California Workplace Violence Evidence Workspace for Multi-Site Employers
One-line thesis — Build a lightweight compliance evidence workspace for California employers with multiple locations that turns SB 553 / Labor Code 6401.9 obligations into site-specific plans, training rosters, violent-incident logs, hazard assessments, corrective-action trails, annual reviews, and Cal/OSHA-ready export packets without forcing the buyer into a full enterprise EHS suite.
opportunity / idea_filter. The buyer has a mandatory compliance job, recurring evidence requirements, multiple distributed stakeholders, and a clear alternative set: spreadsheets, Word templates, consultants, LMS-only training vendors, or broad EHS platforms.
Best initial ICP: California employers with 3-50 worksites and distributed local managers, especially retail, restaurants, recreation/parks, hospitality/venues, property management, logistics/warehousing, public-facing service businesses, and small public agencies that are large enough to have site-by-site exposure but not mature enough to run Enablon/VelocityEHS-style EHS infrastructure.
The acute user is usually HR, people operations, safety/risk, general counsel, or an operations leader who has to prove that each worksite has a written workplace violence prevention plan, training records, a violent-incident log, hazard assessment/correction records, post-incident investigation records, and an annual review process.
California made this a live compliance obligation. Cal/OSHA says Labor Code section 6401.9 became enforceable July 1, 2024 and covered employers must “establish, implement, and maintain an effective written Workplace Violence Prevention Plan.” Cal/OSHA’s employer page lists plan responsibility, employee involvement, reporting/anti-retaliation, employee communication, emergency response, training, hazard identification/evaluation/correction, and post-incident response/investigation as required plan components.
This is not just a document requirement. Cal/OSHA tells employers to record required information in the employer’s violent incident log, investigate/evaluate incidents, determine and implement hazard-reduction changes, review and revise the written plan if necessary, report serious injuries/deaths, complete injury forms where applicable, and keep OSHA 300 records where applicable. Cal/OSHA also states retention periods: hazard identification/evaluation/correction records for at least five years; training records for at least one year; violent incident logs for at least five years; incident investigation records for at least five years; and Cal/OSHA Form 300 for five years.
The statute creates multi-site enforcement anxiety. The SB 553 legislative text notes California’s enterprise-wide violation presumption for employers with multiple worksites when Cal/OSHA has evidence of a pattern/practice across more than one worksite or a written policy/procedure that violates safety law. That makes scattered local spreadsheets risky: a bad common template or repeated missing evidence can become an enterprise issue, not just a single-site paperwork miss.
Operator-facing guidance repeatedly collapses the job into “plan, log, train.” PRISM and the California Association of Recreation and Park Districts tell members to update the plan, develop a violent incident log, and train employees; they also note PRISM created an Excel spreadsheet incident log. That is strong substitute evidence: the current default for a non-enterprise buyer is a template/spreadsheet bundle plus manual reminders.
CalChamber’s product page validates willingness to pay and the site-specific pain. It says California requires a written site-specific WVPP, annual employee training, and detailed records of incidents/corrective actions; it explicitly says plan setup can take 60-90 minutes per site, asks “How many plans do I need?” and answers “Create a plan for each worksite.” That is the wedge: per-site configuration and evidence tracking is where the pain scales.
Vendor content confirms confusion and compliance-service demand. NAVEX positions SB 553 compliance as difficult/confusing while employers attend to core business, and offers training as one critical piece. HSI highlights the need for a “living document,” ongoing training, company-specific risks, training record retention, and violent incident logs even where no injury resulted. Momentus, targeting venues/events, says “If you’re feeling overwhelmed by these requirements, you’re not alone,” and describes the need for detailed incident records, logs for tracking patterns/risks, and regular plan review.
The obligation is already enforceable, but many employers likely implemented a minimum viable Word/PDF plan in 2024 and now face the operational aftermath: annual training refreshes, plan revisions, new hazards, new managers, site openings/closures, incident investigations, employee/representative access requests, and Cal/OSHA evidence pulls. Cal/OSHA is also required to propose a workplace violence standard by December 31, 2025, with OSHSB required to adopt it by December 31, 2026, so buyers have a reason to want a system that can absorb regulatory updates rather than a static template.
The timing is especially good for multi-site employers because the first compliance cycle exposes whether their rollout was durable. A single-site employer can survive with a binder. A 20-site operator needs proof that every site has a current plan, trained employees, hazard corrections, incident logs, and annual review status.
Weekend-buildable first version:
Do not start as a full incident-management/EHS suite. Start as “the SB 553 evidence binder that stays current by site.” Integrate later with LMS, HRIS, and EHS platforms only after the standalone compliance workflow proves demand.
Start with buyer clusters where the public-facing/multi-site problem is obvious and where associations already publish SB 553 guidance:
Landing-page language should mirror buyer vocabulary: “site-specific plan,” “plan/log/train,” “violent incident log,” “hazard assessment and correction,” “annual review,” “records available to employees/representatives,” “Cal/OSHA-ready evidence packet,” and “not harassment training.”
Substitutes today:
The likely gap is not “SB 553 content exists”; it is “prove every California site is current, trained, reviewed, logged, corrected, and exportable without buying a platform that wants to manage all of EHS.”
Pricing should be site-count based, because the pain scales by worksite. Example: $99/month base for up to 3 California worksites, then $15-25/site/month; or consultant pricing at $199/month for 10 client sites plus per-site increments. Add a one-time assisted setup package for employers who need their current Word plans converted into the workspace.
The most attractive channel may be consultants: sell them a white-label or co-branded evidence workspace they can offer after a one-time SB 553 engagement. This turns their manual annual check-ins into recurring SaaS and gives the product distribution without cold-selling every employer directly.
The first risk is that the market is too narrow or too template-driven. Many small employers may tolerate binders and spreadsheets unless they have many sites, a recent incident, union/employee-representative requests, or a Cal/OSHA inspection.
The second risk is crowded adjacency. Training vendors, HR compliance vendors, facility platforms, and EHS suites can all add SB 553 pages. The wedge has to be sharper than “compliance software”: multi-site evidence readiness, not generic safety content.
The third risk is legal-content maintenance. The product should avoid acting like a law firm. It should provide workflows, versioned templates, evidence capture, and exports; legal review language should be careful, and partnerships with California employment/safety counsel could reduce risk.
The fourth risk is sales friction. HR/safety buyers may not search for software after they already bought a template. The product needs a trigger-based offer: annual training due, new site opened, incident occurred, Cal/OSHA letter/request, consultant handoff, broker risk-control review.
The fifth risk is data sensitivity. Violent incident logs and investigations can contain employee identities, threats, medical/injury context, and security-sensitive details. The MVP needs role-based access, export redaction, audit logs, and clear retention controls from day one.
The strongest evidence is authoritative on requirements and reasonably strong on substitute behavior. The weakest evidence is direct first-person HR/operator complaints; search access was limited and the accessible evidence came mostly from agencies, associations, and vendors rather than Reddit/HR community threads. Before building, validate with 10-15 California HR/safety managers or consultants: ask what they used in 2024, how they track per-site training/incident/hazard evidence, and what would trigger replacing spreadsheets. Also confirm whether Cal/OSHA inspection activity or employee-record requests are common enough to create urgency beyond annual training.
This looks like a credible wedge: a narrow, audit-ready California compliance workspace that is simple enough to build fast and specific enough to sell against spreadsheets and bloated EHS suites.