Why the Scrutiny Around Active Threat Training Has Shifted
For roughly two decades after Columbine, active threat response doctrine was understood primarily at the command level. Chiefs understood it. Training sergeants delivered it. Officers completed it in academy and in periodic refreshers. Post-incident reviews focused on tactical decisions made on scene and on command decisions made in the first minutes of the response.
That focus has changed. In the last several years, high-profile active threat incidents have produced post-incident reviews that examined the training records of individual responding officers: who had completed initial active threat training, when they last completed a refresher, what scenarios they had been tested on, whether they had ever trained on single-officer entry versus team entry tactics. The scrutiny shifted from command-level doctrine to officer-level preparation.
This shift has direct consequences for every agency’s training documentation. The documentation that previously satisfied accreditation or POST audits — “officer completed active shooter training” with a date and a duration — no longer satisfies the scrutiny that follows major incidents. Reviews now ask whether the training was initial or refresher, whether scenario-based or classroom only, which tactical models were taught, and how recently each officer was trained.
Post-incident reviews of major active threat events now examine individual officer training records in detail. Agencies whose documentation captures only the fact of attendance — not the content, currency, or scenario specifics — find their training programs characterized as superficial after the fact.
How Active Threat Response Doctrine Evolved
Understanding the current documentation expectations requires understanding what doctrine the documentation is meant to capture. Active threat response has evolved through several distinct phases over the past twenty-five years, and current training should reflect the current phase.
Phase 1: Contain and wait (pre-Columbine)
Initial responding officers established a perimeter and waited for SWAT. This doctrine collapsed after Columbine demonstrated that the delay cost lives.
Phase 2: Four-officer diamond formation
Post-Columbine, doctrine shifted to immediate entry by a four-officer contact team. This model was widely trained through the 2000s and early 2010s.
Phase 3: Three-officer and two-officer teams
As research demonstrated that smaller teams could enter more quickly with acceptable risk, doctrine evolved to accept three- and two-officer entries.
Phase 4: Solo-officer entry
Current dominant doctrine accepts that the first responding officer may need to enter alone to engage the threat, particularly in incidents where delay produces more casualties. This is the model most current training reflects.
An agency whose training documentation shows active threat training from five years ago without subsequent refreshers is, by default, documenting doctrine that predates current practice. The documentation gap is not just about frequency — it is about whether the training reflects the tactical model officers would actually deploy today.
What Post-Incident Reviews Now Look For
Reviews of major active threat incidents — whether conducted by state agencies, federal monitors, independent commissions, or accrediting bodies — increasingly examine six elements of training documentation for each responding officer.
1. Initial training record
When did the officer first complete active threat response training? What curriculum? Where? With what instructor credentials?
2. Refresher cadence
How frequently has the officer received active threat refresher training? Annual? Less? Is the frequency consistent across the agency or inconsistent by shift or assignment?
3. Tactical model trained
Which tactical model does the agency train — solo entry, two-officer, three-officer? Has training evolved as doctrine evolved? Does the training match current dominant doctrine?
4. Scenario or practical application
Has the officer completed scenario-based or force-on-force active threat training, or only classroom instruction? Classroom-only active threat training faces the same Zuchel limitation as classroom-only judgment training.
5. Multi-agency coordination exposure
Has the officer trained in multi-agency settings that reflect the coordination that actual responses require? Or only in single-agency training environments?
6. Medical integration
Does the active threat training integrate tactical medicine (TECC, Stop the Bleed, casualty care under fire)? Can the agency document that integration?
An officer’s training file that can affirmatively answer all six elements supports the agency’s response narrative. A file that leaves multiple elements unanswered undermines it.
Program Elements of a Complete Active Threat Training Program
A defensible active threat training program includes the following elements, each documented as a distinct training event.
Initial training
Foundational active threat instruction, typically completed at academy and reinforced at first in-service. Covers doctrine, tactical models, communication, priorities of life, and the rules of engagement for active threat response.
Annual classroom refresher
Updates covering current doctrine, lessons from recent incidents, policy updates, and legal developments. Short in duration but important as a documented annual event.
Annual scenario or force-on-force training
Practical application of the tactical model the agency trains: solo or team entries, movement toward threat, engagement decision-making. Scenario training is where officers actually develop the capability, not where they merely learn about it.
Multi-agency coordination training
Training events involving neighboring agencies that reflect the reality of active threat response — where officers from multiple jurisdictions respond to a single incident. This training should cover command structure, communication, and tactical coordination.
Tactical medical integration
Training that integrates tactical medicine into active threat response: Stop the Bleed, TECC-level care under fire, care-under-cover, and medical evacuation under threat. These are increasingly recognized as inseparable from tactical active threat capability.
Role-specific training
Patrol officers, school resource officers, and specialty team members often have different roles in active threat response. Training should reflect the role each officer will likely play.
