California SB 553

California Senate Bill 553 amended Labor Code sections 6401.9 and 6401.10, making full workplace violence prevention plans (WVPPs) mandatory for nearly every employer beginning 1 July 2024. Only a narrow set of workplaces—such as healthcare settings already covered by Section 3342, law enforcement agencies, and worksites with fewer than ten on-site employees that are not open to the public—are exempt. The statute requires written plans accessible to employees, active worker participation in hazard controls, incident response protocols, annual training, and detailed violent incident logs retained for five years. Compliance leaders must integrate SB 553 with Cal/OSHA Injury and Illness Prevention Programs (IIPP), collective bargaining commitments, and enterprise security operations to create a single, auditable operating model.

The legislation codifies minimum elements for every WVPP: assignment of responsible persons; effective communication methods for reporting threats without retaliation; procedures for identifying and correcting environmental and operational hazards; post-incident response and investigation steps; coordination with law enforcement; and systems for review after incidents, major changes, or at least annually.

Cal/OSHA’s model plan and FAQ add specificity on training content, recordkeeping, and union consultation. Employers that fail to comply face Cal/OSHA enforcement actions ranging from orders to take special action through civil penalties, and serious violations can carry fines exceeding $25,000 per instance.

Key obligations in detail

• Written WVPP structure. Plans must enumerate roles and responsibilities, processes for hazard identification (scheduled inspections, employee reports, analysis of past incidents), corrective measures, emergency response, and review cadence. The plan must be tailored to each worksite’s hazards, not boilerplate.
• Employee participation. SB 553 mandates engagement of employees and collective bargaining representatives in hazard assessments, mitigation planning, and post-incident reviews. Employers must document invitations, feedback, and responses.
• Training program. Initial training for all employees must cover plan elements, job-specific risks, reporting procedures, de-escalation strategies, and resources for victims. Refresher training is required annually and whenever new hazards emerge, new equipment is introduced, or employees show lack of understanding.
• Incident response and investigation. Plans must outline immediate response actions (medical care, evacuation, security coordination), procedures for summoning assistance, and structured investigations that analyze root causes and corrective actions.
• Violent incident log. Employers must maintain a confidential log capturing the date, time, location, type of workplace violence (as defined by SB 553 categories), a detailed description, the perpetrator relationship, consequences, and corrective measures. Logs must remove personal identifying information and be retained for at least five years.
• Record retention and access. Plans, training records, and incident logs must be provided to Cal/OSHA upon request and to employees or their representatives within 15 calendar days.
• Coordination with contractors and visitors. The WVPP must include processes for communicating hazards and expectations to temporary workers, contractors, vendors, and visitors, ensuring coverage for multi-employer worksites.

Control mapping and standards alignment

To avoid fragmented documentation, map SB 553 controls to enterprise frameworks:

• Cal/OSHA IIPP: Integrate WVPP hazard identification, correction, and training requirements with IIPP elements 3203(a)(4)–(7) to consolidate inspections, corrective actions, and training rosters.
• ISO 45001: Align WVPP governance with clauses 5 (leadership and worker participation), 6 (planning), and 8 (operational control) of the occupational health and safety management standard, using existing risk registers and internal audits.
• NIST SP 800-53 and 800-82: Map physical and logical security measures (for example, access controls, monitoring, alarm systems) to PE-3, PE-6, and IR controls to ensure technology operations support SB 553 hazard mitigations.
• Enterprise security operations: Feed WVPP reporting channels into security operations centers, visitor management tools, and workplace violence threat assessment teams to enable rapid escalation and digital evidence capture.
• Labor relations frameworks: Incorporate WVPP commitments into collective bargaining agreements, joint labor-management safety committees, and documentation that shows “meet and confer” obligations were satisfied.

Implementation timeline and milestones

Window	Compliance priority	Control activities
Days 1–30 (July 2024)	Baseline gap analysis	Inventory existing violence prevention policies, site security procedures, HR protocols, and collective bargaining agreements; identify coverage gaps against SB 553 checklist; assign accountable executives and site coordinators.
Days 31–60	Plan development	Draft WVPP for each worksite, embed site-specific hazards, obtain stakeholder review (HR, security, legal, operations, labor), and publish employee-facing versions.
Days 61–90	Training and operationalisation	Launch instructor-led or e-learning training aligned with Cal/OSHA topics, track completion, run tabletop exercises, and stand up violent incident log tooling.
Days 91–180	Stabilization	Conduct hazard inspections with employee participation, test communication channels (panic buttons, hotlines), refine investigation templates, and begin quarterly WVPP effectiveness reviews.
Ongoing	Continuous improvement	Review incidents, near misses, and environmental changes; update controls; coordinate with law enforcement and emergency responders; provide annual plan reviews to executives and safety committees.

