Global Guardian and Pacific Resilience Group came together to answer pressing questions regarding workplace violence prevention and California's new SB 553 law, covering implementation, training, and more.
Workplace violence prevention measures are crucial for fostering a culture of safety, trust, and well-being within organizations — and now, with the development of new regulations and laws, like California’s SB 553, corporate leaders are tasked with formally documenting and exercising their workplace violence policies and prevention plans.
To assist leaders in navigating the current workplace violence threat landscape and highlight best practices for prevention and response, Global Guardian recently hosted a highly attended and engaged webinar on workplace violence. Participants in the webinar were clear: This is a critical topic, and one of significant focus for corporate security and human resource teams.
Following the webinar event, we sat down with one of the speakers, Robin Welch Stearns, Founder and President of Pacific Resilience Group, to address the important questions specifically pertaining to SB 553. With an extensive background in corporate security, including investigations, insider risk, and workplace violence prevention, Robin helps corporate leaders navigate SB 553 and the wider workplace violence landscape. To contact Robin, click here.
Note: When navigating CA SB 553, please consult your organization’s legal department and reach out to an expert if you have questions.
Questions and answers regarding workplace violence prevention and SB 553
Is a corporation required to include and articulate the four types of violence in your workplace violence prevention plan?
Yes, the law states that you have to use the four types of violence in your plan, violent incident log, and record keeping.
Does SB 553 require pre-implementation site-wide departmental/unit sweeps to identify workplace violence hazards to create plans for high-risk departments?
Yes, you need to create a plan that considers workplace violence hazards. In some cases, companies will need more than one plan. For example, a pharmaceutical company that has office workers and manufacturing in the state of California will most likely need two plans. Similarly, a tech company with a regular office and a data center in California will likely need two plans given the significantly different hazards and vulnerabilities between the sites.
SB 553 talks about recordkeeping for WPV "hazards”. Is there a resource available to start thinking about what is a "hazard"?
SB 553 defines workplace violence as any act of violence or threat of violence that occurs in a place of employment. This includes the threat or use of physical force against an employee that results in, or has a high likelihood of resulting in, injury, psychological trauma, or stress. This also includes any incident involving a threat or use of a firearm or other dangerous weapon, including use of common objects as weapons.
A hazard would be anything that could result in any of the above. We advise companies to look at their threat profile, community presence, types of services provided, and any other factor that might increase the threat of workplace violence. One example would be the area/neighborhood in which an office is located, which could present significant risks for incidental or deliberate violence against employees. Hazard identification is an important aspect of the site visits Pacific Resilience Group does for clients prior to writing SB 553-compliant workplace violence prevention plans.
Also, keep in mind that your workplace violence prevention plan is meant to be a living document. Companies must keep track of hazards identified after the plan is created and update plans and annual training accordingly.
Is California going to provide a template of what they will be looking for regarding a WPV prevention plan, WPV incident log, and training record, or will they allow companies to design those?
Cal/OSHA has released a template for a workplace violence prevention plan. You can find it here under workplace violence.
The template is a useful starting point in terms of structure, but it does not contain detailed plans, workflows, processes, or best practices for workplace violence prevention. Much of that will be specific to your company's unique situation, so be prepared to tailor your written plans accordingly.
You are not required to use the template, and can create your own documents from scratch. We encourage you to do what is best for your business and the safety of your employees.
What is an organization's responsibility to monitor social media, or do they rely on employees to report?
Organizations aren’t required by SB 553 to monitor social media.
An effective, cross-functional written plan combined with relevant training provides the basic foundation for identifying risks. Employees will understand how and what to escalate. Partners and stakeholders, like HR, security, benefits, etc., will understand their roles and ensure escalated cases move through the designated workflow.
That said, sophisticated and highly effective workplace violence prevention programs — ones that go beyond what is required by SB 553 — take responsibility for identifying issues, both in terms of scaled detection pipelines (social media, internal forums, customer service databases, etc) and employee escalations. That is the next evolution after basic SB 553 compliance, and something PRG supports through comprehensive program-building services.
Regarding training, would an online course be enough if there was a specific person identified who could answer questions, or hosting a "town hall" after the online training to answer questions?
Training must be designed and/or conducted by someone familiar with the plan, and must train employees on the specific elements of your company’s written plan. Off-the-shelf training about workplace violence prevention or security awareness will not meet the requirements laid out in SB 553.
All training is considered interactive if you make someone familiar with the plan available to answer questions. They can even answer the questions over email. Large companies, for whom in-person training may not be feasible, could offer recorded training paired with a dedicated email address for questions and feedback. This approach to the “interactive” requirement is more flexible, scalable, and accessible than the small window offered by a live Q&A.
Establishment of a dedicated email address has the added benefit of creating a written record of employee engagement, which can be useful given that SB 553 requires companies to document and investigate hazards brought to their attention.
Is solely involving managerial employees sufficient to satisfy the requirement to obtain the "active involvement of employees in developing and implementing the plan," or do non-managerial employees need to be involved, too?
It is fine for a small group of employees, be it managers or another cross functional working group, to design, develop, and implement the plan.
The “active involvement” requirement of SB 553 is meant to ensure employees can identify and share useful information, such as workplace violence hazards, as well as provide feedback or concerns about the plan. Therefore, once a written plan is developed and training provided, be sure to provide a means for employees to share information and/or feedback. This can be as simple as a contact email address, but it must be monitored, and relevant information must be incorporated into the plan.
