Restaurant Security Checklist
Weekly security walk for a full-service restaurant covering building access, POS and data systems, staff protocols, and cash-handling controls. The GM runs this with input from the bar manager and chef.
Physical Security Walk
-
Inspect entry doors, windows, and patio gates
Walk every exterior opening — front of house, kitchen back door, dumpster gate, patio fence, basement bulkhead. Check that the back door auto-closer engages and isn't propped with a milk crate (the most common after-hours breach point).
-
Test deadbolts, panic bars, and walk-in latches
Cycle every lock on the building. Walk-in cooler and freezer interior releases must open with a single push from inside — OSHA citation territory if not. Note any sticking deadbolts or worn strike plates for the locksmith.
-
Review DVR footage and camera coverage
Confirm the DVR is recording all channels — bar, POS terminals, back door, safe, dish pit. Spot-check 30 seconds from each camera. Verify retention is set to at least 30 days; insurers and law enforcement routinely request older footage.
Collects list -
File a service ticket for camera or DVR issues
Open a ticket with the security vendor the same day. Note the camera channel, the time window of the gap, and whether other channels were affected. A camera down at the safe or back door is a same-week fix, not a someday-soon fix.
-
Verify alarm panel and contact list
Arm and disarm the panel; confirm signal received by the monitoring company. Check that the call list reflects current managers — old AGMs being called at 2am is a common embarrassment.
POS and Data Security
-
Audit POS user accounts and PINs
Pull the user list from Toast, Square, or Aloha. Deactivate anyone separated since the last review. Confirm no shared manager PINs — a shared 1234 is how comp and void abuse hides.
Collects list -
Deactivate former-employee POS access
Disable each stale account in the POS, online ordering platform, reservation system, and scheduling tool (7shifts or Homebase). Document the date — the offboarding audit trail matters if a former server's login appears in a later void report.
-
Review comp, void, and discount reports
Pull last week's comp and void percentages by server. Flag anyone above 3% of their sales for a one-on-one — chronic outliers are the leading indicator of skim. Look at no-sale drawer pops on the bar terminal too.
Collects list Collects paragraph -
Investigate flagged servers with the AGM
Pull voided and comped tickets for the flagged employee, match against DVR for the corresponding service window, and check whether the comp had a manager override or was self-applied. Document findings before any conversation with the employee.
-
Confirm PCI compliance and software patching
Verify the POS is on a segmented network from guest Wi-Fi, the latest firmware is installed, and the annual PCI-DSS self-assessment questionnaire (SAQ) is on file. Card-reader tampering checks should already be part of opening — confirm the line cooks know what to look for.
-
Verify back-office data backup completed
Check the most recent backup timestamp for R365, MarginEdge, or QuickBooks. A ransomware event the night before payroll is the worst day in a GM's career; a working backup is the only thing that turns it into a bad week instead.
Staff Security Practices
-
Review opening and closing key-holder list
Confirm only current managers and the chef hold building keys or alarm codes. Rekey if a key-holder has left in the last 30 days without returning the key — locksmith cost is small versus a bad-faith after-hours entry.
-
Run a staff briefing on robbery and tamper response
Cover the named cases: comply during a robbery, never chase, hit the silent panic button only when safe. Show what a tampered card reader looks like (loose bezel, mismatched color, extra wires). New hires get this in their first week, everyone else quarterly.
-
Confirm background checks for new hires
Pull the list of hires since the last review. For any role with cash or safe access (managers, bartenders, bookkeeper), confirm the background check cleared before the first shift. FCRA disclosure and authorization must be on file before pulling the report.
-
Lock personal belongings in employee lockers
Bags and phones belong in lockers, not on prep tables or under the bar. This is partly food-safety (no hair or personal items near food contact), partly loss-prevention (no place to stash a comped steak).
Cash and Financial Controls
-
Reconcile drawer cash-out variances by server
Pull the week's cash-out reports from the POS. Variances over $5 per shift or recurring shorts from the same server warrant a conversation. Tracked per-employee, not in aggregate — that is how skim hides.
Collects file -
Verify safe drop log and deposit slips
Match each closing-shift drop bag to the log entry and the bank deposit slip. Any gap between drop time and deposit time should be reconcilable on the safe-camera footage. Two-person count for any drop over $2,000.
-
Confirm separation of duties for deposits and AP
The person who counts deposits should not be the same person who reconciles the bank statement. The person approving vendor invoices should not be the same person cutting checks. Common single-operator gap; document the workaround if one person necessarily wears two hats.
-
Review credit-card chargebacks and skim alerts
Pull the merchant processor's chargeback report and any fraud alerts. Patterns — same card type, same hour, repeated declines — point at a compromised reader or an employee using a skimmer. Dispute deadlines are short (often 7-10 days from notification).
-
Sign off on the weekly security review
GM signs off on the week's findings, open tickets, and any escalations to ownership. Sign-off is the audit trail when insurers or franchisor ops ask whether controls are operating.
Collects list Collects signature Collects paragraph
Use this template
Copy it to your account, customize the steps, and run it with your team in minutes.
Browse hundreds of free templates across every team and industry.
Back to template libraryRelated templates
More workflows your team can run.
Run Restaurant Security Checklist with your team
Customize the steps, assign roles, set a schedule, and keep a complete record for every run.