Cannabis Vault Storage

What construction is required for a cannabis vault?

Requirements vary by state. Common minimums: solid walls of concrete, masonry, or insulated steel; ceiling and floor matching wall standard; reinforced metal door with at least one deadbolt; lock meeting state-specific specifications (some states require UL 1037 or commercial-grade locks). Some states (e.g., New York) require licensed safe vendors. Multi-state operators typically build to the most stringent state's standard for consistency.

How long must vault video footage be retained?

Most state CRAs require 90-day retention of video surveillance covering vault access, retail floors, transport areas, and exterior. California CCR Title 4 Section 15044 requires 90-day retention. Michigan CRA requires 30-day retention under R 420.209. Some states require longer retention for specific events (incidents, transactions). Footage must be available to regulators within a defined response window — typically 24-72 hours.

Who can access the vault?

Access is limited to authorized employees with valid state-issued badges. Most states require a written access roster maintained by the licensee, with access logs (electronic preferred) for every vault entry. Some states limit the number of authorized accessors (e.g., to specific executive titles or by license type). Two-person rule (two authorized employees present for vault access) is required in some states.

What happens during a vault breach?

Breach incidents must typically be reported to the state CRA within 24 hours, sometimes immediately. Reporting requirements include: incident date/time, employees present, METRC reconciliation of any missing inventory, security system response logs, video footage preservation, law enforcement notification documentation, and corrective action plan. Failure to report a breach is itself a violation.