What Does a Workplace Violence Prevention Consultant Actually Do?

Most organizations that hire a workplace violence prevention consultant do it because a law changed, an incident occurred, or an insurance carrier asked a question they couldn’t answer. Very few do it because someone sat down and thought systematically about what they need and what kind of help would actually provide it.

That distinction matters because the marketplace for workplace violence prevention services is wide, uneven, and largely unregulated. There is no licensing requirement for someone to call themselves a workplace violence prevention consultant. The category includes former HR generalists who added “violence prevention” to their service menu after SB-553 passed, law firms selling policy templates, training companies selling online modules, and genuine practitioners with years of operational security experience and recognized professional credentials.

This article explains what a workplace violence prevention consultant actually does, what a genuine engagement looks like end to end, and what to look for — and watch out for — when evaluating providers.

What Does a Workplace Violence Prevention Consultant Do?

The core work falls into four categories. Most engagements involve some combination of all four, though the emphasis varies by organization and circumstance.

Program Assessment

An assessment evaluates your organization’s current state against applicable legal requirements and professional standards. For California employers, this means evaluating the WVPP, the Violent Incident Log, training documentation, and hazard assessment records against SB-553 requirements. For multi-state employers, it means evaluating across all applicable state mandates simultaneously.

A genuine assessment produces a written findings report with a compliance scorecard and a prioritized remediation roadmap. It tells you specifically what you have, specifically what you’re missing, and specifically what closing each gap requires. It does not tell you that “your program needs work” without telling you what work.

Assessments are typically the entry point — the engagement that converts a compliance question into a defined project. Most range from $3,500 to $7,500 for a single-location employer, with multi-site engagements scoped individually.

Program Development

Program development means building the program — writing the WVPP, designing the Violent Incident Log system, developing the training program, and producing the documentation package. For California employers, this typically follows an assessment that identified gaps, or it is the starting point for employers who have no program at all.

The critical variable in program development is whether the deliverable is site-specific or template-based. A consultant who delivers a generic WVPP with your organization’s name inserted has not built you a program — they have produced a document that will not withstand scrutiny from a Cal/OSHA inspector, an opposing expert witness, or your own employees when they encounter a situation the plan didn’t anticipate.

Genuine program development involves site visits, interviews with operational staff, hazard assessment walkthroughs, and plan content that reflects the specific environment, workforce, and incident history of your organization. For a single-location mid-market employer, program development typically runs $8,500 to $18,000 and takes four to six weeks.

Training Delivery

Training delivery means conducting the employee training required by applicable law — in California, the annual interactive training mandated by SB-553. A consultant may deliver training directly (live or virtual), provide a training package the employer delivers internally, or some combination.

The distinction between compliance training and effective training is meaningful. Compliance training satisfies the legal requirement. Effective training changes how employees recognize and respond to threatening situations. The best workplace violence prevention training is facilitated by someone with genuine operational experience — not someone reading from a slide deck they downloaded from the Cal/OSHA website.

Ongoing Advisory

Ongoing advisory — typically structured as a monthly retainer — provides access to expertise for the situations that arise between project engagements: a concerning employee situation that requires threat assessment consultation, an incident that requires review against the WVPP, a regulatory development that requires plan updates, a new facility that requires a hazard assessment.

For California employers, the annual review and retraining requirement makes ongoing advisory a natural fit — the consultant manages the annual cycle rather than requiring the employer to reinitiate the engagement each year from scratch.

What Does a Genuine Engagement Look Like End to End?

A workplace violence prevention engagement done well follows a defined sequence regardless of organization size:

Intake and scoping. The consultant gathers information about your organization — industry, locations, workforce size, public-facing operations, incident history, current program status — and defines the scope of the engagement. A well-run intake takes 30–60 minutes and produces a written proposal with specific deliverables, timeline, and cost. If a consultant cannot tell you specifically what they will deliver and when, that is a signal worth noting.

Assessment or site visit.For any engagement involving program development or a compliance assessment, a site visit — physical or virtual — is necessary. Your facility’s physical layout, access points, and work areas are essential inputs for a site-specific hazard assessment. A consultant who delivers a program without ever seeing your workplace cannot produce a genuinely site-specific plan.