Workstream ownership

• Governance and policy: Chief Human Resources Officer and Safety Director co-own WVPP creation, policy publication, and coordination with legal and compliance.
• Security operations: Corporate security leads manage threat assessment teams, physical security improvements (lighting, access control, surveillance), and incident response protocols.
• Facilities and operations: Site managers execute hazard mitigation projects, maintain visitor management controls, and ensure signage and safe design.
• Labor and employee relations: HR business partners liaise with unions, document participation, and address retaliation concerns.
• Learning and development: Training teams design curricula, schedule sessions for employees, supervisors, and managers, and capture evaluation metrics.
• Risk and audit: Enterprise risk and internal audit functions validate WVPP setup, review incident logs, and report on compliance posture to leadership and boards.

Technology and data enablement

• Deploy incident management platforms or case management modules that support SB 553 log fields, workflow routing, and secure document storage.
• Integrate access control systems, visitor management data, CCTV analytics, and HR case tracking to provide a single source of truth for threat assessments.
• Implement anonymous reporting tools (hotlines, mobile apps) and ensure languages and accessibility requirements match workforce demographics.
• Develop dashboards for executives showing training completion, incident trends, hazard remediation status, and open corrective actions.

Metrics and assurance

• Track WVPP training completion by role and contractor status; escalate overdue training within five business days.
• Maintain a hazard mitigation log showing closure rates, time-to-corrective-action, and residual risk ratings.
• Monitor incident trends (type I–IV violence categories), time to notification, law enforcement involvement, and recurrence rates to inform program improvements.
• Schedule internal audits every six months to test plan accessibility, employee knowledge, and log completeness; document remediation plans and follow-up dates.
• Report quarterly to executive leadership on WVPP performance, major incidents, corrective investments, and union engagement outcomes.

Action plan for clients

1. Launch a WVPP steering committee. Include HR, security, operations, legal, and labor representatives; meet weekly through initial setup, then monthly.
2. Conduct site-specific risk assessments. Use walkthroughs, employee interviews, review of incident history, and integration of security data to identify environmental and procedural hazards.
3. customize WVPP documentation. Develop plan templates with site-specific annexes covering floorplans, security technologies, and emergency contacts; translate for multilingual workforces.
4. Establish violent incident logging workflows. Configure case management, assign investigation leads, define root cause analysis steps, and embed follow-up verification tasks.
5. Design training experiences. Combine scenario-based workshops, e-learning, and microlearning refreshers; evaluate comprehension with knowledge checks and feedback forms.
6. Prepare for Cal/OSHA engagement. Maintain organized documentation, rehearse inspection protocols, and align messaging with counsel to manage regulatory inquiries.

This brief supports California employers by integrating SB 553 workplace violence controls into enterprise governance, risk, and security platforms—delivering defensible evidence, faster hazard remediation, and transparent reporting to employees, unions, and regulators.

You may also find useful

Hand-picked articles on adjacent topics.

Compliance · Credibility 86/100 · June 10, 2024

Risk Management Program

EPA's Safer Communities rule tightened RMP requirements for chemical facilities in June 2024. Better incident prevention, emergency response, and community notifications. If you handle hazardous chemicals, update your…

Compliance · Credibility 91/100 · May 31, 2024

Compliance — FCA anti-greenwashing

The FCA’s anti-greenwashing rule is now in force, requiring all authorized firms to ensure sustainability-related claims are fair, clear, and not misleading across products and communications.

Compliance · Credibility 91/100 · May 28, 2024

Compliance — T+1 settlement

The U.S. securities industry transitions to a T+1 settlement cycle, requiring broker-dealers, investment advisers, and clearing agencies to accelerate post-trade processing and allocations.

Compliance · Credibility 89/100 · May 21, 2024

EU AI Act

The Council of the European Union gave final approval to the AI Act, clearing the last legislative hurdle before publication and staged enforcement.

Compliance · Credibility 87/100 · August 12, 2024

EU Deforestation Regulation

EU Deforestation Regulation due diligence requirements rolled out in 2024. Companies importing commodities like palm oil, soy, cocoa, and coffee need to verify products are not linked to deforestation. Supply chain…

Continue in the Compliance pillar

Return to the hub for curated research and deep-dive guides.

Visit pillar hub

Latest guides

• Third-Party Risk Oversight Playbook

  Operationalize OCC, Federal Reserve, EBA, and MAS outsourcing expectations with lifecycle controls, continuous monitoring, and board reporting.

• Compliance Operations Control Room

  Implement cross-border compliance operations that satisfy Sarbanes-Oxley, DOJ guidance, EU DORA, and MAS TRM requirements with verifiable evidence flows.

• ESG Assurance Operating Guide

  Deploy credible ESG assurance across CSRD, SEC climate disclosure, and ISSA 5000 requirements with regulator-aligned controls, data governance, and audit-ready evidence.

Coverage intelligence

Published

July 1, 2024

Coverage pillar

Compliance

Source credibility

85/100 — high confidence

Topics

California SB 553 · Workplace violence prevention · Cal/OSHA · Labor compliance

Sources cited

3 sources (leginfo.legislature.ca.gov, dir.ca.gov, iso.org)

Reading time

6 min

Documentation

1. California SB 553 statutory text — leginfo.legislature.ca.gov
2. Cal/OSHA workplace violence prevention FAQ — dir.ca.gov
3. ISO 37301:2021 — Compliance Management Systems — International Organization for Standardization