Frequency and Currency
Current consensus among active threat training experts and most state POST standards favors annual active threat response training at a minimum, with many agencies and jurisdictions training more frequently. The specific cadence depends on several variables.
Annual is the floor
Any officer without documented active threat training within the past twelve months has, by current standards, a currency gap. This includes refresher training and at least one scenario-based or practical application event.
Scenario-based training at least annually
Classroom-only refreshers do not substitute for practical application. The Zuchel principle applies here: decisions officers will make in the field must be rehearsed under conditions that approximate the field.
Higher frequency for high-risk assignments
School resource officers, patrol officers in dense public spaces, and officers in jurisdictions with elevated active threat risk should train more frequently than the baseline. The frequency should track the operational exposure.
An officer whose most recent active threat training predates the current tactical doctrine the agency teaches is, for scrutiny purposes, untrained on current doctrine. Currency is not just about time — it is about whether the training reflects the model the officer would actually deploy.
Multi-Agency Coordination Training
Major active threat incidents almost always involve multiple agencies. First officers on scene may be from one jurisdiction, follow-on officers from another, tactical teams from a third, and supporting resources from several more. Coordination under extreme time pressure is the challenge these multi-agency responses present — and single-agency training does not rehearse the coordination.
Agencies building documentation-defensible active threat programs increasingly include documented multi-agency training exercises: joint tabletops, joint force-on-force scenarios, and joint responses to simulated incidents. These events should be documented at the officer level for every participating officer, not just at the agency level.
The documentation value of multi-agency training is high. An officer whose training record includes documented multi-agency coordination exercises is demonstrably prepared for the coordination the real incident will require. An officer whose record does not is, to that extent, unprepared — and the file shows it.
How exposed is your department?
Take our free 4-minute Training Liability Risk Assessment to find out where your documentation creates exposure — and how to fix it.
Take the AssessmentDocumentation Standard for Active Threat Training
Active threat training documentation must meet the standard set by the scrutiny it now faces. The five documentation standards apply with specific elaborations.
Tactical model must be documented
Records should identify which tactical model was taught: solo entry, two-officer, three-officer, four-officer, or combinations. “Active shooter training” without model specificity cannot be evaluated against current doctrine.
Scenario specifics must be captured
When scenario training occurs, the scenarios themselves should be documented: environment simulated, tactical challenges presented, evaluation criteria, and individual officer performance.
Refresher status must be explicit
Records should distinguish initial training from refresher training and should show the cumulative currency for each officer. An officer’s training summary should be able to produce, on demand, the date of their most recent active threat training and the nature of that training.
Multi-agency participation must be captured
When training involves other agencies, the record should identify which agencies participated and what the coordination objectives were. Multi-agency training records have specific documentation value that single-agency records do not.
Building the Program
For agencies looking to bring active threat training documentation to current standards, the path has four steps.
Audit current state. For every sworn officer, identify their most recent active threat training event, what tactical model it taught, and whether scenario-based training was included.
Close currency gaps. Officers whose most recent active threat training is more than twelve months old, or was classroom-only, should be scheduled for updated training with the gaps explicitly identified.
Build annual cycle. Adopt an annual active threat training cycle that includes classroom refresher, scenario-based practical application, and — where possible — multi-agency coordination exercises.
Align documentation fields. Ensure that training records capture the six elements post-incident reviews examine: initial training, refresher cadence, tactical model, scenario application, multi-agency coordination, and medical integration.
Frequently Asked Questions
What is active threat response training?
Active threat response training prepares officers to respond rapidly to ongoing incidents involving an active assailant, typically an active shooter. Modern doctrine emphasizes immediate entry by responding officers, rapid movement toward the threat, single-officer and small-team tactics, and coordinated multi-agency response. Training covers tactics, communication, medical integration, and decision-making under extreme time pressure.
What documentation do post-incident reviews now expect?
After major active threat incidents, state AARs and federal post-incident reviews now examine individual officer training records for active threat response specifically: whether the officer completed initial training, how recently they completed refresher training, whether scenario-based exercises were documented, and what the agency’s overall training frequency has been. Vague entries that reference “active shooter training” without specifics are no longer sufficient.
How often should active threat response training occur?
Current industry consensus and most state standards favor annual active threat response training at minimum, with scenario-based or force-on-force training recommended at the same cadence. Many agencies train quarterly, particularly where multi-agency coordination is a program element. The frequency should reflect both the operational risk profile of the jurisdiction and the perishability of the tactical skills involved.
For the documentation framework that active threat records must satisfy, see the training documentation pillar guide. For the judgment-training requirement that applies to active threat scenarios, see our analysis of Zuchel v. Denver.
The training record a post-incident review actually examines.
BrassOps captures active threat training with the tactical model, scenario detail, multi-agency participation, and currency reviews now demand.
Request a Demo