ASIS INTERNATIONAL

CONTACT INFORMATION

ASIS is here to help! This Handbook covers all the information on

ASIS’ four certification programs. If you have questions after

reviewing the Handbook, please contact the Certification Team at:

EMAIL: [email protected]

PHONE: +1 703.519.6200

WEBSITE: asisonline.org

ADDRESS:
ASIS International
1625 Prince Street
Alexandria, Virginia
22314-2882, USA

OFFICE HOURS: Monday through Friday,

9:00 am to 5:00 pm, Eastern Standard Time (except holidays).
CONTENTS
ASIS International Board Certifications ............................................................................................. 6
ASIS Professional Certification Board (PCB)....................................................................................... 6
ASIS International Certification Programs ......................................................................................... 6
Certification vs. Certificate Programs ............................................................................................ 7
Why Choose an ASIS Certification?................................................................................................ 7
Is ASIS membership required? ....................................................................................................... 7
Which Exam is Right for You? ........................................................................................................ 7
Eligibility Requirements for all Applicants ......................................................................................... 8
APP: Board Certification in Security Management Fundamentals .................................................... 9
APP Eligibility Requirements .......................................................................................................... 9
APP Eligibility Requirements with an ASIS Certification ................................................................ 9
APP Body of Knowledge ................................................................................................................... 10
CPP: Board Certification in Security Management .......................................................................... 15
CPP Eligibility Requirements ........................................................................................................ 15
CPP Body of Knowledge ................................................................................................................... 16
PCI: Board Certification in Investigations ........................................................................................ 21
PCI Eligibility Requirements ............................................................................................................. 21
PCI Body of Knowledge .................................................................................................................... 22
PSP: Board Certification in Physical Security ................................................................................... 24
PSP Eligibility Requirements ............................................................................................................ 24
PSP Body of Knowledge ................................................................................................................... 25
Program Changes and Updates ....................................................................................................... 28
Introducing Remote Proctoring! ...................................................................................................... 28
Applying for the Exams .................................................................................................................... 28
Application Documents You’ll Need: ........................................................................................... 28
Deadline Reminders ..................................................................................................................... 28
Application Fees ............................................................................................................................... 28
Refunds ........................................................................................................................................ 28
Retesting ...................................................................................................................................... 28
Approval Notification from ASIS .................................................................................................. 29
 Appealing a Declined Application ................................................................................................ 29
PCB Certificant Relations Appeal Process .................................................................................... 29
Scheduling Your Exam ...................................................................................................................... 29
Making Your Exam Appointment ................................................................................................. 30
Testing Accommodations for Candidates with Disabilities and Other Special Considerations .. 30
Extension Policies – Exam Applications ....................................................................................... 30
“No Shows” .................................................................................................................................. 31
On Exam Day .................................................................................................................................... 31
Check-in at a Prometric Testing Center ....................................................................................... 31
What to Bring and Not Bring to Testing Center ........................................................................... 31
Check-in for Remotely Proctored Exams ..................................................................................... 31
Check-in ID Requirements ........................................................................................................... 32
During the Exam........................................................................................................................... 32
Exam Results ................................................................................................................................ 33
Weather Emergencies.................................................................................................................. 33
How Are the Exams Structured? ...................................................................................................... 33
Scoring the Exam.......................................................................................................................... 33
Studying for the Exam ...................................................................................................................... 34
Exam Preparation Resources ....................................................................................................... 34
Free Study Tools........................................................................................................................... 35
I Passed the Exam, Now What? ....................................................................................................... 35
Recertification .............................................................................................................................. 35
ASIS Application and Certificant Policies ......................................................................................... 35
Statement of Impartiality................................................................................................................. 35
ASIS Certification Code of Professional Responsibility ................................................................ 36
Attestation of Continued Eligibility for Certification ................................................................... 36
Revocation of Certification .............................................................................................................. 37
Lifetime Designation ........................................................................................................................ 37
Release of Candidate and Certificant Information .......................................................................... 38
ASIS Certificates ............................................................................................................................... 38
Third-Party Intervention .................................................................................................................. 38
Filing a Complaint ............................................................................................................................ 38
About Our Testing Partner ............................................................................................................... 38
 The American Council on
About This Handbook Education® has reviewed and
This Handbook contains all the policies and recommended college credit
equivalency for the ASIS
procedures of ASIS’s four certification programs. All
International certifications CPP,
those applying to take an ASIS certification exam PCI, and PSP programs.*
must agree to comply with the information contained
*The ACE CREDIT logo is a federally registered trademark of the
in this manual. This handbook was updated 1 August
American Council on Education and cannot be used or reproduced
2020 and supersedes all previous versions. without the express written permission of the American Council on
Education.
ASIS INTERNATIONAL BOARD
CERTIFICATIONS ASIS PROFESSIONAL CERTIFICATION
ASIS International was the first organization to offer a BOARD (PCB)
credential specifically for security managers, and our The ASIS certification programs are governed by the
programs remain the global standard. Developed by Professional Certification Board (PCB). The PCB
practitioners for practitioners, ASIS board establishes all policies related to the program
certifications provide you with a competitive edge. including eligibility requirements, body of knowledge,
and exam development. All PCB members are CPP,
Distinguished by their global development and PCI, PSP and/or APP certified.
application, ASIS certifications are transferable across
all industry sectors and geographic borders. The role Members of the Professional Certification Board (PCB)
and tasks of security managers are researched and manage the certification programs by assuring that
documented to define each certification. In addition, standards are developed and maintained, quality
a job analysis is routinely conducted to ensure the assurance is in place, and the exams accurately reflect
exams reflect current practices. the duties and responsibilities of security professionals in
the areas of security management, investigations, and
Our requirements are demanding and consequently, physical security. The PCB is a committee of the ASIS
our certifications are held only by a distinguished Board of Directors. Members of the PCB are chosen
group of professionals. Earning your CPP®, PCI®, PSP®, through a nomination process. The board meets three
or APP conveys to your peers, employees, and times per year.
employer that you possess substantial, relevant
experience as well as demonstrated and tested
competence. ASIS INTERNATIONAL CERTIFICATION
AN INTERNATIONALLY RECOGNIZED, PROGRAMS
GLOBALLY ACCREDITED PROGRAM Certification serves as a visible acknowledgment of your
ASIS board certifications are developed demonstrated mastery of core security principles and
and maintained through a rigorous skills essential to the best practice of security
process exemplified through the program’s management.
accreditation by the American National Standards However, not all certifications are equal. To truly set
Institute (ANSI) against the International Organization yourself apart, you need a certification that encourages
for Standardization (ISO) 17024. professional growth. One that is globally recognized as
the standard for professionalism. You need an ASIS
THE SAFETY ACT DESIGNATION Board Certification.

