SUBJECT THREAT ASSESSMENT
[SUBJECT FULL NAME] - re: [PROTECTEE / ASSET / CONTEXT]
The Subject Threat Assessment determines whether and how a specific subject poses a threat to a named protectee, organization, or asset - distinct from whether the subject has merely made a threat. It is a behavioral, structured-professional-judgment (SPJ) product framed by the recognized targeted-violence models (pathway to violence; Meloy’s warning behaviors / TRAP-18; WAVR-21 domains; Calhoun & Weston’s hunter/howler typology) and delivers a defensible threat-level determination plus threat-management recommendations. It is not a clinical, psychological, or psychiatric diagnosis, not an actuarial prediction, and not a background dossier (Standard/Enhanced Subject products), a protective-intelligence program (retained service, deferred), or a residential/venue assessment (RVTA / Event & Venue). If indicators of imminent danger are present, escalate to law enforcement immediately - do not wait on this report.
Document Control
| Field | Value |
|---|---|
| Report Reference | [REF-YYYY-###] |
| Date of Report | [YYYY-MM-DD] |
| Assessment As-Of Date | [YYYY-MM-DD] |
| Protectee / Asset at Risk | [Named individual / org / facility] |
| Triggering Event / Referral | [Communication / incident / behavior that prompted assessment] |
| Assessment Model(s) Applied | [Pathway to violence · Warning behaviors/TRAP-18 · WAVR-21 domains · Hunter/Howler] |
| Qualified Evaluator (if instrument coded) | [Name / credential - formal WAVR-21/TRAP-18 coding requires a trained rater] |
| Threat-Management Owner | [Who owns the case going forward] |
| Client | [CLIENT NAME] |
| Prepared By | [ANALYST / THREAT MANAGER NAME / ID] |
| Reviewed By | [REVIEWER NAME / ID] |
| Approving Officer | [APPROVER NAME / ID] |
| Version | [1.0] |
| Distribution | [NAMED RECIPIENTS] |
Handling & Legal Caveat
Handling: [Classification/TLP]. Named recipients only. No onward dissemination without originator approval.
IMMINENT DANGER: If this assessment surfaces an imminent risk of harm, contact law enforcement / 911 immediately. This product does not substitute for emergency response.
Nature of assessment: This is a behavioral structured-professional-judgment assessment of whether the subject poses a targeted-violence threat. It is NOT a clinical, psychological, psychiatric, or fitness-for-duty diagnosis, and NOT an actuarial prediction of future violence. It assigns concern and prioritizes management; it does not claim to predict who will or will not act.
Duty to warn / report: Where findings implicate a duty to warn an identifiable potential victim (e.g., Tarasoff-type obligations) or a mandatory-reporting duty, those obligations are triggered independently of this report and must be actioned per counsel and jurisdiction.
Permissible purpose: Conducted for the lawful protective purpose of [PURPOSE]. Not a “consumer report” and not prepared by a “consumer reporting agency” under the FCRA (15 U.S.C. § 1681); not for any FCRA-covered eligibility determination.
Data protection: Personal and behavioral data processed under [GDPR/CCPA/applicable regime]; handle per the client DPA and retention schedule [RETENTION REF]. Privilege: [If applicable] Attorney–Client Privileged / Work Product.
Currency: Threat is dynamic. This assessment reflects information as of the as-of date and must be reassessed on the triggers/cadence in §17.
Threat Summary
| Field | Value |
|---|---|
| Subject | [Name] |
| Threat Level | [Minimal / Low / Moderate / High / Imminent] |
| Posing vs. Making a Threat | [Poses / Makes / Both / Indeterminate] |
| Hunter / Howler Characterization | [Hunter / Howler / Mixed / Undetermined] |
| Pathway Stage (furthest observed) | [Grievance → … → Attack] |
| Grievance | [Nature / target focus] |
| Capability & Access | [Means + proximity to target] |
| Recommended Protective Posture | [One line] |
| Reassessment Trigger | [Event/cadence] |
Table of Contents
Page numbers populate on export to Word/PDF.
