How to Draft a Workplace Violence Prevention Plan (WVPP) That Meets California SB 553 for Multi-Location Employers
California SB 553 requires most California employers to adopt a written Workplace Violence Prevention Plan (WVPP) and begin maintaining a violent-incident log by July 1, 2024. Multi-location employers face added complexity because the WVPP must be implemented at each worksite and coordinated across different operational realities. This article explains how to draft a compliant WVPP for multi-site operations, align it with Cal/OSHA expectations, and reduce enforcement and liability risk.
What SB 553 Requires—and Why Multi-Location Employers Need a Different Drafting Approach
California Senate Bill 553 created a statewide workplace violence prevention framework that is enforced through Cal/OSHA. For most employers, compliance centers on four operational pillars: (1) a written Workplace Violence Prevention Plan (WVPP), (2) effective implementation at the worksite level, (3) training for employees (and certain supervisors), and (4) documentation, including a violent-incident log and record retention.
For multi-location employers, the legal risk is rarely the absence of a “plan on paper.” The risk is that a single corporate template fails to reflect site-specific hazards, reporting paths, facility access controls, after-hours procedures, or local law enforcement coordination. Cal/OSHA citations often turn on whether a program is effectively implemented and tailored to actual conditions—not whether the document looks polished.
Step 1: Confirm Coverage, Exemptions, and Overlapping Programs
Before drafting, determine whether your workforce or specific worksites qualify for an exemption or are subject to overlapping standards. SB 553 generally applies broadly, but there are limited exceptions (for example, certain employers already covered by the healthcare workplace violence prevention standard, and some small employers with no public access and minimal workforce, depending on the statutory criteria). Multi-location employers frequently have a mix of operations—retail, distribution, field service, corporate offices—so coverage should be evaluated by worksite and operation.
Practice tip: Create a coverage matrix listing each California location, headcount, public-facing status, hours of operation, and any existing safety/security programs (IIPP, emergency action plans, security vendor protocols). This becomes the backbone for a WVPP that is consistent at the corporate level but tailored locally.
Step 2: Choose the Right WVPP Structure for Multiple Sites
Multi-location employers typically use one of three structures:
Option A: One Statewide WVPP + Site Addenda
This is usually the best balance of consistency and defensibility. The statewide WVPP sets minimum standards and required elements. Each location then adopts an addendum that captures site-specific hazards, reporting contacts, facility layout considerations, and local procedures.
Option B: Separate WVPPs for Each Location
This approach can work for highly diverse operations (e.g., a logistics hub vs. a downtown retail flagship). The downside is administrative burden and higher risk of internal inconsistency.
Option C: Hybrid WVPP by Business Unit
Employers with distinct divisions (e.g., stores vs. field services) may adopt division-level WVPPs with location addenda. This can reduce duplication while still capturing operational differences.
Drafting goal: Cal/OSHA should be able to see (1) a compliant core program and (2) credible evidence that each location identified and addressed its own risks.
Step 3: Include the Required WVPP Elements—Drafting Checklist
SB 553 requires a WVPP that addresses workplace violence hazards and contains specific procedural components. While exact formatting can vary, the document should clearly cover the following categories in a way that can be implemented at each worksite:
1) Responsibility and Authority
Identify who is responsible for implementing the WVPP at the corporate level and at each site. Multi-location employers should name:
- Corporate WVPP Administrator (often HR, EHS, Risk, or Security)
- Site WVPP Coordinator (e.g., store manager, facilities manager, operations lead)
- Backups for after-hours and absences
Include decision-making authority for urgent controls (e.g., adding security staffing, changing entry protocols, pausing operations, removing individuals from premises).
2) Employee Involvement and Communication
The WVPP should explain how employees can participate in hazard identification and how the employer will communicate about workplace violence concerns. For multi-site operations, ensure that communication channels are consistent and accessible across locations (e.g., hotline, reporting portal, local manager reporting, union reporting where applicable).
Non-retaliation language should be explicit: employees must be able to report threats, stalking concerns, domestic violence spillover risks, or security gaps without fear of discipline for making a good-faith report.