By earning a CPP, PCI, PSP, or APP, your employer,

clients, and colleagues will instantly recognize you as
ASIS board-certified professionals, their employers, and the “best of the best.” Earning an ASIS certification is a
their customers are protected from lawsuits involving the milestone accomplishment that will help you reach your
ASIS certification process that arise out of an act of career goals.
terrorism.

ASIS International Certification Handbook -- 6

Certification vs. Certificate Programs Is ASIS membership required?
People are often unclear about the difference Membership to ASIS is not required, however,
between a certification program and a certificate members enjoy many advantages, including discounts
program. The goal of both types of programs are on all certification-related products and services
meant for professional development of industry
including exam fees, prep materials, study groups,
experts.
and more! And, once you get certified, ASIS members
Professional certification (such as the CPP, PCI, PSP, continue to receive discounts for their required
or APP) is the voluntary process by which a third- continuing education credits. Before applying to take
party organization grants a time-limited recognition an ASIS certification exam, become a member first.
and use of a credential to an individual after verifying
Right away, you’ll see the benefits!
that he or she has met predetermined and
standardized criteria, usually through eligibility
requirements and an exam. Most professional Which Exam is Right for You?
certification programs require that certificants ASIS offers four certifications for those in security-
recertify their designation after a set amount of time related fields:
to ensure they are remaining current and
knowledgeable in the industry. ◆ Certified Protection Professional (CPP)

A certificate program is a training program on a ◆ Professional Certified Investigator (PCI)

specialized topic for which participants receive a ◆ Physical Security Professional (PSP)
certificate after completing the course. Some ◆ Associate Protection Professional (APP)
certificate programs require attendees to pass an
assessment of some kind to verify they’ve learned Some professionals hold one ASIS certification, some
what the class was teaching. Many certificate two, and some hold three (the APP cannot be held in
programs will provide a “certificate of completion” at conjunction with the CPP). Here is an overview of all
the end of the course. ASIS offers a number of four programs:
certificate programs, many of which can be used to ◆ The Certified Protection Professional (CPP)
acquire Continuing Professional Education (CPE) program is designed for those who have
credits that can be used to prepare for ASIS’ demonstrated competency in all areas of
certification programs or used to recertify your security management.
designation. ◆ The Professional Certified Investigator (PCI)
program is designed for those whose
Why Choose an ASIS Certification?
responsibilities include case management,
◆ Elevate your professional stature and peer evidence collections, and preparation of
recognition
reports and testimony to substantiate
◆ Gain a competitive edge in job placement or findings.
advancement within your organization
◆ The Physical Security Professional (PSP)
◆ Realize deep personal satisfaction and
professional achievement program is designed for those whose primary
responsibility is to conduct threat surveys,
◆ Broaden your knowledge base
design integrated security systems that
◆ Keep updated on best practices
include equipment, procedures and people,
◆ Achieve global recognition as a highly motivated or install, operate, and maintain those
expert in your field
systems.
ASIS board certified practitioners are leaders, willing
mentors, and trusted strategic partners, serving both ◆ The Associate Protection Professional (APP)
their organizations and the profession. program is designed for those with 1-4 years
of experience in the fundamentals of security
Today, security professionals from 85 countries
management.
proudly maintain their ASIS board certifications.
ASIS highly recommends reviewing the body of
knowledge for each program (outlined below). All
questions on the exams relate to one of the domains

ASIS International Certification Handbook -- 7

listed in each program’s body of knowledge. Using the
body of knowledge, make an honest assessment of your
own experiences in each domain. Not only will this help
you decide which exam is right for you; it will also help
you structure your study requirements.

