Security System Check Checklist

Walk the back-of-house perimeter at dusk: kitchen exit, dumpster pad, employee parking, and any side alleys. Burned-out fixtures around the dumpster and back door are the most common gap and a frequent factor in late-night break-ins and employee assaults.

Pull up the DVR or NVR client (Lorex, Hikvision, Axis, or whichever the install uses) and confirm a live feed plus a 24-hour playback for every camera. Pay special attention to the bar register, host stand, back door, dumpster, walk-in, and office safe — these are the angles loss-prevention and law enforcement actually need.

Common drift: a busser bumps the dumpster camera, a server's coat rack blocks the host-stand view, a new POS terminal sits outside the bar camera frame. Re-aim any camera that no longer covers its target zone.

Most insurers and franchise agreements require 30-90 days of retention. Verify the DVR isn't overwriting earlier than policy because a drive is failing or a new high-resolution camera is consuming more storage than expected.

Pull the current list of physical key holders and alarm-code holders. Cross-check against the active manager roster from 7shifts or HotSchedules. Anyone separated in the last 90 days who still has a key or code is the gap to close today.

Quarterly minimum, and immediately after any manager separation. Each manager gets a unique user code so the alarm log shows who armed and disarmed — shared codes destroy the audit trail and make internal-theft cases unprovable.

Office, walk-in, liquor cage, and safe-room readers. A dead fob battery on the liquor cage means a manager props the door — and inventory variance follows within a week.

Place the system in test mode with the monitoring company first (ADT, Vector, Stanley, or local). Trip each door contact, motion sensor, and glass break in turn and confirm the central station logs each zone. Skipping the test-mode call generates a real police dispatch and a false-alarm fee.

Robberies most often happen at close near the safe and at open near the deposit drop. Confirm the silent panic buttons under the bar, host stand, and office desk all signal the monitoring company. Document the test time so the response log matches.

Update the call list at the monitoring company with current GM, AGM, and owner phone numbers. A separated manager still listed as primary contact means the alarm goes nowhere at 2 a.m.

Most municipalities require an annual alarm permit and charge escalating fines for false alarms after the second or third per year. An expired permit means police won't dispatch at all.

Burn gel, blue metal-detectable bandages (food-safe), eye wash, and gloves. Blue bandages are the BOH standard so a missing one is visible in food. Restock anything below half.

NFPA 96 and most local fire codes require semi-annual inspection of the hood suppression system by a licensed contractor. The tag on the system shows the last service date — if it is older than six months, schedule the inspection now or the fire marshal will red-tag the line.

Press the test button on each emergency light fixture for 30 seconds — they should hold full brightness on battery. Confirm illuminated EXIT signs over every egress door and that the path to each exit is clear of high-tops, bus tubs, and delivery boxes.

Toast, Square, Aloha, or Micros patches handle PCI and card-reader firmware fixes. Push updates after close, never mid-service. Confirm card readers reboot cleanly and a $0.01 test transaction posts.

Check the cloud backup status in the POS admin console for the last seven nights. A silent failure means a register crash on a Saturday night wipes the day's tip-out and sales mix. Most operators only learn this when they need to restore.

PCI DSS requires the cardholder data environment to be isolated from the guest network. Confirm guest Wi-Fi runs on a separate SSID and VLAN from the POS, and that the guest password rotates on a documented cadence (monthly is typical).