- Bottom Line Up Front (BLUF)
- Executive Summary
- Key Judgments
- Threat Intelligence Requirements (PIRs)
- Subject–Target Nexus
- Behavioral Warning Indicators
- Pathway-to-Violence Assessment
- Capability, Access & Opportunity
- Intent, Motivation & Grievance
- Risk & Protective Factors (SPJ Domains)
- Threat Classification & Level Determination
- Verified Findings Summary
- Escalation Indicators & Tripwires
- Analysis of Competing Hypotheses (ACH)
- Key Assumptions Check
- Collection Gaps & Intelligence Requirements (RFIs)
- Threat Management & Mitigation Recommendations
- Sources & Methodology
- Appendices
1. Bottom Line Up Front (BLUF)
2–4 sentences. State the threat-level determination, whether the subject poses or merely makes a threat, and the immediate required action (including any law-enforcement referral).
- Threat level: [Minimal / Low / Moderate / High / Imminent.]
- Poses vs. makes a threat: [Determination + one-line basis.]
- Immediate action: [Protective action / law-enforcement referral / monitoring posture.]
2. Executive Summary
Referral & Triggering Event
What prompted this assessment - the communication, incident, or behavior, and when.
[Narrative.]
Subject–Target Nexus (overview)
The subject’s connection to the protectee/asset and the nature of the grievance or fixation. Detailed in §5.
[Narrative.]
Scope & Limitations
What was assessed, sources available, time window, and constraints (no clinical evaluation, no direct subject interview unless noted, data limitations).
[Narrative.]
Threat Bottom Line
The net assessment in narrative form - consistent with §11.
[Narrative.]
3. Key Judgments
Analytic assessments. Likelihood (of approach/escalation/targeted violence) and analytic confidence in SEPARATE columns (never combined - ICD 203). Each judgment names its change indicator.
| # | Judgment | Likelihood | Confidence | Change Indicator |
|---|---|---|---|---|
| KJ-1 | [e.g., likelihood of attempted approach to protectee] | [almost no chance … almost certain] | [HIGH/MOD/LOW] | [ ] |
| KJ-2 | [ ] | [ ] | [ ] | [ ] |
| KJ-3 | [ ] | [ ] | [ ] | [ ] |
| KJ-4 | [ ] | [ ] | [ ] | [ ] |
4. Threat Intelligence Requirements (PIRs)
The questions this assessment must answer (PIR → EEI → indicators/sources). Answer, evidence, confidence, residual gap each.
PIR-1: [e.g., Does the subject have the intent to harm the protectee?]
| Assessment | Supporting Evidence | Confidence |
|---|---|---|
| [YES / NO / LIKELY / UNRESOLVED] | [ ] | [HIGH/MOD/LOW] |
Residual gap: [Carry to §16 if open.]
PIR-2: [e.g., Does the subject have the capability and access to act?]
| Assessment | Supporting Evidence | Confidence |
|---|---|---|
| [ ] | [ ] | [ ] |
Residual gap: [ ]
(Repeat - typically: intent · capability · access/opportunity · pathway progression · stabilizers/inhibitors.)
PIR Summary Matrix
| PIR | Question (brief) | Answer | Confidence |
|---|---|---|---|
| PIR-1 | Intent | [ ] | [H/M/L] |
| PIR-2 | Capability | [ ] | [H/M/L] |
| PIR-3 | Access / opportunity | [ ] | [H/M/L] |
| PIR-4 | Pathway progression | [ ] | [H/M/L] |
5. Subject–Target Nexus
The relationship between subject and protectee/asset and the grievance that drives the threat. Targeted violence is grievance-driven and target-specific - establish the “why this target.”
| Element | Finding | Source Grade |
|---|---|---|
| Relationship to target | [Former employee / intimate / litigant / stranger-fixated / ideological] | [A–F/1–6] |
| Grievance (nature & origin) | [ ] | [ ] |
| Fixation / preoccupation | [Intensity, duration, escalation] | [ ] |
| Identification (warrior mentality, role models, prior attackers) | [ ] | [ ] |
| Contact / communication history with target | [Frequency, tone, escalation] | [ ] |
| Prior protective/legal actions (TRO, trespass, prior reports) | [ ] | [ ] |
Nexus assessment: [Why this subject is focused on this target; trajectory of the focus.]