Deliverable production. The consultant produces the agreed deliverables — written plan, training materials, documentation forms, assessment report — and reviews them with you before finalization. The review step is important: the plan belongs to your organization and the people who will implement it need to understand what it says.

Implementation support. A consultant who delivers a plan and disappears has done half the job. Implementation support — at minimum a debrief on the deliverables and availability to answer questions during the first 30 days — is a reasonable expectation.

Ongoing relationship. The best workplace violence prevention relationships are not transactional. The consultant who helped you build your program knows your organization, knows your incident history, and knows what questions to ask when a situation arises. That institutional knowledge is valuable — it is the difference between having a contact you call in a crisis and having to reintroduce yourself every time.

What Should You Look for in a Provider?

Operational background, not just policy experience. A consultant whose background is exclusively in HR policy or employment law brings a valuable perspective — but it is the perspective of someone who has written about violence prevention, not someone who has designed programs in environments where prevention failures had irreversible consequences. The combination of operational security experience and enterprise program expertise produces qualitatively different work.

Recognized professional credentials. The field has recognized credential standards. The Certified Protection Professional (CPP) from ASIS International is the recognized standard for security management. The Certified Business Continuity Professional (CBCP) from DRI International is the equivalent for business continuity. For threat assessment specifically, training in a validated SPJ instrument — such as the WAVR-21 or a proprietary instrument built on the same research base — is the relevant qualification. Credentials are not sufficient on their own, but their absence is a meaningful data point.

Licensed investigative capability. Some workplace violence situations — active threat assessments, employee-of-concern investigations, due diligence on concerning individuals — require investigative methodology that goes beyond what an HR consultant can legally conduct. A provider backed by a licensed private detective agency can conduct background research, surveillance, and records review with legal standing that unlicensed consultants do not have. For engagements that may involve litigation, this distinction is consequential.

Site-specific work product.Ask to see a sample plan or assessment report — redacted for confidentiality. If the sample looks like a template, it is a template. Site-specific work product reads differently: the hazard assessment reflects actual environments, the corrective measures reflect actual implemented controls, and the plan addresses the specific types of violence relevant to the organization’s industry and customer population.

Principal-led delivery. In boutique advisory firms — which are the appropriate scale for most mid-market organizations — you should be working directly with the principals who have the experience, not with junior analysts executing a methodology they learned last year. Ask who will be doing the actual work on your engagement.

What Are the Red Flags Worth Knowing?

A proposal delivered before an intake. A provider who sends you a standard-scope proposal without asking detailed questions about your organization is not scoping an engagement — they are selling a fixed product. Legitimate workplace violence prevention consulting is bespoke by definition.

A WVPP delivered within 48 hours. A site-specific Workplace Violence Prevention Plan cannot be written before someone has gathered information about your specific workplace. A plan produced immediately after contract execution is a template with your name on it.

Training described as “fully online and takes 20 minutes.”SB-553 requires an interactive discussion element. A 20-minute online module with no facilitated discussion component does not satisfy the requirement. A provider who sells this as compliant either does not know the law or is not being accurate about what it requires.

No mention of the permanent Cal/OSHA standard. A provider advising California employers on WVPP compliance in 2026 should be talking about the permanent standard — expected by December 31, 2026 — and what it means for existing programs. If a provider is not tracking this rulemaking, they are not actively following the regulatory environment they are advising you on.

Where Kestralis Group Fits

Kestralis Group is a veteran-owned security advisory firm founded by two U.S. Army veterans — one with Special Operations and corporate executive leadership experience, one a Certified Business Continuity Professional with nearly two decades of enterprise security program leadership at Fortune-scale organizations.

Our workplace violence prevention work is grounded in behavioral threat assessment methodology — specifically the KTI-W framework — and backed by a licensed private detective agency for situations that require investigative capability beyond what HR can conduct. We work directly with clients — no junior analysts — and we maintain the programs we build through annual retainer relationships that manage the ongoing compliance cycle.

We are appropriate for mid-market California employers who need a genuine program, not a template — and for multi-state employers building coordinated programs across multiple active mandates. We are not the right fit for organizations whose primary need is the lowest-cost document that technically satisfies the minimum requirement.

For a full overview of our services, see the workplace violence prevention service page. To understand where your current program stands, start with our SB-553 readiness assessment.