ELIGIBILITY REQUIREMENTS FOR ALL

APPLICANTS
The following pages outline the eligibility
requirements and body of knowledge for each ASIS
certification program. In addition to the specific
eligibility requirements below, all applicants and
certificants must:
◆ Have been employed full-time in a security-
related role.
◆ Not have been convicted of any criminal
offense that would reflect negatively on the
security profession, ASIS, or the certification
program
◆ Sign and agree to abide by the ASIS
Certification Code of Professional
Responsibility (see pg. 35)
◆ Agree to abide by the policies of the ASIS
Certification programs as described in this
handbook and the ASIS Recertification Guide.

ASIS International Certification Handbook -- 8

 Associate Protection Professional
sector, criminal justice system, government
APP: BOARD CERTIFICATION IN intelligence, or investigative agencies.
B. Experience with companies, associations,
SECURITY MANAGEMENT government, or other organizations providing
FUNDAMENTALS services or products, including consulting firms,
provided the duties and responsibilities
ASIS International is proud to announce the launch of substantively relate to the design, evaluation, and
the new Associate Protection Professional (APP) application of systems, programs, or equipment,
certification program, which is part of ASIS or development and operation of services, for
International’s ongoing strategy to offer professional protection of assets in the private or public
development and educational opportunities for sectors.
C. Experience as a full-time educator on the faculty
professionals at all levels of the security management
of an accredited educational institution, provided
field.
the responsibilities for courses and other duties
The Associate Protection Professional (APP) relate primarily to knowledge areas pertinent to
designation is intended for those with 1-4 years of the management and operation of protection of
assets programs in the public or private sectors.
security management experience. The exam will
measure the professional’s knowledge of security
management fundamentals, business operations, risk APP Eligibility Requirements with an ASIS
management, and response management.
Certification
APP Eligibility Requirements The chart below shows how the eligibility
Security Management Education requirements would be altered for those holding the
Experience* new APP designation
One year Master’s degree (or
CPP With Degree No Degree
international
equivalent) in Security Current
Management Experience 7 years 9 years
Requirements
Two years Bachelor’s degree (or
international With an APP 5 years 7 years
equivalent) in Security PCI With Degree No Degree
Management Current
Three years Bachelor’s degree (or Experience 5 years 5 years
international Requirements
equivalent) in any With an APP 4 years 4 years
discipline PSP With Degree No Degree
Four years No higher education Current
degree Experience 4 years 6 years
Requirements
With an APP 3 years 5 years
*Security management experience is defined as the
individual having been personally engaged in security
1. Other eligibility requirements for the CPP,
or loss prevention on a full-time basis, or as a primary
PCI, or PSP still need to be met (e.g.,
duty. Included is:
responsible charge or case management)
A. Experience as a security professional in the 2. The APP designation will be expired if a
protection of assets, in the public or private candidate obtains the CPP (you cannot hold
both designations at the same time)

ASIS International Certification Handbook -- 9

 3. Those who are already PCI- and/or PSP- other external organizations to achieve security
certified will be eligible to take the APP exam objectives
(provided they meet the requirements of the
individual program) Knowledge of
4. CPPs are not be permitted to take the APP 1. Roles and responsibilities of external
exam organizations and agencies
1. Local, national, and international
public/private partnerships
APP BODY OF KNOWLEDGE 2. Methods for creating effective working
To be awarded the APP designation, a candidate relationships
must pass a comprehensive examination
consisting of approximately 125 multiple-choice TASK 4: Develop, implement, and coordinate
employee security awareness programs
questions; 100 “live,” scoreable questions and up
to 25 pre-test questions. Knowledge in four Knowledge of
major areas (domains) is tested.
1. The nature of verbal and non-verbal
communication and cultural considerations
The importance of each domain, and the tasks, 2. Security industry standards
knowledge, and skills within it, determine the 3. Training methodologies
specifications of the APP examination. The 4. Communication strategies, techniques, and
relative order of importance of the domains methods
determines the percentage of the total exam 5. Security awareness program objectives and
questions. metrics

TASK 5: Implement and/or coordinate an

DOMAIN ONE investigative program
Security Fundamentals (35%)
Knowledge of
TASK 1: Implement and coordinate the 1. Report preparation for internal purposes and
organization’s security program(s) to protect the legal proceedings
organization’s assets 2. Components of investigative processes
3. Types of investigations (e.g., incident,
Knowledge of misconduct, compliance)
1. Security theory and terminology 4. Internal and external resources to support
2. Project management techniques investigative functions
3. Security industry standards
4. Protection techniques and methods TASK 6: Provide coordination, assistance, and
5. Security program and procedures evidence such as documentation and testimony to
assessment support legal proceedings
6. Security principles of planning,
organization, and control Knowledge of
1. Required components of effective
TASK 2: Implement methods to improve the security documentation (e.g., legal, employee,
program on a continuous basis through the use of procedural, policy, compliance)
auditing, review, and assessment 2. Evidence collection and protection
techniques
Knowledge of 3. Relevant laws and regulations regarding
1. Data collection and intelligence analysis records management, retention, legal holds,
techniques and destruction practices (Note: No country-
2. Continuous assessment and improvement specific laws will be on the APP exam)
processes
3. Audit and testing techniques TASK 7: Conduct background investigations for
hiring, promotion, and/or retention of individuals
TASK 3: Develop and coordinate external relations
programs with public sector law enforcement or Knowledge of

