California SB 553 changed workplace violence prevention from a best practice into a written requirement. As of July 1, 2024, most California employers must have a documented Workplace Violence Prevention Plan, a Violent Incident Log, employee training, and a defined response process — all enforceable by Cal/OSHA. Compliance isn't a binder on a shelf. It's a working set of procedures that a regulator, a plaintiff, or an injured employee can put to the test, and a plan that can't be executed on the worst day isn't really a plan.
What SB 553 actually is
Senate Bill 553 was signed into California law in September 2023 and took effect July 1, 2024. It's codified at California Labor Code § 6401.9 and is enforced by Cal/OSHA. The law applies broadly to California employers (with limited exceptions, including small employers with under ten on-site at a time, fully remote workforces, and certain healthcare facilities already covered by Cal/OSHA's pre-existing Workplace Violence Prevention in Healthcare standard). The Cal/OSHA workplace violence prevention page is the authoritative source for current guidance, the model plan, FAQs, and fact sheets.
Who has to comply
The default assumption: if you have any employees physically present at a California worksite, SB 553 likely applies. The exceptions are narrow. Multi-state employers with even a single California office or branch are not exempt. Distributed-workforce employers should check carefully whether onsite vendor meetings, occasional in-office days, or California-based field employees trigger applicability. When in doubt, consult counsel — the cost of a compliance gap is higher than the cost of confirming.
The plan elements you have to document
A compliant Workplace Violence Prevention Plan must include, at minimum:
- Names and job titles of personnel responsible for implementation.
- Effective procedures to involve employees and their representatives in developing and implementing the plan.
- Methods for communicating the plan to employees.
- Procedures for accepting and responding to reports of workplace violence, including anti-retaliation language.
- Procedures to ensure compliance from supervisors and employees.
- Procedures for emergency response, including alerting employees of an active threat and obtaining help.
- Procedures for developing and providing training (initial and annual).
- Procedures for post-incident response and investigation.
- Procedures for identifying and evaluating workplace violence hazards, and correcting them.
- Procedures for annual plan review and revision.
Cal/OSHA publishes a model plan you can start from, but a model isn't a finished plan — it's a template that you tailor to your sites, your industry, and your actual incident history.
The Violent Incident Log that nobody talks about
Beyond the written plan, SB 553 requires a Violent Incident Log — a separate record of every workplace violence incident or threat. For each event, the log must capture details such as the date, time, location, type of incident, the people involved (by role, not identifying detail), consequences, and any law-enforcement involvement. Logs must be retained for at least five years. This is the part of the rule that most often surfaces a tooling gap. A spreadsheet works on paper. In practice, when a regulator asks for "every workplace violence incident, threat, or near-miss in the last three years," organizations without a structured intake-and-record workflow scramble.
Where most plans break down: response procedures
Plans that read well on paper often collapse at the response step. The plan says "notify employees of an active threat," but doesn't specify how — which channels, who has authority to fire the alert, what the message templates are, or how the company will know employees received it. The plan says "obtain emergency help," but the protocol for getting a panic signal from a field employee to dispatch in seconds doesn't exist.
The cleanest test of any plan is whether a new supervisor, on day three, could execute the response steps without having to ask anyone. If the answer is no, the plan is documentation, not procedure. Response procedures need to map to actual tools — pre-built message templates, a defined alert workflow with role-based access, a panic mechanism that works without a phone call, and a way to account for everyone after.
How your operational tooling supports compliance
SB 553 doesn't mandate a specific platform, but the procedures it requires are easier to defend when they're built on tools designed for them. A few practical mappings:
- Active-threat alerting — Castatus Crisis Manager fires SMS, voice, push, email, and desktop alerts in parallel, with two-way response so supervisors know who is safe, who needs help, and who hasn't checked in.
- Discreet panic signaling for field and lone workers — SafeStatus lets an employee trigger a silent alert with location attached, whether or not they can speak.
- Front-desk screening and physical access — Visitor Manager watchlist screening pauses badge printing for banned or barred individuals, and produces an audit trail of every match and decision.
- Incident records and after-action reports — per-incident logs from Crisis Manager capture who was notified, when, on what channels, and who responded — exactly the kind of record an SB 553 Violent Incident Log entry needs to reference.
None of this replaces the plan or the training. It does ensure the plan can be executed when the moment comes, and that the record proving it was executed exists by default.
For multi-state employers: SB 553 is the template, not the ceiling
If you operate in multiple states, SB 553 will almost certainly become the floor for your nationwide workplace violence program. Other states are following California's lead — New York's Retail Worker Safety Act took effect in 2025, and similar bills are in various stages elsewhere. Rather than running parallel programs, most multi-state safety leaders are building one program that meets California's bar and applying it everywhere. It's simpler operationally, defensible legally, and signals duty of care to the workforce.
What to do this week
Three concrete steps. First: pull your current plan and check it against the ten required elements above — any "we'll handle it case by case" answers are gaps. Second: walk through your active-threat response procedure with a new-hire supervisor and ask them to execute it on paper — wherever they stop, that's a process gap. Third: pull the last twelve months of workplace incidents, threats, and near-misses and confirm each one is captured in a way that meets the Violent Incident Log requirements. Anything missing is your starting list.