Is this checklist OSHA WVP-aligned?

Yes. Every line item maps to the elements OSHA covers in its workplace violence guidance and prevention publications (3148-04R for healthcare + social services; 3153-12R for late-night retail; the broader OSHA Workplace Violence topic page). Because OSHA enforces workplace violence under the General Duty Clause (OSH Act §5(a)(1)) rather than a single dedicated standard, the checklist organizes line items by the seven program areas OSHA inspectors and area office investigators look for: risk assessment, written program, leadership + employee involvement, controls, training, recordkeeping, and incident response.

Is Cal/OSHA SB 553 covered?

Yes. SB 553 (effective July 1, 2024) added California Labor Code §6401.9 and Title 8 §3343, requiring nearly every California employer to maintain a written Workplace Violence Prevention Plan with specific elements, train workers initially and annually, retain a violent incident log for at least five years, and involve employees in plan development. The checklist's SB 553 section maps line items to each Title 8 §3343 element so the completed document is the document Cal/OSHA asks for during an inspection.

How do I set up a threat assessment team?

Use the Threat Assessment Team section (4 items). It walks the cross-functional team formation (HR, Security, Legal, EAP / mental health, Operations, with an optional law enforcement liaison), the escalation pathway with timing standards from ASIS WVPI (intake within 24 hours, investigation within 72 hours, mitigation plan within 7 days), the four-tier threat categorization framework (low / moderate / high / imminent) with behavioral indicators, and the documented decision-authority protocols for administrative leave, fitness-for-duty referrals, no-trespass orders, and restraining-order coordination.

Does this cover Run-Hide-Fight and lockdown drills?

Yes. The Active-Threat Response section covers the FBI / DHS Run-Hide-Fight protocol with role-play drill cadence, evacuation routes, and hide-in-place hardening; lockdown procedures with mass-notification system requirements and a lockdown-versus-shelter-in-place decision tree; and law enforcement coordination including pre-incident site walkthroughs, floor plans on file, incident-command integration, and after-action review. Together these three line items map to the active-threat program a corporate-security director typically delivers to the executive team and the local police agency.

Is there healthcare-specific content (1910.1030 BBP cross-references)?

Yes. The checklist tags healthcare clinicians, ED + behavioral-health units, and home-health workers in the vulnerable-roles inventory (RA-2), and the post-incident response item (AC-3) cross-references the OSHA Bloodborne Pathogens standard (29 CFR 1910.1030) for exposure follow-up where physical assault produces a bodily-fluid exposure event. Healthcare and social services have the highest rate of intentional injury by another person in BLS data, and the checklist maps to the OSHA 3148 healthcare-specific WVP guidelines so a hospital safety committee or a long-term-care administrator can use the same document Cal/OSHA and OSHA expect to see.

Free Download · WVP

The workplace violence prevention checklist

Risk assessment, written WVP plan, threat assessment team, engineering + administrative controls, Cal/OSHA SB 553 evidence, and Run-Hide-Fight active-threat response, every element OSHA's general duty enforcement and California Title 8 §3343 expect, on one document. Built for HR Directors, Safety Officers, and Corporate Security leaders running a WVP program without a six-figure consulting engagement.

Download free See physical security platform

No credit card · No call required · Instant link

Free

PDF · 22 pages · last updated 2026

Workplace Violence Prevention Checklist

OSHA WVP · Cal/OSHA SB 553 · ASIS WVPI aligned

Risk Assessment + Written Plan
Section 1
9 items
Threat Assessment Team
Section 2
4 items
Engineering + Admin Controls
Section 3
6 items
SB 553 + Active-Threat Response
Section 4
6 items

What's inside

Every element of a defensible WVP program, mapped to OSHA, Cal/OSHA, and ASIS

25 line items grouped by the seven WVP program areas regulators and threat assessors actually review. The order mirrors how an OSHA inspector or a Cal/OSHA SB 553 audit reads your file, risk first, written plan second, controls and response last.