6. Behavioral Warning Indicators
Coded against the eight proximal warning behaviors (Meloy / TRAP-18). For each: present / absent / unknown, with the observed evidence and source grade. These are behaviors, not inferences about thoughts.
| Warning Behavior | Status | Observed Evidence | Source Grade |
|---|---|---|---|
| Pathway (research, planning, preparation, attack-related behavior) | [Present/Absent/Unknown] | [ ] | [A–F/1–6] |
| Fixation (increasing preoccupation with person/cause) | [ ] | [ ] | [ ] |
| Identification (warrior/pseudo-commando, weapons affinity, prior-attacker emulation) | [ ] | [ ] | [ ] |
| Novel aggression (unrelated act of violence to test capacity) | [ ] | [ ] | [ ] |
| Energy burst (increase in activity related to the target) | [ ] | [ ] | [ ] |
| Leakage (communication to a third party of intent to harm) | [ ] | [ ] | [ ] |
| Last resort (violent action/time imperative; “no other option”) | [ ] | [ ] | [ ] |
| Directly communicated threat | [ ] | [ ] | [ ] |
Warning-behavior summary: [Which are present, clustering, recency, and acceleration.]
7. Pathway-to-Violence Assessment
Locate the subject on the pathway. Targeted violence is typically the culmination of a progression, not an impulsive reaction. Identify the furthest stage with behavioral evidence and the direction/velocity of movement.
| Stage | Behavioral Evidence | Observed? | Source Grade |
|---|---|---|---|
| 1. Grievance | [ ] | [Y/N/Unk] | [ ] |
| 2. Ideation (violence as a solution) | [ ] | [ ] | [ ] |
| 3. Research / planning (target, methods, surveillance) | [ ] | [ ] | [ ] |
| 4. Preparation (acquisition, rehearsal, logistics) | [ ] | [ ] | [ ] |
| 5. Breach / probing (approach, security testing) | [ ] | [ ] | [ ] |
| 6. Attack | [ ] | [ ] | [ ] |
Pathway assessment: [Furthest stage evidenced; movement direction and velocity; any stage-skipping.]
8. Capability, Access & Opportunity
Means, skills, and the access/opportunity to reach the target. Intent without capability/access is a different problem than intent with both.
| Factor | Finding | Confidence |
|---|---|---|
| Weapons access / acquisition | [ ] | [H/M/L] |
| Relevant skills / training (military, tactical) | [ ] | [ ] |
| Physical proximity / access to protectee | [ ] | [ ] |
| Knowledge of protectee patterns/locations | [ ] | [ ] |
| Opportunity (upcoming events, exposure windows) | [ ] | [ ] |
9. Intent, Motivation & Grievance
Characterize intent and motivation. Distinguish instrumental (goal-directed) from expressive (emotional venting) intent - central to the hunter/howler determination.
| Element | Finding | Confidence |
|---|---|---|
| Stated intent (explicit/implicit) | [ ] | [H/M/L] |
| Instrumental vs. expressive | [ ] | [ ] |
| Motivation / driver (revenge, ideology, intimacy, notoriety, despair) | [ ] | [ ] |
| Last-resort / desperation indicators | [ ] | [ ] |
| Suicidality / murder-suicide indicators | [ ] | [ ] |
10. Risk & Protective Factors (SPJ Domains)
Structured factor review (WAVR-21 / TRAP-18 distal-characteristics frame). Separate static (historical) from dynamic (changeable) factors; identify destabilizers (accelerants) and stabilizers/inhibitors (brakes). Behavioral context is observational and NON-CLINICAL.
Risk Factors
| Factor | Type | Present? | Notes | Source Grade |
|---|---|---|---|---|
| History of violence / aggression | Static | [Y/N/Unk] | [ ] | [ ] |
| Prior targeted/threatening behavior | Static | [ ] | [ ] | [ ] |
| Personal/professional grievance collection | Dynamic | [ ] | [ ] | [ ] |
| Recent loss / humiliation / trigger event | Dynamic | [ ] | [ ] | [ ] |
| Substance abuse / deterioration | Dynamic | [ ] | [ ] | [ ] |
| Isolation / loss of support | Dynamic | [ ] | [ ] | [ ] |
| Behavioral/mental-state change (observed, non-diagnostic) | Dynamic | [ ] | [ ] | [ ] |
Destabilizers vs. Stabilizers / Inhibitors
| Destabilizers (accelerate risk) | Stabilizers / Inhibitors (reduce risk) |
|---|---|
| [Pending loss, deadline, trigger event] | [Family/job stake, supervision, treatment, future orientation] |
11. Threat Classification & Level Determination
The core artifact. Render the structured-professional-judgment determination: poses vs. makes a threat; hunter vs. howler; and the assigned threat level - with explicit rationale tying back to warning behaviors, pathway stage, capability/access, intent, and stabilizers. This is a judgment, not a number.