ASIS International Certification Handbook -- 10

 1. Background investigations and personnel 3. Security survey techniques
screening techniques
2. Quality and types of information and data TASK 12: Evaluate and integrate technology into
sources security program to meet organizational goals
3. Criminal, civil, and employment law and
procedures Knowledge of
1. Surveillance techniques and technology
TASK 8: Develop, implement, coordinate, and 2. Integration of technology and personnel
evaluate policies, procedures, programs and 3. Plans, drawings, and schematics
methods to protect individuals in the workplace 4. Information security theory and systems
against human threats (e.g., harassment, violence) methodology

Knowledge of TASK 13: Coordinate and implement security policies

1. Principles and techniques of policy and that contribute to an information security program
procedure development
2. Protection personnel, technology, and Knowledge of
processes 1. Practices to protect proprietary information
3. Regulations and standards governing or and intellectual property
affecting the security industry and the 2. Information protection technology,
protection of people, property, and investigations, and procedures
information 3. Information security program components
4. Educational and awareness program design (e.g., asset protection, physical security,
and implementation procedural security, information systems
security, employee awareness, and
TASK 9: Conduct and/or coordinate an information destruction and recovery
executive/personnel protection program capabilities)
4. Information security threats
Knowledge of
1. Travel security program components
2. Executive/personnel protection program DOMAIN TWO
components Business Operations (22%)
3. Protection personnel, technology, and
processes TASK 1: Propose budgets and implement financial
controls to ensure fiscal responsibility
TASK 10: Develop and/or maintain a physical
security program for an organizational asset Knowledge of
1. Data analysis techniques and cost-benefit
Knowledge of analysis
1. Resource management techniques 2. Principles of business management accounting,
2. Preventive and corrective maintenance for control, and audits
systems 3. Return on Investment (ROI) analysis
3. Physical security protection equipment, 4. Fundamental business finance principles and
technology, and personnel financial reporting
4. Security theory, techniques, and processes 5. Budget planning process
5. Fundamentals of security system design 6. Required components of effective
documentation (e.g., budget, balance sheet,
TASK 11: Recommend, implement, and coordinate vendor work order, contracts)
physical security controls to mitigate security risks
TASK 2: Implement security policies, procedures,
Knowledge of plans, and directives to achieve organizational
1. Risk mitigation techniques (e.g., technology, objectives
personnel, process, facility design,
infrastructure) Knowledge of
2. Physical security protection equipment, 1. Principles and techniques of
technology, and personnel policy/procedure development

ASIS International Certification Handbook -- 11

 2. Guidelines for individual and corporate 3. Key concepts in the preparation of requests
behavior for proposals and bid reviews/evaluations
3. Improvement techniques (e.g., pilot 4. Service Level Agreements (SLA) definition,
programs, education, and training) measurement and reporting
5. Contract law, indemnification, and liability
TASK 3: Develop procedures/techniques to measure insurance principles
and improve departmental productivity 6. Monitoring processes to ensure that
organizational needs and contractual
Knowledge of requirements are being met
1. Communication strategies, methods, and 7. Vendor qualification and selection process
techniques
2. Techniques for quantifying DOMAIN THREE
productivity/metrics/key performance Risk Management (25%)
indicators (KPI)
3. Project management fundamentals tools and TASK 1: Conduct initial and ongoing risk assessment
techniques processes
4. Principles of performance evaluations, 360
reviews, and coaching Knowledge of
TASK 4: Develop, implement, and coordinate 1. Risk management strategies (e.g., avoid,
security staffing processes and personnel assume/accept, transfer, mitigate)
development programs in order to achieve 2. Risk management and business impact
organizational objectives analysis methodology
3. Risk management theory and terminology
Knowledge of (e.g., threats, likelihood, vulnerability,
impact)
1. Retention strategies and methodologies
2. Job analysis processes TASK 2: Assess and prioritize threats to address
3. Cross-functional collaboration potential consequences of incidents
4. Training strategies, methods, and techniques
5. Talent management and succession planning Knowledge of
6. Selection, evaluation, and interview
techniques for staffing 1. Potential threats to an organization
2. Holistic approach to assessing all-hazard
TASK 5: Monitor and ensure a sound ethical culture threats
in accordance with regulatory requirements and 3. Techniques, tools, and resources related to
organizational objectives internal and external threats

