to be suitable and sufficient. So making sure that we're not just signposting to an EAP and that we are thinking very much about how we can support our teams.

So we've had some questions in advance, actually. So I think we've probably got time for one or two questions. Any other questions, we'll follow through later on. But I think for the first one, I guess, for Patrick, how can work workplaces and public venues incorporate active assailant drills without causing unnecessary fear? Back to that point was raised.

PATRICK ROGERS: Yeah, it's a good question. I mean, one, thankfully, it's being legislated, but also people are expecting it more as well. So it's increasingly commonplace to see these types of things. There's obviously doing drills and exercises with staff when a venue is unoccupied by customers as well so that you can get that run through.

But if people are there, obviously making them well aware in advance that these sorts of things are going to happen. There's some famous case studies of getting that wrong. For instance, at Manchester United, they did a bomb threat drill the day before a game, and someone left a fake bomb on the back of a door in the toilets. And the game got called off, and the stadium were evacuated when someone found a bomb, albeit a fake one.

So you have to get this right. But yeah, I think people are societally more accepting of the fact that these drills will be in place and feel more reassured and there is that balance between scaremongering and creating overdue concern and a warm, welcoming family environment alongside providing that reassurance as well.

RACHEL PHILLIPS: Thanks, Patrick. And a question for Becky. Although I think we've certainly started to cover this, whether you want to add anything to what you said. The question was what support is available for individuals or communities recovering from an active assailant incident. Is there anything you want to add to that to what you've already said?

REBECCA FORSTER: Yeah, I think it always needs to be appropriate to the individual because there's lots of considerations around stigma and discrimination and what support is most appropriate for an individual. It's also important that we don't force people to talk about trauma, because it can lead to them revisiting the incident and experiencing distress.

So again, that's why it's important to have people like mental health first aiders in place who can help address some of those challenges and identify what support is most appropriate. Mind is probably your best resource in order to find signposting services, I've just put a link into the chat there.

RACHEL PHILLIPS: Thank you. Thank you, Becky. And any other questions that we haven't had chance to answer, we'll respond back to the person who posed it so separately. Thank you for joining us today, and we hope you found the webinar relevant and insightful. Really appreciate you taking the time to complete our short survey, which has been put into the chat as well, so we can continue to design these events which work best for you.

Following the session, we will forward the recording and the slides and also details of the next topic in our risk factor series for the health and social care sector. Please do share this webinar recording and the slides and future events across your organisation. I think you can see, from listening to Patrick and Becky, that this subject actually multiple stakeholders. And it leaves me, I guess, to say, I hope you all have an enjoyable rest of your day and a relaxing and safe Christmas, which is coming at some speed, and I hope to see you next year. Many Thanks.