| Determination | Finding | Basis |
|---|---|---|
| Poses vs. makes a threat | [ ] | [ ] |
| Hunter / Howler | [ ] | [ ] |
| Threat level | [Minimal / Low / Moderate / High / Imminent] | [ ] |
Determination rationale: [Narrative SPJ argument. Reference the discriminating indicators. State likelihood and confidence separately.]
12. Verified Findings Summary
| # | Finding | Status | Confidence | Materiality |
|---|---|---|---|---|
| F-1 | [ ] | [Verified / Unverified / Contradicted] | [H/M/L] | [Material / Minor] |
13. Escalation Indicators & Tripwires
The specific, observable behaviors that would indicate escalation and trigger re-assessment or protective action. Pre-defining tripwires is core to threat management.
| Tripwire (observable) | Indicates | Required Response |
|---|---|---|
| [e.g., acquisition of a weapon] | [Capability escalation] | [Immediate reassessment / LE referral] |
| [e.g., approach to protectee location] | [Breach/probing] | [ ] |
14. Analysis of Competing Hypotheses (ACH)
Test the alternatives - genuine intent to act, expressive venting (howler), misattribution/wrong subject, third-party involvement. The favored judgment is the one with the least disconfirming evidence.
Hypothesis 1: [Subject poses a genuine intent to act]
- Evidence for / against: [ ] / [ ]
- Assessment: [ ]
Hypothesis 2: [Subject is expressive/howler, low approach risk]
- Evidence for / against: [ ] / [ ]
- Assessment: [ ]
Hypothesis 3: [Misattribution / alternative actor]
- Evidence for / against: [ ] / [ ]
- Assessment: [ ]
Most consistent hypothesis: [Which, and the discriminating evidence.]
15. Key Assumptions Check
| # | Assumption | Basis | Confidence | Impact if Wrong |
|---|---|---|---|---|
| A-1 | [ ] | [ ] | [H/M/L] | [ ] |
| A-2 | [ ] | [ ] | [ ] | [ ] |
16. Collection Gaps & Intelligence Requirements (RFIs)
| Gap / RFI | Impact on Assessment | Recommended Collection / Routed Product | Priority |
|---|---|---|---|
| [ ] | [ ] | [Method / e.g., ”→ continuous monitoring”] | [HIGH/MED/LOW] |
17. Threat Management & Mitigation Recommendations
Assessment without management is incomplete. Provide concrete management options, protective measures, legal/LE options, and - critically - actions to AVOID that could escalate. Define reassessment triggers and cadence and name the case owner.
Recommended Management Strategy
Overall posture: monitor / actively manage / disrupt / refer. Rationale.
[Narrative.]
Protective & Mitigation Measures
| Measure | Rationale | Owner | Priority |
|---|---|---|---|
| [Protective-detail adjustment / access control / route change] | [ ] | [ ] | [H/M/L] |
| [Monitoring of subject indicators] | [ ] | [ ] | [ ] |
| [Legal action - TRO / trespass / cease-contact] | [ ] | [ ] | [ ] |
| [Law-enforcement referral / coordination] | [ ] | [ ] | [ ] |
Actions to AVOID (de-escalation discipline)
Steps that could provoke, accelerate, or validate the subject (e.g., aggressive confrontation, public exposure, abrupt cutoff in intimacy cases). Threat management can make things worse if mishandled.
[Narrative.]
Reassessment Triggers & Cadence
When this assessment must be revisited (tripwires from §13) and the routine review interval.
[Narrative.]