Risk Assessment

Risk Assessment · Foundation

RA-1 · Workplace exposure analysis (Type I criminal intent · Type II customer / client · Type III worker-on-worker · Type IV personal relationship)
RA-2 · Vulnerable roles + areas inventory (lone workers, late-shift, public-facing, cash handling, healthcare clinicians, parking lots, reception)
RA-3 · Prior-incident review (OSHA 300 logs, security reports, near-misses, threats, minimum 5-year lookback per Cal/OSHA SB 553)
RA-4 · Threat actor categorization (criminal, customer / patient, current or former employee, domestic / personal relationship)

Written WVP Plan

Written Plan · Program Document

WP-1 · Workplace violence policy statement (zero-tolerance, scope, definitions of threats + violence + intimidation)
WP-2 · Leadership commitment (named executive sponsor, board / C-suite sign-off, budget authority)
WP-3 · Employee involvement (front-line worker input on hazards, controls, and plan review, required by SB 553)
WP-4 · Training requirements (initial + annual, role-specific for high-risk staff, recordkeeping format + duration)
WP-5 · Plan review cycle (annual + after every reportable incident or significant operational change)

Threat Assessment Team

Threat Team · Cross-functional

TA-1 · Cross-functional team formation (HR, Security, Legal, EAP / mental health, Operations, optional law enforcement liaison)
TA-2 · Escalation pathway (intake form, triage 24h, investigation 72h, mitigation plan ≤7 days, ASIS WVPI standard)
TA-3 · Threat categorization framework (low / moderate / high / imminent, with defined behavioral indicators per category)
TA-4 · Decision authority + documented protocols (administrative leave, fitness-for-duty, no-trespass, restraining-order coordination)

Engineering Controls

Engineering · Physical Security

EC-1 · Physical security baseline (badge / card access, panic alarms at vulnerable stations, CCTV with retention, visitor management)
EC-2 · Workspace design (sight lines, barriers + counter heights, controlled entry, parking-lot lighting, secure refuge areas)
EC-3 · Lone-worker protections (mobile duress devices, check-in cadence, GPS for field staff, escort policy for late-shift)

Administrative Controls

Administrative · Behavioral

AC-1 · De-escalation training (verbal de-escalation, trauma-informed approach, situational awareness, initial + annual refresher)
AC-2 · Incident reporting (anonymous channel, threats + intimidation + near-misses, integrated with OSHA 300 / 301 forms)
AC-3 · Post-incident response (medical care, EAP referral, root-cause analysis, regulatory notification, return-to-work protocol)

Cal/OSHA SB 553

California · Title 8 §3343

SB-1 · Title 8 §3343 elements (every required plan section: risk identification, hazard correction, training, post-incident response, periodic review)
SB-2 · Training records (initial + annual + after material changes, with content + trainer + attendees + duration retained ≥1 year)
SB-3 · Violent incident log retention (≥5 years, employee + bargaining-rep access on request, no PHI / PII spillover)

Active-Threat Response

Active-Threat · Crisis Plan

AT-1 · Run-Hide-Fight training (FBI / DHS protocol, role-play drills, evacuation routes, hide-in-place hardening)
AT-2 · Lockdown procedures (mass-notification system, lockdown vs shelter-in-place decision tree, accountability + reunification)
AT-3 · Law enforcement coordination (pre-incident site walkthrough, floor plans on file, incident-command integration, after-action review)

Plus an active-threat tabletop drill template + post-incident debrief worksheet

The PDF appendix includes a Run-Hide-Fight tabletop drill scenario, the Cal/OSHA SB 553 violent-incident log template (≥5-year retention format), and the post-incident debrief worksheet ASIS WVPI uses for after-action review. 22 pages total.

Why use this checklist

Built for OSHA's general duty clause + Cal/OSHA SB 553, not for slideware

OSHA enforcement is real, even without a federal WVP standard. OSHA cites workplace violence under Section 5(a)(1) of the OSH Act, the General Duty Clause, when an employer fails to address recognized hazards causing or likely to cause serious harm. Healthcare workers (nearly 5x the national rate of intentional injury), retail and late-night service staff, social services, and corrections account for the largest share of OSHA general-duty workplace-violence citations. OSHA's published guidance and the 2024 Bureau of Labor Statistics Census of Fatal Occupational Injuries continue to put intentional injury by another person among the top causes of workplace fatalities every year.

