You just got the notification. DCC is scheduling your security inspection — or worse, they already showed up and you've got 14 days to fix what they found. Knowing how to pass a DCC security inspection comes down to getting a handful of technical details right. And most of them are the ones your installer never told you about.
The fines aren't hypothetical. DCC can hit you with $5,000 to $30,000 per violation. Repeat violations can trigger license suspension or revocation. The Unified Cannabis Enforcement Task Force seized $222 million in illegal cannabis between July and September 2025 alone — enforcement isn't slowing down.
Most of what inspectors check is predictable. The specific requirements catch operators who assumed their camera system or alarm setup was "close enough."
What DCC Security Inspectors Actually Check
DCC inspections cover four security areas, each governed by specific sections of California Code of Regulations Title 4.
Surveillance under § 15044 covers camera specs, coverage areas, recording rules, storage, and footage access. Access control under § 15042 covers employee badges, restricted area rules, and visitor protocols. Alarm systems under § 15047 covers monitored alarms, licensed install, and written procedures. Records under § 15037 covers how long you keep documents, incident reports, and footage.
Inspectors can arrive scheduled or unscheduled. They can request footage on the spot — if your system can't produce it through remote access, that's a violation before they even check camera resolution. Any employee can be asked to show their badge on demand. Your alarm monitoring contract and maintenance records are fair game too.
The inspection isn't a conversation. It's a checklist. And every item below is on it.
The Camera Requirements Most Operators Get Wrong
This is where most failures happen. Six specific requirements trip people up more than anything else.
Continuous Recording — Not Motion-Triggered
This catches the most operators. If your cameras are set to motion-only recording to save storage, you're non-compliant. DCC requires continuous 24/7 recording during all hours of operation and non-operation. Every second, every angle, no gaps. Inspectors can verify this on the spot by pulling up your recording logs.
Resolution and Frame Rate
Minimum spec is 1280×720 at 15 frames per second. Not 10 FPS. Not 720×480. If your system went in five years ago and nobody has checked the settings since, there's a decent chance it's recording below spec. An inspector can pull up a live feed and check on the spot.
NIST-Synchronized Timestamps
Your camera system's clock has to sync to the NIST atomic clock. Not your building's internet time. Not a manual setting. If the time stamps on your footage don't match NIST, the entire recording can be called into question during a DCC review. This is a quick fix if you know about it and a nasty surprise if you don't.
Camera on the NVR Room
The room housing your network video recorder needs its own camera. DCC wants to verify nobody is tampering with recorded footage. This one gets missed constantly because installers focus on coverage areas and forget the recording hardware itself.
POS Camera Clarity
Cameras covering point-of-sale stations must capture facial features with "sufficient clarity to determine identity." That's the actual regulatory language. A wide-angle overview of the sales floor doesn't meet it. You need a dedicated POS camera at an angle that captures faces — not the tops of heads.
Remote Footage Access
DCC can request footage right now — not tomorrow, not when your tech gets back from lunch. If your system needs someone to come pull files from a local hard drive, you're out of compliance. Remote access via TCP/Internet is required so clips can be handed over the moment an inspector asks.
This is one of the easiest ways to pass a DCC security inspection and one of the most common ways to fail it. The camera system might be perfect, but if nobody can view it remotely, the inspector treats it like the footage doesn't exist.
Alarm, Access Control, and Records — The Other Three
The Alarm Rule That Kills DIY
DCC requires a professionally monitored alarm installed and maintained by a licensed integrator — that's § 15047. A Ring doorbell, a SimpliSafe kit, or any consumer system the owner installed doesn't qualify. Consumer-grade alarm systems like Ring or SimpliSafe do not meet DCC requirements. California mandates that cannabis alarms be installed and monitored by an integrator holding a valid BSIS alarm company operator license, with a written monitoring contract on file.
You also need written alarm steps — who gets called, in what order, what the chain looks like, and how the system gets tested. Those steps need to be on paper and on hand. "The manager knows the drill" isn't enough.
Coverage must include all entry and exit points, any room containing cannabis or cannabis products, and any room with safes or vaults. Front door and back door only won't cut it if you've got a side entrance or a ground-level window.
Badge and Access Control
Every employee needs a badge. DCC specs: a 1" × 1.5" minimum photo, plastic-coated or laminated, worn where people can see it at all times on the licensed site. Expired badges, missing photos, or badges tucked in a pocket are all citable.
Restricted areas — vault rooms, product storage, processing rooms — must use badge, keycard, PIN, or biometric access. A locked door with a physical key doesn't meet the bar. DCC wants a digital log of who went into which area and when. That log has to be kept up and ready for review on demand.