Knowledge of TASK 3: Prepare, plan, and communicate how the

organization will identify, classify, and address risks
1. Interpersonal communications and feedback
techniques Knowledge of
2. Relevant laws and regulations
3. Governance and compliance standards 1. Risk management compliance testing (e.g.,
4. Generally accepted ethical principles program audit, internal controls, self-
5. Guidelines for individual and corporate assessment)
behavior 2. Quantitative and qualitative risk assessments
3. Risk management standards
TASK 6: Provide advice and assistance in developing 4. Vulnerability, threat, and impact
key performance indicators and negotiate assessments
contractual terms for security vendors/suppliers
TASK 4: Implement and/or coordinate
Knowledge of recommended countermeasures for new risk
treatment strategies
1. Confidential information protection
techniques and methods Knowledge of
2. Relevant laws and regulations
1. Countermeasures

ASIS International Certification Handbook -- 12

 2. Mitigation techniques TASK 4: Implement contingency plans for common
3. Cost-benefit analysis methods for risk types of incidents (e.g., bomb threat, active shooter,
treatment strategies natural disasters)

TASK 5: Establish a business continuity or continuity Knowledge of

of operations plan (COOP) 1. Short- and long-term recovery strategies
2. Incident management systems and protocols
Knowledge of
1. Business continuity standards TASK 5: Identify vulnerabilities and coordinate
2. Emergency planning techniques additional countermeasures for an asset in a
3. Risk analysis degraded state following an incident
4. Gap analysis
Knowledge of
TASK 6: Ensure pre-incident resource planning (e.g., 1. Triage/prioritization and damage assessment
mutual aid agreements, table-top exercises) techniques
2. Prevention, intervention, and response
Knowledge of tactics
1. Data collection and trend analysis techniques
2. Techniques, tools, and resources related to TASK 6: Assess and prioritize threats to mitigate
internal and external threats consequences of incidents
3. Quality and types of information and data
sources Knowledge of
4. Holistic approach to assessing all-hazard 1. Triage/prioritization and damage assessment
threats techniques
2. Resource management techniques
DOMAIN FOUR
Response Management (18%) TASK 7: Coordinate and assist with evidence
collection for post-incident review (e.g.,
TASK 1: Respond to and manage an incident using documentation, testimony)
best practices
Knowledge of
Knowledge of 1. Communication techniques and notification
1. Primary roles and duties in an incident protocols
command structure 2. Communication techniques and protocols of
2. Emergency operations center (EOC) liaison
management principles and practices
TASK 8: Coordinate with emergency services during
TASK 2: Coordinate the recovery and resumption of incident response
operations following an incident
Knowledge of
Knowledge of 1. Emergency operations center (EOC) concepts
1. Recovery assistance resources and design
2. Mitigation opportunities during response 2. Emergency operations center (EOC)
and recovery processes management principles and practices
3. Communication techniques and protocols of
TASK 3: Conduct a post-incident review liaison

Knowledge of TASK 9: Monitor the response effectiveness to

incident(s)
1. Mitigation opportunities during response
and recovery processes Knowledge of
2. Post-incident review techniques
1. Post-incident review techniques
2. Incident management systems and protocols

ASIS International Certification Handbook -- 13

TASK 10: Communicate regular status updates to
leadership and other key stakeholders throughout
incident

Knowledge of
1. Communication techniques and protocols of
liaison
2. Communication techniques and notification
protocols

TASK 11: Monitor and audit the plan of how the

organization will respond to incidents

Knowledge of
1. Training and exercise techniques
2. Post-incident review techniques

ASIS International Certification Handbook -- 14

 Certified Protection Professional

CPP: BOARD CERTIFICATION IN full-time basis (internships are not permitted), or as a

SECURITY MANAGEMENT primary duty. Included is:
The gold standard for more than 40 years, the
a.) Experience as a security professional in the
Certified Protection Professional (CPP®) credential
protection of assets, in the public or private sector,
provides demonstrable proof of knowledge and
management skills in seven key domains of security. criminal justice system, government intelligence, or
investigative agencies.
Earning a CPP provides independent confirmation of
your ability to assume leadership responsibilities and b.) Experience with companies, associations,
effectively manage broad security concerns. government, or other organizations providing
services or products, including consulting firms,
CPP Eligibility Requirements provided the duties and responsibilities
Candidates wishing to take the CPP examination must substantively relate to the design, evaluation,
meet the following eligibility requirements: and application of systems, programs, or
equipment, or development and operation of
WORK EXPERIENCE services, for protection of assets in the private or
Without higher education degree: public sectors.
Nine (9) years of security experience*, at least three
(3) years of which shall have been in responsible* c.) Experience as a full-time educator on the faculty
charge of a security function of an accredited educational institution, provided
OR the responsibilities for courses and other duties
Hold the APP and seven (7) years of security
relate primarily to knowledge areas pertinent to
experience*, at least three (3) years of which shall
the management and operation of protection of
have been in responsible charge** of a security
assets programs in the public or private sectors.
function.
**Responsible charge is defined as the charge
With a higher education degree: exercised by an individual in a management position
Earned a Bachelor’s Degree or higher from an who makes decisions for the successful completion of
accredited institution of higher education and have objectives without reliance upon directions from a
seven (7) years of security experience*, at least three superior as to specific methods. However, an
(3) years of which shall have been in responsible applicant need not have held a supervisory position,
charge** of a security function.
as long as the positions on which the application
OR relies have specifically included responsibility for
Hold the APP, earned a Bachelor’s Degree or higher independent decisions or actions.
from an accredited institution of higher education
If “responsible charge” is not based on supervisory
and have five (5) years of security experience*, at
responsibilities, then security program management
least three (3) years of which shall have been in
responsibilities and duties must be clearly shown.
responsible charge** of a security function.
Generally, this excludes such positions as patrol
officer or the equivalent.
*Experience is defined as the individual having been
personally engaged in security or loss prevention on a