OSHA · Workplace Violence Topic Page

Cal/OSHA SB 553 made WVP planning law for nearly every California employer. California Senate Bill 553, in effect July 1, 2024, added Labor Code §6401.9 and Title 8 §3343, requiring almost every California employer (with narrow healthcare and small-workplace exceptions) to maintain a written Workplace Violence Prevention Plan, train workers initially and annually, log violent incidents for at least five years, involve employees in plan development, and make records available to Cal/OSHA and bargaining representatives. The checklist mirrors the SB 553 element list one-to-one so the document you complete is the document Cal/OSHA asks for during an inspection.

DIR Cal/OSHA · SB 553 (Title 8 §3343)

Aligned to ASIS WVPI and the FBI Run-Hide-Fight protocol. ASIS International's Workplace Violence and Active Assailant standard (WVPI / WVPSA) is the security-industry methodology cited by most threat-assessment professionals, and the FBI / DHS Run-Hide-Fight protocol is the active-threat response baseline trained at federal facilities. The checklist references both inline so the document a corporate-security director hands the threat assessment team is the same document a Cal/OSHA inspector or an OSHA general-duty investigator would expect to see, with no gap between the security narrative and the labor-law narrative.

ASIS · Workplace Violence + Active Assailant Standard

Who is it for

Three roles, one checklist

Program owner

HR Director / Safety Officer

Owns the written WVP plan, training cadence, employee involvement, and Cal/OSHA SB 553 recordkeeping across every facility. Often coordinates with EHS, legal, and the EAP provider on post-incident response.

Outcome · Walk into a Cal/OSHA inspection or an OSHA general-duty letter knowing every plan element, training record, and incident log is in place, with the regulatory citation against each line.

Threat + physical security

Corporate Security Director / CSO

Owns the threat assessment team, physical security baseline (access, alarms, CCTV, visitor management), workspace hardening, and active-threat response. Coordinates with HR on behavioral threats and with law enforcement on incident response.

Outcome · Run a defensible threat assessment process and an active-threat playbook the executive team trusts, using one document that ties the security narrative to the labor-law narrative.

Liability + claims

Risk + Insurance Manager

Owns the negligent-security exposure, premises-liability claims, and the WVP evidence trail underwriters now ask for during D&O, EPL, and general-liability renewals across healthcare, retail, and late-night-services portfolios.

Outcome · Demonstrate to underwriters and counsel that the WVP program is documented, trained, and continuously reviewed, a defensible record the day a serious incident lands in litigation.

FAQ

Common questions, answered

OSHA WVP alignment under the General Duty Clause, Cal/OSHA SB 553 (Title 8 §3343) coverage, threat assessment team setup, Run-Hide-Fight active-threat protocol, and healthcare-specific (1910.1030 BBP) cross-references.

Physical Security Assessment Software

Run physical security assessments, access control, CCTV, visitor management, lone-worker protections, on the same platform that powers the WVP program library.

Risk Management for Healthcare

Hospitals, health systems, and behavioral health, clinical risk, HIPAA, and the elevated workplace violence exposure that drives the OSHA 3148 healthcare WVP guidelines.

Risk Management for Retail

Late-night retail, big-box, and convenience, Type I + Type II violence exposure, OSHA 3153-12R guidance, and the loss-prevention overlay underwriters now expect.

Beyond the checklist

Run WVP + physical security on one platform?

The PDF is the readiness diagnostic. The platform runs continuous WVP scoring against OSHA, Cal/OSHA SB 553, and ASIS WVPI, alongside physical security, EHS, and 39 other framework libraries, across every facility, with the documented evidence trail underwriters and regulators already accept.

Book a 30-min walkthrough Talk to a security specialist

Or call US: +1 941-500-4525