California's SB-553 went into effect July 1, 2024. In the nearly two years since, Cal/OSHA has been enforcing it — and a pattern of compliance failures has emerged. Most of them are not complicated. Most of them are fixable. Most of them are also avoidable with a program built by someone who has read the law, not just downloaded the model template.
Here are the seven failures we see most consistently.
Failure 1: Using the Cal/OSHA Template as the Final Product
Cal/OSHA published a model WVPP to help employers understand what the law requires. The model plan is a useful starting point and a terrible ending point. The law explicitly requires the plan to be specific to the hazards and corrective measures for each work area and operation.
A compliance officer reviewing a WVPP can identify a filled-in template in minutes. The generic hazard language, the boilerplate procedures, and the absence of any site-specific detail are immediately visible. A template-based plan is not a compliant plan — it is evidence that no one actually analyzed the organization's specific threat environment.
The fix: The hazard assessment section must reflect the actual physical environment, the actual employee population, and the actual incident history of the specific locations in scope. Generic language does not pass inspection.
Failure 2: A Violent Incident Log That Logs Only Injuries
The law requires documentation of every workplace violence incident — including threats, near-misses, verbal altercations, threatening communications, and post-incident responses — regardless of whether anyone was physically injured.
Most organizations that have a Violent Incident Log have one that records only incidents where someone was hurt. The unreported near-misses and threat communications that make up the majority of workplace violence events are missing entirely.
The fix:Adopt a Violent Incident Log format that captures all SB-553 required elements — incident type (Type 1–4), date, time, location, description, circumstances, consequences, and corrective measures — for every event meeting the definition of workplace violence. Train supervisors and HR on what triggers a log entry. Build the log entry into your incident response procedure so it happens automatically.
Failure 3: Training Records That Cannot Be Produced
SB-553 requires initial training when the plan is established and annual retraining thereafter. It also requires that training include interactive discussion — not just a video or slideshow. Training records must be maintained for a minimum of one year.
The failure is almost never that training did not happen. The failure is that no one documented it in a retrievable format. A verbal confirmation that “we did training in August” does not satisfy a Cal/OSHA records request. A sign-in sheet, a completion certificate, or a learning management system record does.
The fix:Document every training session — date, location, facilitator, attendees, topics covered, and the interactive discussion element. Store records in a centralized location with clear retention. Calendar the annual retraining before the prior year's records are due to expire.
Failure 4: Treating “Interactive Discussion” as Optional
The training requirements under SB-553 explicitly include “opportunities for interactive discussions with someone knowledgeable about the employer's plan.” A pre-recorded video with no Q&A component does not satisfy this requirement.
This failure is particularly common in organizations that deployed a compliance training solution at the July 2024 deadline. Many available training products are passive — employees watch, click through, and receive a completion certificate. That certificate documents attendance at passive training, not compliance with the interactive discussion requirement.
The fix:Build a live component into your annual training — even a 20-minute facilitated discussion following a recorded module satisfies the requirement if it is documented. The facilitator must be knowledgeable about the employer's specific plan, not just workplace violence generally.
Failure 5: A Plan That Has Never Been Reviewed
The WVPP must be reviewed annually, after any workplace violence incident, and whenever a deficiency is identified. A plan created in June 2024 with no documented review as of mid-2026 is out of compliance — not because the plan is bad, but because no review happened.
The review requirement is about organizational learning, not paperwork. The law expects employers to look at what has happened, assess whether the plan is working, and update it accordingly. An organization with a well-designed plan and a documented annual review is in a very different position than one with the same plan and no record of any review.
The fix: Schedule the annual review as a recurring calendar event. Document what was reviewed, who participated, whether any incidents occurred in the prior year, what changes were made, and the date. Even a brief review memo satisfies this requirement if it is genuine.
Failure 6: The Hazard Assessment Does Not Cover All Work Areas
SB-553 requires hazard identification and evaluation for each work area. An organization with a front office, a warehouse, a loading dock, and a parking lot has four distinct work areas — each with different threat profiles, different population characteristics, and different corrective measures.
A single-page hazard assessment covering “the workplace” generically fails this requirement for any organization with multiple distinct environments. Type 1 violence (stranger violence — robbery, random assault) is primarily a risk at points of public access. Type 3 violence (worker-on-worker) is primarily a risk where employee tensions develop. These environments require different assessments and different corrective measures.
The fix:Conduct and document a hazard assessment for each distinct work area. Identify the specific hazards relevant to that environment, the population at risk, and the corrective measures in place or needed. This does not need to be a lengthy document — a thorough one-page assessment per work area is sufficient.
Failure 7: No Named Responsible Person
The WVPP must identify the names or job titles of the individuals responsible for implementing and maintaining the plan. “Management” or “HR” does not satisfy this requirement. A specific named individual or a specific named position must be designated.
This failure is administrative but meaningful. Cal/OSHA uses the named responsible person to assign accountability and to identify who should be interviewed during an inspection. An organization that cannot produce a named responsible person has, in effect, told the inspector that no one actually owns the program.
The fix:Name a specific person — by name and title — in the plan. If the responsible person changes, update the plan. The named person should be the individual who would actually respond if Cal/OSHA called about the program. Make sure that person knows they are named, what the plan requires, and how to access the documentation they would need in an inspection.
The Common Thread
Every one of these failures traces back to the same root cause: the WVPP was built to check a box rather than to function as a real program. The law anticipated this tendency — which is why it requires site-specificity, documented training, interactive elements, annual review, and named accountability. Each of these requirements exists to prevent organizations from producing paper that looks like compliance without achieving it.
The organizations that will face the most difficulty as Cal/OSHA enforcement matures and the permanent standard is adopted are the ones that took the minimum-effort path in 2024. The organizations that built real programs are positioned to maintain compliance as an incremental update rather than a crisis response.
Kestralis Group's SB-553 Readiness Assessment evaluates your program against all compliance requirements and delivers a written findings report with a prioritized remediation roadmap. Most assessments are completed within five business days. Contact us to get started.
