Where there exists a reasonably predictable hazard of client-initiated violence:

• Ensure there was no physically unrestricted access by clients to the staff working area;  This meant that as a minimum, a secured desk was between a client and staff member to effect delay in the event of an attack and for zones to be developed which gave a safe and rapid means of escape for the staff member;
• Ensure that employees and contractors are adequately trained to respond to an emergency response incident;
• Adopt and effectively embed a "zero tolerance policy" by:
• publishing a "zero tolerance policy";
• embedding a "zero tolerance policy" in systems, standards and procedures and, in tum, in its staff; and
• strategising to create a positive security culture and implementing those strategies;
• Implement a client risk profiling process;
• Implement a client management plan tailored to the risk assessment of that client; and
• Implement effective incident investigation and incident data analysis, including by:
• analysing the incident basis of security incidents on an annual basis and transferring the learnings to the defendant;
• setting key performance indicators with respect to security incidents and reviewing these monthly/quarterly;
• engaging periodically with selected frontline staff from selected locations to evaluate the effectiveness of security/related systems;
• instituting a comprehensive investigation process and analysis model applied to critical security/related incidents;
• developing a security management plan or equivalent document at the highest level of the defendant with clearly stated context, purpose, defined accountabilities, plan owner, internal review and external audit timeframes etc; and
• completing a security audit using established risk management models and standards to aid in the establishment of the security management plan.