ASIS International Certification Handbook -- 15

 2. Vulnerability, threat, and impact
CPP BODY OF KNOWLEDGE assessments
To be awarded the CPP designation, a candidate must 3. Potential security threats (e.g., "all hazards,"
pass a comprehensive examination consisting of criminal activity, terrorism, consequential)
approximately 225 multiple-choice questions: 200
“live,” scoreable questions and up to 25 pre-test TASK 3: Evaluate methods to improve the security
questions. Knowledge in seven major areas (domains) program on a continuous basis through the use of
is tested. auditing, review, and assessment.
The importance of each domain, and the tasks, Knowledge of
knowledge, and skills within it, determine the 1. Cost-benefit analysis methods
specifications of the CPP examination. The relative 2. Risk management strategies (e.g., avoid,
order of importance of the domains determines the assume/accept, transfer, spread)
percentage of the total exam questions. 3. Risk mitigation techniques (e.g., technology,
personnel, process, facility design)
4. Data collection and trend analysis techniques
In 2019/2020, ASIS conducted a job analysis study to
ensure the CPP Body of Knowledge still represents the TASK 4: Develop and manage professional
knowledge and skills needed to be a successful relationships with external organizations to achieve
security manager. Minor changes were made and security objectives.
noted below in red (these are minor changes that did Knowledge of
not change the meaning and were made for better 1. Roles and responsibilities of external
clarity). Completely new information is marked in organization and agencies
green (Domain One, Task One and Domain Three, 2. Methods for creating effective working
relationships
Task 4). Exam questions regarding the new
3. Techniques and protocols of liaison
information will start to appear on the exam in early 4. Local and national public/private
2021. partnerships

DOMAIN ONE TASK 5: Develop, implement, and manage workforce

security awareness programs to achieve
Security Principles and Practices (22% -- was
organizational goals and objectives.
21%) Knowledge of
TASK 1: Plan, develop, implement, and manage the 1. Training methodologies
organization’s security program to protect the 2. Communication strategies, techniques, and
organization’s assets. methods
Knowledge of 3. Awareness program objectives and program
metrics
1. Principles of planning, organization, and 4. Elements of a security awareness program
control
(e.g., roles and responsibilities, physical risk,
2. Security theory, techniques, and processes
communication risk, privacy)
(e.g., artificial intelligence, IoT)
3. Security industry standards (e.g., ASIS/ISO)
4. Continuous assessment and improvement DOMAIN TWO
processes Business Principles and Practices (15% --
5. Cross-functional organizational collaboration
6. Enterprise Security Risk Management was 13%)
(ESRM)
TASK 1: Develop and manage budgets and financial
controls to achieve fiscal responsibility.
TASK 2: Develop, manage, or conduct the security
risk assessment process. Knowledge of
Knowledge of 1. Principles of management accounting,
control, audits, and fiduciary responsibility
1. Quantitative and qualitative risk assessments
2. Business finance principles and financial
reporting

