Timeline and verified event record
Establish what occurred, when, where, who was involved, what systems were active, and what actions followed.
Establish what happened, preserve the record, and correct the system.
The STEAD Incident Investigation, Evidence, and After-Action Review framework defines how correctional agencies preserve evidence, establish facts, protect due process, coordinate investigations, identify root causes, assign corrective action, and verify that systemic weaknesses were resolved.
Investigation purpose
Correctional incidents may involve operational failure, misconduct, criminal activity, healthcare, infrastructure, technology, staffing, training, policy, or command.
No single review method can answer every question. STEAD separates immediate fact preservation, criminal investigation, administrative review, clinical review, technical analysis, and after-action improvement.
The objective is to protect evidence and due process while still giving leadership the information needed to correct urgent systemic risk.
Investigation domains
Establish what occurred, when, where, who was involved, what systems were active, and what actions followed.
Preserve physical, digital, documentary, photographic, video, audio, device, and system evidence.
Coordinate with authorized investigators, prosecutors, law enforcement, and courts when criminal conduct may be involved.
Review compliance, authority, supervision, decision-making, training, reporting, discipline, and organizational responsibility.
Evaluate access, triage, treatment, medication, documentation, continuity, clinical judgment, and professional standards.
Review systems, devices, alarms, communications, utilities, cybersecurity, maintenance, configuration, and recovery.
Examine staffing, posts, movement, response, communications, logistics, coordination, and continuity of essential functions.
Identify recurring conditions, design weakness, resource gaps, policy conflict, cultural issues, and broader statewide implications.
Investigation principle
Accountability is incomplete when the institution punishes a person but leaves the failed system unchanged.
Individual responsibility and systemic responsibility are not mutually exclusive. A serious incident may involve misconduct while also revealing weak staffing, poor design, inadequate training, broken equipment, or unclear policy.
STEAD requires investigators and reviewers to identify both direct actions and the conditions that made failure more likely.
The final measure is not how quickly a report is closed. It is whether the institution became safer, clearer, and more reliable afterward.
Evidence and review controls
Responsible agencies, units, reviewers, prosecutors, clinicians, and technical experts have documented roles.
Relevant records, media, devices, scenes, logs, communications, and physical evidence are secured.
Collection, transfer, access, examination, storage, disclosure, and disposition remain documented.
Material conflicts are disclosed, reviewers are separated where practical, and outside review is available.
Interviews are authorized, recorded or documented, protected, and conducted with appropriate rights.
Clinical, personnel, legal, victim, investigative, and security-sensitive information receives controlled access.
Findings are disclosed according to law, due process, privacy, public records, security, and oversight requirements.
Every material finding has an owner, deadline, resource plan, temporary control, and verification method.
Incident review cycle
Complete immediate response, medical care, accountability, containment, and preservation.
Freeze relevant systems, retain media, secure physical evidence, and prevent loss or alteration.
Determine criminal, administrative, clinical, technical, operational, legal, and oversight needs.
Build timelines, interview witnesses, examine systems, compare policy, and verify facts.
Identify direct actions, contributing conditions, control breakdowns, recurring patterns, and unresolved uncertainty.
Update policy, staffing, facilities, equipment, training, technology, contracts, healthcare, or command.
Audit completion, test controls, review outcomes, and confirm that risk was reduced.
Translate verified lessons into training, standards, procurement, facility design, governance, and future readiness.
STEAD Incident Investigation and After-Action Review
STEAD combines evidence preservation, chain of custody, criminal and administrative review, clinical and technical analysis, root-cause identification, corrective ownership, independent verification, and statewide standardization.