Is Your Team Ready to Respond to Workplace Violence or an Active Shooter?

By Hao Nguyen
Chief Legal Officer

As the news continues to remind us on a daily basis, the number of incidents related to workplace violence continue to rise at a rapid pace around the country. We tend to think that these events are so far removed from our daily lives that they will never happen to us. However, the unfortunate reality is that businesses, even dealerships, need to be prepared for these kinds of events. I was much like everyone else and believed that workplace violence would never happen to me. A few months ago, I was reminded that workplace violence can happen to anyone at any time. 

Earlier this year, I drove to a local dealership about 10 miles away from my house to help my brother trade in his vehicle for a newer model. After I helped him understand some of the paperwork, he said I should go home as he could take it from there. We said our goodbyes and off I went. Ten minutes later, I received a call from him. He sounded frantic and out of breath:, “There’s a shooter! I ran. Please come get me.” It felt surreal as I drove straight back to the dealership and found my brother in the parking lot of a fast-food restaurant a few blocks away. I could feel my heart continue to race as he told me what happened.

As he was sitting in the office waiting for the finance manager, he saw eight or nine people run at full speed toward the back of the building. As they passed the office, one runner shouted,“Gun!” and my brother joined them in this dash toward the service department. After hiding for a few moments, one of the employees managed to open a gate which allowed everyone to escape over a fence behind the parking lot. My brother then ran a few more blocks till he felt safe enough to call me.

What then happened was what you would expect: law enforcement descended on the scene, one person was taken into custody, and the issue was thankfully resolved without injury. Unfortunately, I can only speculate about its long term effects on the dealership staff. What if this person had violent intent? What was the staff supposed to do? Are there procedures in place to keep them safe? This event gave me a better insight as to what we need to do at ComplyAuto in order to ensure that you are properly training your staff and giving them the tools necessary to keep them safe. 

Why is This Important? 

The Occupational Safety and Health Administration (OSHA) recently issued its first ever citation based on workplace violence at a business and pointed back to the General Duty Clause of the OSHA Act.

The General Duty Clause requires that all employers must provide a work environment for their employees that is “free from recognized hazards that are causing or are likely to cause death or serious physical harm.” 

A security company in Idaho was cited for a “serious” violation of the General Duty Clause when a security officer was fatally shot while on patrol. The officer approached a patron who was openly carrying a firearm and asked him to leave the premises. The patron was known to security officers and the security company for openly carrying firearms in the past. The patron initially started to walk away then suddenly turned around and shot the officer three times. OSHA cited the security company because it “repeatedly exposed its employees at the [mall] to workplace violence hazards and failed to follow its own procedures for interacting with armed individuals to enforce the [mall’s] code of conduct.” For more information, refer to this article written by the team at Fisher Phillips. It is going to change your perspective on trainings and policies as we know it. 

OSHA has stated that they are currently working on language for workplace violence regulations for the healthcare industry (the current industry with the highest workplace violence incidents) and the California Division of OSHA is working on proposed general industry workplace violence standards.

It is only a matter of time until OSHA follows suit to expand to the general industry. 

Not only is it our job to provide a safe and healthy work environment for our staff, but it is up to us as owners, managers, and supervisors to ensure that they are properly trained to know what to do in a time of crisis. This is the perfect time to be proactive in your existing training and policies. ComplyAuto has made it its top priority to provide dealers with all of the necessary tools to further this goal. The next time you sign into the ComplyAuto dashboard, navigate to “Workforce” (Upper right and change the product to “ComplyAuto Workforce”) to take advantage of our free policy builders in the following areas:

  1. Active Shooter Policy
  2. Workplace Violence Policy
  3. Weapons in the Workplace Policy


The “Weapons in the Workplace” policy can be added as an addendum to the “Anti Workplace Violence Policy”, but not all states will allow an outright ban on employees or customers bringing weapons into a facility. In some states, the employer must provide a “safe space” for the weapon(s) to be stored if the company policy does not allow them to be carried openly or discreetly. Other states have different regulations entirely, so remember to be cognizant of your state’s laws and regulatory agencies when it comes to weapons in the workplace before adding any rules or guidelines to your policies. While you’re in the Workforce area of your dashboard, automatically enroll all of your staff into our free “Active Shooter” and “Workplace Violence” trainings by navigating to “Employee Training” tab in the dashboard and select “Settings” from the drop down menu. 

Other things to take into consideration are your Emergency Action Plan Policy  and Emergency Response Training at each location. Some questions to think about: 

  • Do you have a supervisor or manager in charge of doing a headcount of employees in case of an evacuation? 
  • Do all employees know which supervisor(s) to check in with in case of an emergency or evacuation?
  • Do you have emergency contact information for each employee? 
  • Do all employees know where the evacuation points are located? 
  • Are all emergency numbers listed on labor law posters and in an easily accessible area for all employees? 
  • Have you coordinated a plan or additional training with local law enforcement professionals?

