This checklist is written for HR consultants, payroll consultants, bookkeepers, and private security operators who need a reviewable California meal and rest break audit from timecard exports. It is a vertical companion to the broader California break audit checklist.

1. Start with the post coverage problem

Security break issues often start with coverage design, not payroll math. Segment the export around the post or assignment before summarizing the whole workforce.

  • Solo and remote posts: identify sites where the guard is the only person assigned for the shift.
  • Overnight coverage: isolate shifts crossing midnight so meal timing and total-hours checks use the full work period.
  • Long shifts: group 10-12 hour shifts so second-meal records and waiver questions are visible.
  • Mobile patrol routes: keep route or assignment codes so missed breaks can be reviewed against patrol timing.
  • Event and temporary details: separate one-off coverage from recurring client-site patterns.

2. Request security-specific export fields

An anonymized export can usually support the first pass, but it needs enough post-level detail for payroll, HR, or counsel to trace a finding back to the assignment.

  • Employee identifier, client site, post, route, department, and source row ID.
  • Work date, scheduled shift, clock in, clock out, total hours, and overnight markers.
  • Meal start, meal end, meal duration, second-meal records, and paid on-duty meal indicators.
  • Written-agreement, waiver, missed-break attestation, and manager-edit fields when the system exports them.
  • Rest-break attestations or rest-break records if captured.
  • Regular-rate inputs, meal/rest premium pay codes, correction rows, and payroll-register references.

3. Run meal timing checks with on-duty review separated

California’s DLSE summarizes the baseline meal-period rules: employees working more than five hours generally need a 30-minute meal period, and employees working more than ten hours generally need a second meal period unless a valid waiver applies. DLSE also explains that an on-duty meal period is treated as hours worked and is allowed only when the nature of the work prevents relief from all duty and a written agreement exists.

  • First meal: flag shifts over five hours with no meal, a short meal, or a first meal that begins after the fifth hour.
  • Second meal: flag shifts over ten hours with no second meal, then separate rows needing waiver review.
  • On-duty meals: do not close the finding just because the export has an on-duty label. Show the paid-time marker, agreement marker, post type, and source row.
  • Automatic deductions: flag automatic meal deductions on solo posts or no-relief shifts as client-review questions.

Important distinction: a security guard stationed alone at a remote site appears in DLSE’s on-duty meal discussion, but that does not make every security post automatically compliant. Keep on-duty meal rows in a review bucket with the supporting evidence beside them.

4. Treat rest breaks as a separate evidence problem

California rest periods are generally paid, net 10-minute breaks for every four hours worked or major fraction. The DLSE rest-period FAQ also discusses the Augustus security-services decision and states that on-call rest periods are prohibited. That makes rest-break review especially important for guard posts that require radio, phone, or alarm readiness.

  • If the export has missed-rest attestations or rest premium codes, map those fields directly.
  • If the export has no rest-break record, mark a record gap unless another field supports a finding.
  • Group rest issues by post, shift type, and client site so coverage practices can be reviewed.
  • Keep rest findings separate from meal findings because on-duty meal analysis does not resolve rest-period control questions.

5. Package what a security operator can act on

The report should tell the operator where to focus relief planning, payroll corrections, and client-site follow-up.

  • Summary by client site and post: issue counts, record gaps, already-paid premiums, and estimated exposure ranges.
  • Correction table: employee identifier, date, post, shift, issue category, source row, estimated premium, and review status.
  • On-duty meal review log: paid-time marker, written-agreement marker, post context, waiver fields, and open questions.
  • Assumptions log: rounding, waiver handling, rest-record handling, rate source, overnight handling, and excluded rows.
  • Client questions: rows that need payroll, HR, operations, client-site, or counsel review before correction.

6. Use the first report to prevent recurring post-level drift

A historical audit can find exposure. A recurring review can prevent the same post from creating the same issue every pay period. The strongest monthly version is short: new rows only, grouped by post, sent before payroll closes, with a separate list for relief-scheduling questions.

For consultants, that is the serviceable wedge: take one anonymized export, preserve the post context, show the client what is supported by the records, and create a repeatable monitoring cadence.

7. Keep official references close

Use official sources for rule background and keep legal conclusions out of the audit deliverable. Start with the DLSE meal-period FAQ, the DLSE rest-period FAQ, the Labor Code section 512 text, and the LWDA PAGA FAQ for current PAGA cure and reasonable-steps background.