3) Procedures to Accept and Respond to Reports
Spell out how employees report concerns and how management responds. A compliant WVPP should define:
- What to report (threats, assaults, harassment escalating toward violence, weapons concerns, credible online threats)
- How to report (immediate danger vs. non-emergency)
- Response steps (separation, medical response, law enforcement contact, evidence preservation)
- Who investigates and timelines
Multi-location drafting tip: Provide a “universal” reporting process plus a site addendum listing local emergency numbers, building security contacts, and escalation paths.
4) Incident Response, Investigation, and Corrective Actions
The plan should require prompt investigation of workplace violence incidents and close the loop with corrective measures. For multiple locations, standardize the investigation packet (witness form, video request, evidence checklist) while allowing sites to add local steps (e.g., landlord coordination in multi-tenant buildings).
Corrective actions should be realistic and specific. Examples:
- Reconfiguring customer service counters to add distance and egress routes
- Badging changes and visitor management at office sites
- Two-person closing procedures for retail locations
- Cash-handling controls and signage to deter robberies
- Restraining order/workplace stay-away order coordination where appropriate
5) Hazard Assessment and Periodic Review
SB 553 compliance is not “set it and forget it.” Your WVPP should require workplace-specific hazard assessments and periodic reviews, including after incidents and when conditions change (staffing, hours, remodeling, new services, neighborhood conditions).
Multi-location best practice: Use a standardized hazard assessment tool, but require a site walk-through and site sign-off. Cal/OSHA will expect that the assessment reflects the site’s actual conditions—not just corporate assumptions.
6) Training
The WVPP should detail training content, frequency, and documentation. Multi-location employers should ensure training is consistent statewide while allowing site-specific modules (e.g., how to use panic buttons at certain stores; how to contact building security at certain offices).
Training topics commonly include:
- How to report hazards and incidents
- How to seek help and emergency response procedures
- De-escalation fundamentals appropriate to the workplace
- How the employer will investigate and correct hazards
- How to access the WVPP and incident log information as permitted
Documentation: Maintain rosters, dates, trainer names, materials, and proof of completion for each site.
Step 4: Build a Violent-Incident Log That Works Across Locations
SB 553 requires employers to maintain a violent-incident log with defined data elements. Multi-location employers should implement a centralized system to ensure consistent categorization and retention, while allowing locations to initiate entries quickly.
Design choices that reduce risk:
- Standard definitions for incident types and severity to avoid underreporting or inconsistent entries
- Role-based access to protect sensitive information while enabling compliance
- Uniform “minimum required fields” plus optional fields (e.g., whether a restraining order exists; whether trespass notice was issued)
- Linkage to corrective actions (so the log supports your prevention story)
Example: A multi-site retailer uses a single incident platform where store managers enter initial details within 24 hours, corporate security reviews within 48 hours, and HR/EHS finalize categorization and corrective actions within 7 days. This creates auditable consistency while preserving speed.
Step 5: Address High-Risk Scenarios with Site-Specific Controls
A WVPP is stronger when it anticipates foreseeable scenarios. Multi-location employers should include a “scenario annex” and let sites select applicable modules. Common California scenarios include:
Retail and Customer-Facing Sites
- Robbery deterrence and response protocols
- Refusal-of-service procedures and when to call security/law enforcement
- Queue management and crowd control during promotions
- Trespass notices and repeat-offender tracking (consistent with privacy rules)
Corporate Offices and Multi-Tenant Buildings
- Visitor sign-in, badges, and access control
- Coordination with property management and building security
- After-hours access rules and escort procedures
Warehouses, Distribution, and Industrial Operations
- Gate control, driver check-in procedures
- Conflict management in high-stress production environments
- Weapon policy enforcement and search limitations (coordinate with counsel)
Field Services and Mobile Work
- Client-home visit protocols (check-ins, two-person rules where necessary)
- Stop-work authority for threatening environments
- Vehicle safety, routing, and communications escalation





