As we wait for OSHA to give specific guidance on these matters, the best practice is to always keep our staff ready for these types of incidents. As the saying goes, “failing to prepare is preparing to fail” and it could not be more accurate here. If you have questions about what your specific dealership should do to create or deploy training  and policies for your employees, or would like us to help you create and manage your own processes, please contact us at or reach out to your Client Success Manager. 

As always, if new regulations or guidance are issued regarding workplace violence we will be sure to update our software and keep dealers abreast of any changes or updates. 

This article should be used as a compliance aid only and though its accuracy has been made a priority, it is not a substitute for professional legal advice. Each dealer should rely on their own expertise when using it.

NHADA members: always refer to NHADA for specific guidance that may be applicable to your business. 

Leave a Reply

Can Your IT Service Provider Manage Your FTC Compliance?
Deadline Approaching: Complete Your Inaugural FTC Safeguards Board Report by Year’s End!

We want to enroll our employees in preventative training to prevent BAR citations and fines.

We received a citation or disciplinary action and need to take remedial training.

Mock OSHA Assessment


  • On-demand eight-hour assessment that imitates a real OSHA audit.
  • Conducted by an EHS Pro with OSHA-10 or OSHA-30 certification and 5+ years of experience. 
  • Simulated employee interviews
  • Issue tracking and task management
  • Detailed assessment reports after the assessment with images, videos, and recommended steps for remediation.

    Privacy & Cyber Compliance Suite


    • Custom legal policies with real-time updates, including the Information Security Program (ISP)
    • Customized Incident Response Plan (IRP)
    • Internal risk assessment tools and hands-on guidance
    • Biannual penetration testing (2) 
    • Biannual vulnerability scans (2)
    • Employee security awareness training and completion tracking
    • Extensive vendor management library – hundreds of vendor-completed GLBA contracts & risk assessments
    • Device & systems inventory automation and mapping tools
    • Unlimited industry-specific internal phishing simulations to train staff
    • Complete 50-state privacy compliance required by your state (CA, CO, CT, DE, IA, IN, MT, OR, TN, TX, UT, VA)
    • Website cookie consent banners and unique consumer privacy request portals
    • Annual report to the Board of Directors generated every year
    • Compliance Guarantee

      CPR/AED Certification


      • Instruction provided by Certified American Red Cross Instructors.
      • Practical, hands-on training sessions to practice CPR and AED techniques
      • Proper automated external defibrillator (AEDs) instruction and operation
      • American Red Cross exam and certification
      • Access to study materials, manuals, and resources for continued education and reference.
      • Available for organizations and groups, allowing for tailored training sessions.

      HR Fundamentals


      • Customized policy builder with real-time updates
      • E-sign functionality for required employee policies 
      • Online HR training with employee completion tracking
      • State-specific policies and training
      • Employee management tool
      • Training and policies include Workplace Violence, Active Shooter, IT and Electronic Device Use, Biometric Data Privacy, Sexual Harassment, and more 
      • HR Fundamentals access is included with any other ComplyAuto product

        Encrypted Messaging


        • Encrypt SMS text and email messaging among staff, clients, and customers when sending and receiving files
        • Track usage and detect violations in real-time
        • Advanced security features include auto-deletion of files, Multi-Factor Authentication protection, IP safelisting, and domain blocklisting
        • Supports compliance with various state and federal regulations and recognized industry standards: GLBA, HIPAA, SOC 2, ISO 27001, NIST, CIS Controls, SEC

          Safety Compliance Suite


          • Concierge on-site onboarding 
          • On-demand safety walkthroughs conducted by experienced EHS Pros at various intervals – once, twice, or four times per year
          • Comprehensive Online Training Library and employee progress tracking
          • Automated 50-State Legal Injury & Illness Reporting
          • Policy Builders with Automatic Updates
          • Simplified SDS Creation and Management
          • Guided risk mitigation
          • Signage builder & tracking
          • Efficient equipment inspections with QR Codes
          • Tier 1 Spill Prevention Control and Countermeasure Plan 
          • Automated Tier 2 environmental reporting for all 50 states 
          • Unlimited one-on-one support from our dedicated team
          • Workplace Violence and Active Shooter Policy and Training
          • Unlimited one-on-one support from our dedicated team
          • Automated Tier II environmental reporting for all 50 states.