Can you please clarify how the law applies to fully remote employees?
The written plan must account for fully remote employees and they must be included in interactive training.
Workplace violence isn’t only something that happens in-person. Fully remote employees can and will experience workplace violence, although it may take different forms compared to on-site employees. Remember, SB 553’s definition of workplace violence includes any verbal or written statement, including texts, electronic messages, social media messages, other online posts, or any behavioral or physical conduct that conveys, or reasonably could be perceived to convey, intent to cause or place someone in fear of physical harm, and that serves no legitimate purpose.
According to the law, if any on-site, hybrid or fully remote employee experiences, for example, harassment, stalking, domestic violence, or any of the workplace violence threats outlined above, they are required to know where to report the issue without fear of retaliation.
How should employers based in California implement this with workers based solely outside of California in other states?
The law is focused on California, but SB 553 is an opportunity for companies to put plans in place for all employees, and we encourage them to do so. While support to employees in different states and regions will require certain customizations, many of the basic elements put in place for SB 553 compliance can apply broadly if you plan for global scale from the start.
Not only is building a global response plan the right thing to do for your employees, it also may allow you to get in front of forthcoming laws in other states and countries, some of which have already been proposed.
When you regularly have contractors on your site, whose responsibility is it to make sure they know your plan?
Training and awareness responsibility is difficult to specify here, given the wide variety of employee types and employee-like relationships (e.g. construction workers, third-party maintenance workers, etc.) that may exist at a given company. We encourage you to discuss your workforce composition and the resulting responsibilities with your legal team.
Once you determine which worker categories you are responsible to train, SB 553 requires you to clearly document those responsibilities within the plan. You will also need to designate someone who is responsible for training design, upkeep and delivery, and document all of that within the written plan as well.
Is there anything in SB 553 about requiring employees to report to their employer about active restraining orders against external person(s)?
No, there is nothing in the law that requires employees to report an active restraining order. That said, it is good practice to remind employees where they can report such issues. Remember, a restraining order is a stressful situation for an employee. Providing guidance, expertise, and support can help earn an employee’s trust, which may encourage them to share information relevant to workplace safety. The more information you receive, the safer you can keep your workforce.
Who enforces this law? What are the consequences for non-compliance?
Cal/OSHA enforces the law. It is our understanding that non-compliance can result in fines. For more information on the exact consequences and risks of non-compliance, you should reach out to Cal/OSHA or a lawyer specifically trained in California environmental health and safety regulations.
Is it considered workplace violence, for log purposes, if a California employee is threatened by someone out of state, and vice-versa?
If either the victim of a threat OR the person making a threat are located in California, the employer would need to act.
In addition to the possibility of travel across state borders, the definition of workplace violence within SB 553 covers, among other things, threats made via any verbal or written statement, including texts, electronic messages, social media messages, and other online posts. As such, a person outside of California can easily be subject to, or themselves make, threats of workplace violence.
One of the requirements of SB 553 is employee access to the case management of any WPV incident. How can we ensure the confidentiality of our investigations when our employees may have access to our case management system?
This is an important aspect of the law you must discuss with your employment and privacy counsel. To be clear, SB 553 only says “certain records” should be made available to employees but it doesn’t specify which records. You will need to work with your legal representatives to figure out how to best comply while also protecting confidential information.
What is the biggest piece of advice you can give to a "one person" security operation to refine and make an in house WPV program more robust?
While we may be biased, we do truly believe that hiring an experienced vendor is the most responsible, cost-effective, and resource-conscious way for a one-person security team to meet SB 553 requirements. In companies where security resources are at a premium, SB 553 provides a clear justification for engaging external expertise. For the relatively small amount of money spent, your company gets not only peace of mind about legal obligations but also the foundations of an effective workplace violence prevention program. Such an engagement also creates a relationship with an industry expert who is familiar with your company’s risks and mitigation plan. That can be critical if/when a significant workplace violence concern emerges.
These questions and responses were edited for length and clarity.
About Robin Welch Stearns
Robin Welch Stearns started her career at the Central Intelligence Agency where she spent five years in the Directorate of Operations. She worked undercover to support intelligence gathering all over the world. While at the Agency she developed an expertise in insider risk and sensitive program management. In 2011, she was recruited to help start the Global Investigations program at Google.
After spending 7 years leading Google’s investigations program globally, Robin built Google’s world class global workplace violence prevention program. During her 12 years at Google she shaped global programs on insider risk, workplace violence, threat detection and management, intelligence, investigations and physical security. Benchmarked throughout the industry, these programs remain best-in-class examples of sophisticated, high impact corporate security.
In 2023 Robin left Google to start Pacific Resilience Group (PRG), a firm specializing in delivering end-to-end security programs for the private sector. PRG leverages decades of hands-on experience inside Fortune 500 companies to give companies modern security solutions suited to the speed and demands of business. PRG helps large companies accelerate or enhance their existing security capabilities, and partners with startups to design and deliver right-sized security programs catered to rapid growth.
StandinG By to Support
The Global Guardian team is standing by to support your duty of care and security requirements with a comprehensive suite of solutions. To learn more about our services, complete the form below or call us at + 1 (703) 566-9463.