ASIS International Certification Handbook -- 16

 3. Return on Investment (ROI) analysis 5. Legal and regulatory compliance
4. The lifecycle for budget planning purposes
TASK 6: Develop performance requirements and
TASK 2: Develop, implement, and manage policies, contractual terms for security vendors/suppliers.
procedures, plans, and directives to achieve
Knowledge of
organizational objectives.
Knowledge of 1. Key concepts in the preparation of requests
1. Principles and techniques of for proposals and bid reviews/evaluations
policy/procedures development 2. Service Level Agreement (SLA) terms,
2. Communication strategies, methods, and metrics, and reporting
techniques 3. Contract law, indemnification, and liability
3. Training strategies, methods, and techniques insurance principles
4. Cross-functional collaboration 4. Monitoring processes to ensure that
5. Relevant laws and regulations organizational needs and contractual
requirements are being met
TASK 3: Develop procedures/techniques to measure
and improve organizational productivity. DOMAIN THREE
Knowledge of Investigations (9% -- was 10%)
1. Techniques for quantifying
productivity/metrics/key performance TASK 1: Identify, develop, implement, and manage
indicators (KPI) investigative operations.
2. Data analysis techniques and cost-benefit Knowledge of
analysis
1. Principles and techniques of policy and
3. Improvement techniques (e.g., pilot/beta
procedure development
testing programs, education, training)
2. Organizational objectives and cross-
functional collaboration
TASK 4: Develop, implement, and manage security 3. Types of investigations (e.g., incident,
staffing processes and personnel development programs misconduct, compliance, due diligence)
in order to achieve organizational objectives.
4. Internal and external resources to support
Knowledge of investigative functions
1. Interview techniques for staffing 5. Report preparation for internal/external
2. Candidate selection and evaluation purposes and legal proceedings
techniques 6. Laws pertaining to developing and
3. Job analysis processes managing investigative programs
4. Pre-employment background screening
5. Principles of performance evaluations, 360
TASK 2: Manage or conduct the collection,
reviews, and coaching/mentoring
preservation, and disposition of evidence to support
6. Interpersonal and feedback techniques
7. Training strategies, methodologies, and investigative actions.
resources Knowledge of
8. Retention strategies and methodologies 1. Protection/preservation of crime scene
9. Talent management and succession planning 2. Evidence collection techniques
3. Requirements of chain of custody
4. Methods for preservation/disposition of
TASK 5: Monitor and ensure an acceptable ethical
evidence
climate in accordance with regulatory requirements
5. Laws pertaining to the collection,
and organizational culture. preservation, and disposition of evidence
Knowledge of
1. Governance standards
TASK 3: Manage or conduct surveillance processes.
2. Guidelines for individual and corporate
behavior Knowledge of
3. Generally accepted ethical principles 1. Surveillance and counter-surveillance
4. Confidential information protection techniques
techniques and methods

ASIS International Certification Handbook -- 17

 2. Technology/equipment and personnel to 1. Background investigations and personnel
conduct surveillance (e.g., Unmanned Aircraft screening techniques
Systems (UAS), robotics) 2. Quality and types of information sources
3. Laws pertaining to managing surveillance (e.g., open source, social media, government
processes databases, credit reports)
3. Screening policies and guidelines
4. Laws and regulations pertaining to personnel
TASK 4: Manage and conduct investigations
screening
requiring specialized tools, techniques, and
resources.
TASK 2: Develop, implement, manage, and evaluate
Knowledge of policies and procedures to protect individuals in the
1. Financial and fraud related crimes workplace against human threats (e.g., harassment,
2. Intellectual property and espionage crimes violence, active assailant).
3. Crimes against property (e.g., arson, Knowledge of
vandalism, theft, sabotage)
1. Protection techniques and methods
4. Cybercrimes (e.g., distributed denial of
2. Threat assessment
service (DDoS), phishing, ransomware)
3. Prevention, intervention, and response
5. Crimes against persons (e.g., workplace
tactics
violence, human trafficking, harassment) 4. Educational and awareness program design
and implementation
TASK 5: Manage or conduct investigative interviews. 5. Travel security (e.g., flight planning, global
threats, consulate services, route selection,
Knowledge of
contingency planning)
1. Interview and interrogation techniques 6. Industry/labor regulations and applicable
2. Techniques for detecting deception laws
3. Non-verbal communication and cultural 7. Organizational efforts to reduce employee
considerations
substance abuse
4. Rights of interviewees
5. Required components of written statements
6. Legal considerations pertaining to managing TASK 3: Develop, implement, and manage executive
investigative interviews protection programs.
Knowledge of
TASK 6: Provide support to legal counsel in actual or 1. Executive protection techniques and
potential criminal or civil proceedings. methods
Knowledge of 2. Threat analysis
1. Statutes, regulations, and case law governing 3. Liaison and resource management
or affecting the security industry and the techniques
protection of people, property, and 4. Selection, costs, and effectiveness of
information proprietary and contract executive
2. Criminal law and procedures protection personnel
3. Civil law and procedures
4. Employment law (e.g., confidential DOMAIN FIVE
information, wrongful termination,
discrimination, harassment) Physical Security (16% -- was 25%)
TASK 1: Conduct facility surveys to determine the
DOMAIN FOUR current status of physical security.
Personnel Security (11% -- was 12%) Knowledge of
1. Security protection equipment and
TASK 1: Develop, implement, and manage personnel (e.g., Unmanned Aircraft Systems
background investigation processes for hiring, (UAS), robotics)
promotion, and retention of individuals. 2. Survey techniques (e.g., document review,
Knowledge of checklist, onsite visit, stakeholder interviews)
3. Building plans, drawings, and schematics

