Workplace violence prevention training is now law in CA, NY, and WA. Track plan-specific, site-specific training and prove who completed which version.
Got an LMS decision on your plate?
45-minute call. Plain-English audit. Fixed-price quote if there's a fit, or a "no" if there isn't. No deck. No pitch.
A 2026 state-by-state map of harassment prevention training mandates, and how multi-site employers assign by location and prove completion.
How to deliver consistent safety training across multiple plants without ignoring shift work, languages, and site-specific hazards.
How to automate training recertification so certifications never lapse silently — and nobody works on an expired credential.
Workplace violence prevention training moved from a good-practice recommendation to a legal requirement in a wave of new state laws, and the requirements share a feature that trips up multi-site employers: the training has to be specific to your plan and your workplace, not a generic module bought off a shelf. For an organization with employees in several states, that means running different, plan-specific versions of the training in different places — and being able to prove exactly who completed which version, when. This guide covers how to track that across sites without it turning into a filing-cabinet problem.
The complexity is real and growing. A company with locations in California, New York, and Washington now faces three different regimes, each with its own trigger, cadence, and recordkeeping expectation. A single spreadsheet and a stack of generic completion certificates will not survive an inspector's question about whether the training matched the site-specific plan. First, the requirements themselves. (This is general guidance, not legal advice — confirm current requirements for your locations with qualified counsel.)
Three states have made workplace violence prevention training a concrete legal obligation, each on its own terms.
Effective July 1, 2024, most employers with employees in California must establish a written Workplace Violence Prevention Plan and provide training tied to that specific plan and to employees' actual job duties. Training is required initially and then annually. Records of the training must be created and retained — the statute calls for keeping training records for at least one year. Critically, generic pre-recorded training that is not tailored to the employer's own plan does not meet the requirement. Cal/OSHA enforces it.
Effective June 2, 2025, retailers with 10 or more retail employees must adopt a workplace violence prevention policy and provide workplace violence prevention training to covered employees.
Effective January 1, 2026, updates to Washington's workplace violence prevention requirements for covered healthcare employers take effect, tightening plan and training obligations for those employers.
The pattern across all three: a written plan or policy, training connected to it, a defined population, and records to prove it happened. What differs is the trigger, the covered workforce, and the detail — which is exactly what makes multi-state tracking hard.
The California requirement makes explicit something the other states imply: the training has to reflect the actual workplace. A pre-recorded module about workplace violence in the abstract does not tell your warehouse crew about the specific hazards, reporting procedures, and response protocols in their Workplace Violence Prevention Plan for their site.
That has a direct operational consequence. You cannot assign one identical course to everyone and call it done. A retail location in New York, a food-processing plant in California, and a healthcare facility in Washington each need training that maps to their own plan and their own risks. Off-the-shelf generic modules fall short — not because the content is wrong, but because it is not yours, and the law increasingly asks whether the training matched the employer's specific plan. This is the same specificity problem that shows up across state-varying compliance obligations, which the harassment prevention training by state guide covers for that adjacent requirement.
For a single-site employer in one state, this is manageable on paper. For a multi-site, multi-state operator it is not, because you are now maintaining several things at once:
When an inspector asks who at the California plant completed the plan-specific training in the current cycle, "here is a folder of generic certificates" is not an answer. You need to show the right people completed the right version at the right time. That is a data problem, and paper or a shared spreadsheet across ten sites is where it breaks.
The goal is to answer any version of the inspector's question in minutes, with defensible records. Concretely, that means each completion record captures:
With records structured this way, per-site and per-version reports become a few clicks rather than a manual reconstruction. The broader discipline for distributed safety training — central visibility, local delivery — is covered in multi-site safety training.
The requirements are not one-and-done. California is explicit about initial plus annual training, and the practical challenge across a distributed workforce is not delivering it once — it is never missing the next cycle.
That means:
Automating this is the difference between a program that holds up and one that depends on a coordinator's memory across ten locations. The mechanics of building that automatic renewal engine are in automating training recertification.
This obligation is a near-perfect argument for a platform you own rather than rent. The law asks you to host your plan-specific content, deliver different versions to different sites, and produce version-level proof on demand. A generic per-seat catalog is built to serve the same courses to everyone — the opposite of what these statutes require.
A platform you own lets you host as many site-specific and state-specific versions as your operation needs, assign them to the right populations automatically, and generate per-employee, per-version audit evidence without exporting raw data and rebuilding it in a spreadsheet. As states keep adding requirements — and the 2024-2026 wave suggests they will — owning the platform means adapting is a configuration change you control, not a renegotiation with a vendor.
You can pressure-test where your current records stand with our audit readiness check.