            EduTech Course 3

            Program to Fulfill AG Disciplinary Order - $299/student

            The California AG routinely penalizes facilities that violate these laws and requires them to perform specific remedies while on probation. One of these remedies requires the ARD to take a course that outlines the laws and regulations of the Automotive Repair Act. This program fulfills the requirement.


            • Comprehensive online course about the Automotive Repair Act

            • Access to training materials anytime (24/7/365)

            • Comprehensive companion manual to the training material

            • Quizzes and final exam to track engagement and learning ability

            • Certificate generated upon completion

            EduTech Course 2

            Remedial Training and Attorney General Disciplinary Order - $299/student

            The Bureau of Automotive Repair (BAR) has allowed violating automotive repair dealers to take a remedial training program in lieu of having their information posted on a public website. Additionally, automotive repair dealers are required to take a training course as part of the California Attorney General’s disciplinary order. 

            This course fulfills both of these requirements.

            Created by California attorneys with over 35 years of combined experience in the automotive repair industry, this course is the only course on the market that is taught by instructors who are certified by the BAR.


            • Comprehensive online course about the Automotive Repair Act
            • Instruction by providers certified by the BAR
            • Access to training materials anytime (24/7/365)
            • Comprehensive manual that is a companion to the course
            • Quizzes and final exam to track student engagement and information retention
            • Certificate generated upon completion
            • Automated notification to the Bureau of Automotive Repair, if applicable


            EduTech Course 1

            Automotive Repair Act Certification Training - $49/month per rooftop

            With new regulations giving the Bureau of Automotive Repair (BAR) more authority to find violations and enforce citations upon repair facilities, it is now more important than ever to make sure your staff is knowledgeable about the Automotive Repair Act. Protect your repair facility from BAR scrutiny by enrolling into EduTech’s Automotive Repair Act Certification Training. This is the only training in California that is approved by BAR. 

            “Evidence of voluntary participation in retraining [of]…employees” as a mitigating factor. – Guidelines for Disciplinary Orders and Terms of Probation, BAR

            BAR has allowed retraining to be a “factor in mitigation” when investigating a repair facility. Therefore, as a preventative measure, it is strongly recommended that all technicians and service writers enroll into this course to show the BAR that you acknowledge and understand these rules before any investigation ever occurs. 

            All students enrolled in this product will be eligible for our “EduTech Guarantee” which financially protects repair facilities from enforcement by the Bureau of Automotive Repair. For more information, please visit our Terms of Service.


            • Online training course about the Automotive Repair Act
            • Only training course that is approved by BAR
            • Access to training materials anytime (24/7/365)
            • Quizzes and final exam to track student engagement and information retention
            • Certificate generated upon completion


            • Lower risk of BAR scrutiny by standardizing correct practices
            • Increased customer satisfaction
            • Establishes good faith efforts and may avoid BAR citation and fine
            • Professional development for service writers and technicians
            • Eligibility for the EduTech Guarantee

            Students enrolled in this product will also have complimentary access to HR training materials and policy builders. Topics include:

            • Sexual harassment (supervisory and non-supervisory)
            • Active shooter
            • Workplace violence
            • Social media use
            • Biometric data (timekeeper or key lockbox)

            F&I Compliance Suite

              • Precise Deal Jacket Audits to identify and address real-world F&I compliance issues accurately.
              • Focused Compliance on specific F&I compliance concerns such as Fair Lending Compliance Solutions, California Litigation, Vehicle Safety Recalls, Used Vehicle History, FTC Buyers Guide & Federal Warranty Disclosures, 
              • Automated EZ Cash Reporting & Anti-Money Laundering with IRS Reporting 
              • Spot Delivery & Unwind Management
              • Real-Time Issue Identification Quickly detect compliance gaps and issues, enabling swift corrective action and risk mitigation.
              • Online F&I Compliance Training 
              • Compliance Guarantee

                Device & Email Security


                The combined features create a dynamic defense system that adapts to evolving cybersecurity threats and secures the organization's digital ecosystem.

                • Continuous threat detection and response powered by Coro:
                  • EDR (Endpoint Detection and Response) 
                  • MDR (Managed Detection and Response) 
                  • 24/7 Security Operations Center team
                  • Swift response and alert to potential security breaches
                • Enhanced authentication and access control via Multi-factor Authentication (MFA) powered by Duo Security™
                • Advanced email security to shield e-threats such as phishing, malware, spam, and scams – integrates with Google Workspace & Microsoft Office 365.
                • Data governance and Data Loss Prevention (DLP)  detect and manage employee data-sharing practices. 
                • Device-level encryption for Windows and macOS
                • Public & unencrypted wifi blocking
                • Next-gen antivirus
                • Automated password policy and session locking enforcement