18. Sources & Methodology
Methodology & Frameworks
State the SPJ basis and the models applied (pathway to violence; Meloy warning behaviors / TRAP-18; WAVR-21 domains; Calhoun & Weston hunter/howler). Note that formal coding of WAVR-21/TRAP-18 requires a trained, qualified evaluator, and that this assessment characterizes and prioritizes concern - it does not predict.
- [Methods: records, communications analysis, OSINT, collateral interviews (if any), instrument coding (if any)]
Source Register
| Ref | Source | Type | Reliability (A–F) | Credibility (1–6) | Date |
|---|---|---|---|---|---|
| S-1 | [ ] | [Record/Communication/Collateral/OSINT] | [ ] | [ ] | [ ] |
Source Reliability Scale (Admiralty, A–F)
| Grade | Meaning |
|---|---|
| A | Completely reliable |
| B | Usually reliable |
| C | Fairly reliable |
| D | Not usually reliable |
| E | Unreliable |
| F | Reliability cannot be judged |
Information Credibility Scale (Admiralty, 1–6)
| Grade | Meaning |
|---|---|
| 1 | Confirmed by other sources |
| 2 | Probably true |
| 3 | Possibly true |
| 4 | Doubtful |
| 5 | Improbable |
| 6 | Truth cannot be judged |
Estimative Probability (Likelihood) Lexicon - ICD 203
| Term | Range |
|---|---|
| Almost no chance / remote | 01–05% |
| Very unlikely / highly improbable | 05–20% |
| Unlikely / improbable | 20–45% |
| Roughly even chance | 45–55% |
| Likely / probable | 55–80% |
| Very likely / highly probable | 80–95% |
| Almost certain / nearly certain | 95–99% |
Analytic Confidence Scale (evidence base)
| Level | Criteria |
|---|---|
| HIGH | Multiple independent, reliable sources; corroborated behavioral evidence; no significant contradiction. |
| MODERATE | Partial corroboration; some gaps; minor unresolved inconsistencies. |
| LOW | Single/uncorroborated source; significant gaps; plausible alternatives open. |
Threat-Level Scale (SPJ - this product)
| Level | Criteria |
|---|---|
| Imminent | Evidence of intent + capability + late-stage pathway (preparation/breach) and/or last-resort behavior. Immediate protective action and law-enforcement referral. |
| High | Subject poses a threat: multiple clustered warning behaviors, pathway progression, capability and access present. Active management required. |
| Moderate | Concerning grievance/behaviors but material gaps in intent, capability, access, or pathway progression. Active monitoring and intervention. |
| Low | Limited indicators; more consistent with howler/expressive behavior or grievance without pathway movement. Passive monitoring. |
| Minimal | No current indication the subject poses a threat. Administrative close / baseline only. |
Methodological note: Threat level is a structured professional judgment, not a numeric or actuarial product, and is not a prediction. Likelihood (of an event) and analytic confidence (in the evidence) are stated separately (ICD 203). Behavioral observations are non-clinical. The assessment distinguishes behavior from inference about the subject’s mental state.
19. Appendices
- Appendix A - Behavioral Timeline: [Chronology of grievance, communications, and warning behaviors with dates/sources.]
- Appendix B - Communications Index: [Threatening/relevant communications, verbatim/summarized, dated and graded.]
- Appendix C - Identifier & Entity Index.
- Appendix D - Source Index: [Citations / archived records, capture timestamps.]
- Appendix E - Evidence Archive & Chain of Custody: [Preserved records, hashes, timestamps/URLs.]
- Appendix F - Glossary & Abbreviations (warning behaviors, pathway stages, model references).
- Appendix G - Revision History.
END OF REPORT
This Subject Threat Assessment is a behavioral, structured-professional-judgment product prepared from available records, communications, and open sources as of the stated as-of date. It is not a clinical or psychological diagnosis, not an actuarial prediction, not a consumer report (FCRA), and not legal advice. Threat is dynamic and this assessment must be reassessed on the stated triggers. If imminent danger is indicated, contact law enforcement immediately.
| Field | Value |
|---|---|
| Prepared By | [ANALYST / THREAT MANAGER NAME] |
| Reviewed By | [REVIEWER NAME] |
| Approving Officer | [APPROVER NAME] |
| Date | [YYYY-MM-DD] |
| Version | [X.X] |
Model wiring
Generated from cell frontmatter at publish time.