The 911 Compliance Checklist: Are You Actually Ready for an Audit?

You’ve deployed a phone system. It can dial 911. You’re compliant, right?

Maybe. Maybe not.

The gap between “911 calls technically work” and “we meet federal compliance requirements” is wider than most organizations realize. Here’s a checklist to find out where you actually stand — before an FCC inquiry forces the question.

Part 1: Kari’s Law Requirements

Kari’s Law applies to multi-line telephone systems (MLTS) in commercial buildings. It has three core requirements:

☐ Direct 911 Dialing

The requirement: Users must be able to dial 911 directly without a prefix, access code, or additional digits.

How to check: Pick up a phone in your building. Dial 911. Does it connect immediately, or does it require you to dial 9 first? If you need a prefix for external calls, your system must be configured to bypass that prefix for 911.

Common failure: Legacy PBX systems often require “9” for an outside line. If 911 also requires the prefix, you’re non-compliant.

☐ On-Site Notification

The requirement: When a 911 call is placed, the system must notify a designated on-site person or location (such as a security desk or front office).

How to check: Place a test 911 call (coordinated with your local PSAP). Did anyone on-site receive a notification? Who? How?

Common failures:

• Notification is configured but goes to someone who left the company
• Notification goes to an email inbox no one monitors
• Notification exists but doesn’t include location information
• No notification is configured at all

☐ No Blocking of 911

The requirement: The system cannot be configured in a way that would prevent 911 calls from completing.

How to check: Test 911 from different phone types in your environment — desk phones, conference rooms, softphones, mobile apps. Do they all connect?

Common failure: Some phone types or extensions are inadvertently blocked from external calling.

Part 2: Ray Baum’s Act Requirements

Ray Baum’s Act goes beyond Kari’s Law with a focus on location accuracy. This is where most organizations have gaps.

☐ Dispatchable Location for Every 911 Call

The requirement: Every 911 call must deliver a “dispatchable location” — a street address plus additional information (building, floor, room, cube) sufficient for first responders to find the caller without searching.

How to check: Review your emergency location records. Does every user have a registered address? Is it specific enough? “100 Main Street” is not dispatchable if your building has 20 floors.

Common failures:

• Users registered to a generic building address without floor/room
• Remote workers registered to corporate HQ instead of their actual location
• New employees never got a location assigned
• Location data hasn’t been updated since the last office move

☐ Location Accuracy for All Phone Types

The requirement: Dispatchable location applies to all devices — desk phones, softphones, mobile apps, conference room phones, analog lines.

How to check: Inventory every phone type in your environment. For each type, verify that accurate location data is being delivered with 911 calls.

Common failures:

• Desk phones have location data, but softphones don’t
• Conference room phones are registered to the building, not the specific room
• Mobile apps deliver the user’s registered office address regardless of actual location
• Analog lines in elevators or stairwells have no location data at all

☐ Remote Worker Coverage

The requirement: Ray Baum’s Act doesn’t have an exception for remote workers. If they’re using your phone system to make 911 calls, accurate location must be delivered.

How to check: What happens when a remote worker dials 911 from your softphone app? What address is delivered?

Common failures:

• Remote workers deliver corporate HQ address
• Self-service location update exists but adoption is near zero
• No mechanism exists for remote workers to update their location
• IT doesn’t even know where remote workers are physically located

☐ Location Maintenance Process

The requirement: Location data must be accurate not just at deployment, but ongoing. Organizations change — people move desks, floors get reorganized, new buildings come online.

How to check: When was the last time your emergency location data was audited? Is there a process to update it when changes occur?

Common failures:

• Location data was set up two years ago and never touched
• No process exists for updating locations when people move
• New sites come online without emergency location configuration
• Responsibility for location maintenance isn’t assigned to anyone

Part 3: Documentation and Evidence

Compliance isn’t just about configuration — it’s about being able to prove it.

☐ Written 911 Compliance Policy

What you need: A documented policy describing your organization’s approach to 911 compliance, including roles, responsibilities, and procedures.

How to check: Does this document exist? Is it current? Does anyone know where it is?

☐ Configuration Documentation

What you need: Technical documentation showing how your phone system is configured for 911 — dialing rules, notification settings, location data sources.

How to check: If an auditor asked “show me how 911 works in your environment,” could you produce documentation within an hour?

☐ Test Records

What you need: Evidence that you’ve tested 911 functionality and verified it works correctly.

How to check: When was the last time you conducted a 911 test? Do you have records of the results?

☐ Location Data Audit Trail

What you need: Records showing when location data was last reviewed and updated.

How to check: Can you demonstrate that location data is actively maintained, not just set-and-forget?

Scoring Your Compliance

Count your checkboxes:

• 12 of 12: You’re in good shape. Keep maintaining it.
• 9–11: You have gaps. They’re probably manageable, but they need attention.
• 6–8: You have significant exposure. Prioritize remediation.
• Below 6: You’re not compliant. An audit or incident would not go well.

The Most Common Gaps

Based on what we see across organizations, here’s where compliance most often breaks down:

1. Remote workers. The shift to hybrid work created a massive compliance gap that most organizations haven’t addressed. If your remote workers deliver your corporate address when they call 911 from home, you’re non-compliant.
2. Location maintenance. Initial configuration is usually fine. Ongoing maintenance is where things fall apart. Addresses go stale. New employees don’t get registered. Moves don’t get updated.
3. Notification recipients. The person who was supposed to receive 911 alerts left the company two years ago. No one updated the configuration.
4. Documentation. The system might be compliant, but there’s no way to prove it. No policy, no test records, no audit trail.
5. Non-desk phones. Conference rooms, elevators, break rooms, lobbies — these often get overlooked. If there’s a phone, it needs compliant 911.

What To Do With This Checklist

If you’re fully compliant: Great. Schedule a quarterly review to make sure you stay that way.

If you have gaps: Prioritize them. Remote workers and location accuracy are the biggest liability areas. Documentation can be fixed quickly. Notification recipients can be updated in an afternoon.

If you’re nowhere close: Don’t panic, but do act. Start with the basics — direct dialing and notification. Then work on location accuracy. Get help if you need it.

The goal isn’t perfection by tomorrow. It’s steady progress toward full compliance before compliance is tested by an audit or an incident.

The best time to find compliance gaps is before someone else finds them for you.