Visitors count too. Non-employees must be logged, given visitor badges, and walked through restricted areas. An inspector who spots an unbadged delivery driver in the vault room alone is writing that up.
Records Retention — The 7-Year Trap
This one catches operators years after install. DCC says you have to keep security records for 7 years. That covers alarm contracts, service logs, incident reports, access records, and testing notes.
Video has a shorter window — 90 days minimum, though best practice is 120 to 180 days. After 90 days, footage can be taped over. But if DCC asks for specific clips within that 90-day span, you have to hand them over right away.
The 7-year rule means your first year's alarm contract needs to be on hand in year seven. Digital files stored safely work fine. Paper in a filing cabinet works too. What doesn't work is guessing that your alarm company keeps your records for you — get that confirmed in writing.
How to Pass Your DCC Security Inspection on the First Walk-Through
Five steps. Run this as a self-audit before the inspector does it for you.
Step 1: Audit your cameras against § 15044. Check continuous 24/7 recording, resolution, frame rate, NIST timestamps, NVR room camera, POS camera angle, and remote access. Don't assume your installer set everything to DCC spec — pull up the settings yourself and verify.
Step 2: Verify your alarm documentation. Make sure the monitoring contract is current and on file. Check that alarm operating procedures are written, dated, and accessible. Verify every entry point, product room, and vault has coverage. Confirm your installer's BSIS license is valid and on record.
Step 3: Check every badge. Walk the floor. Are all badges current with recognizable photos? Make sure every one is displayed visibly — not tucked in a pocket. One expired badge on inspection day is a citable violation.
Step 4: Test access control logs. Pull up yesterday's records. Can you show who entered the vault at 2:15 PM? Can you match that entry to camera footage? If the log has gaps or the timestamps don't align, fix it before the inspector finds it.
Step 5: Confirm records are accessible. Can you produce your alarm contract from the date of installation? Your most recent maintenance record? Your last incident report? All within minutes — not days?
Run this checklist quarterly. Don't wait for the notification.
What Happens When You Don't Pass
"Off the Charts" in San Francisco failed a DCC inspection in February 2025. The violations: batch tracking stickers missing from product, outdated employee badges, and gaps in their docs. They got a 14-day window — fix everything and prove it, or face what comes next.
Fourteen days sounds fine until you think about what "fix" means for a camera system. Ordering new gear, getting an installer on site, running cable, setting up NIST sync, testing remote access — that's a two-week job at minimum with a good integrator. And that assumes parts are on the shelf. One supply chain delay and you're out of time.
Operators who can't fix things in time face rising fines. $5,000 for the first issue, scaling to $30,000 per finding after that. Repeat patterns trigger license suspension. DCC doesn't bend on timelines.
Beyond the fines, insurance turns into a headache. DCC requires proof of coverage at license renewal — $1M per event, $2M total general liability, plus product liability. AB 2568 opened the carrier market, but insurers want to see compliant, monitored security. An active violation on record makes renewal talks harder and premiums steeper. Operators who pass their DCC security inspection with a clean record have a much easier time at renewal.
DCC requires a professionally monitored alarm. But the operators who learned that lesson the hard way didn't fail an inspection — they watched their own robbery footage the next morning.
Build It Right Before the Inspector Shows Up
Every problem above is cheaper to fix before you open than after an inspector flags it. A camera system built to DCC spec from day one costs the same as one built below spec — the only gap is whether your integrator knows the rules.
The alarm contract, the badge setup, the records plan — all of it should be locked in before your first day. Not "good enough for now." DCC doesn't hold off on inspections while you catch up.
If you're still in build-out, the choices you make now set your compliance path for the life of the license. Tearing out a bad system always costs more than doing it right the first time. If you're building a new location, here's how to get the security design right before the inspector ever walks in.
DCC inspections aren't subjective. They're a checklist — camera specs, alarm docs, badge rules, access logs, records. Every item is in Title 4. Every violation has a dollar sign next to it.
The operators who pass their DCC security inspection the first time aren't the ones with the priciest systems. They're the ones whose integrator knew the rules before the first camera went on the wall.
Valley Alarm's cannabis remote video monitoring is built to DCC spec — 24/7 recording, NIST-synced time stamps, remote footage access, licensed alarm monitoring, and incident reports that hold up with inspectors and insurers. Serving Los Angeles County since 1981. Call 800-550-2537 for a compliance audit.
Related Articles
- Securing Remote Cannabis Grows in Southern California - February 27, 2026
- Dispensary Employee Theft Prevention - February 27, 2026
- Dispensary Robbery Prevention in LA - February 27, 2026