ASIS International Certification Handbook -- 18

 4. Risk assessment techniques 8. Integration of facility and system plans,
5. Gap analysis drawings, and schematics

TASK 2: Select, implement, and manage physical TASK 2: Develop policies and procedures to ensure
security strategies to mitigate security risks. information is evaluated and protected against
Knowledge of vulnerabilities and threats.
Knowledge of
1. Fundamentals of security system design
2. Countermeasures (e.g., policies, technology, 1. Principles of information security
procedures) management
3. Budgetary projection development process 2. Information security theory and terminology
(e.g., technology, hardware, labor) 3. Information security industry standards (e.g.,
4. Bid package development and evaluation ISO, PII, PCI)
process 4. Laws and regulations regarding records
5. Vendor qualification and selection process management including collection, retention,
6. Testing procedures and final acceptance legal holds, and disposition practices (e.g.,
(e.g., commissioning, factory acceptance General Data Protection Regulation (GDPR),
test) biometric information)
7. Project management techniques 5. Practices to protect proprietary information
8. Cost-benefit analysis techniques and intellectual property
9. Labor-technology relationship 6. Information protection measures including
security processes, physical access systems,
TASK 3: Assess the effectiveness of physical security and data management
measures by testing and monitoring.
TASK 3: Implement and manage an integrated
Knowledge of
information security program
1. Protection personnel, hardware, technology,
and processes Knowledge of
2. Audit and testing techniques (e.g., operation 1. Information security including confidentiality,
testing) integrity, and availability
3. Predictive, preventive, and corrective 2. Information security systems methodology
maintenance 3. Authentication techniques (e.g., multi-factor,
biometrics)
4. Continuous evaluation and improvement
DOMAIN SIX programs
Information Security (14% -- was 9%) 5. Ethical hacking and penetration testing
techniques and practices
TASK 1: Conduct surveys to evaluate current status 6. Encryption and data masking techniques
of information security programs. (e.g., cryptography)
Knowledge of 7. Systems integration techniques (e.g.,
1. Elements of an information security program, interoperability, licensing, networking)
including physical security; procedural security; 8. Cost-benefit analysis methodology
information systems security; employee 9. Project management techniques
awareness; and information destruction and 10. Budget review process (e.g., system
recovery capabilities. development lifecycle)
2. Survey techniques 11. Vendor evaluation and selection process
3. Quantitative and qualitative risk assessments 12. Final acceptance and testing procedures
13. Protection technology and forensic
4. Risk mitigation strategies (e.g., technology,
personnel, process, facility design) investigations
5. Cost-benefit analysis methods 14. Training and awareness programs to mitigate
6. Protection technology, security threats threats and vulnerabilities (e.g., phishing,
equipment, and procedures (e.g., social engineering, ransomware, insider
interoperability) threats)
7. Information security threats

ASIS International Certification Handbook -- 19

DOMAIN SEVEN 3. Recovery assistance resources (e.g., mutual
aid, employee assistance program (EAP),
Crisis Management (13% -- was 10%) counseling)
4. Mitigation opportunities in the recovery
TASK 1: Assess and prioritize threats to mitigate
process
potential consequences of incidents.
Knowledge of
1. Threats by type, likelihood of occurrence,
and consequences
2. “All hazards” approach to assessing threats
(e.g., natural disaster, chemical, biological,
radiological, nuclear, explosives (CBRNE))
3. Cost-benefit analysis
4. Mitigation strategies
5. Risk management and business impact
analysis methodology
6. Business continuity standards (e.g., ASIS
ORM.1, ISO 22301)

TASK 2: Prepare and plan how the organization

respond to incidents.
Knowledge of
1. Resource management techniques (e.g.,
mutual aid agreements, MOUs)
2. Emergency planning techniques
3. Triage and damage assessment techniques
4. Communication techniques and notification
protocols (e.g. interoperability, common
operating terms, emergency notification
system)
5. Training and exercise techniques (e.g.,
tabletop and full-scale exercises)
6. Emergency operations center (EOC) concepts
and design
7. Primary roles and duties in an Incident
Command Structure (ICS) (e.g., information
dissemination, liaison, Public Information
Officer (PIO))

TASK 3: Respond to and manage an incident.

Knowledge of
1. Resource allocation
2. Emergency Operations Centre (EOC)
management principles and practices
3. Incident management systems and protocols

TASK 4: Manage incident recovery and resumption

of operations.
Knowledge of
1. Resource management
2. Short- and long-term recovery strategies

ASIS International Certification Handbook -- 20

 Professional Certified Investigator

PCI: BOARD CERTIFICATION IN The PCI Certification is applicable to a wide range of

specialized investigations, including:
INVESTIGATIONS
The Professional Certified Investigator (PCI®) ◆ Arson
credential provides demonstrable proof of knowledge ◆ Child abuse
and experience in case management, evidence
◆ Forensics
collection, and preparation of reports and testimony
to substantiate findings. ◆ Gaming
◆ Healthcare fraud
Earning a PCI provides independent confirmation of
specialized skills in security investigations, including ◆ High tech crime
case evaluation and review of options for case
◆ Insurance fraud
management strategies. It validates your ability to
collect information through the effective use of ◆ Loss prevention
surveillance, interviews, and interrogations. ◆ Narcotics
◆ Property and casualty
PCI ELIGIBILITY REQUIREMENTS ◆ Threat assessment
Candidates wishing to take the PCI examination must ◆ White collar crime
meet the following eligibility requirements:
◆ Workplace violence
WORK EXPERIENCE
Five years of investigations experience, including at
least two years in case management*

AND
EDUCATION
“When you have ‘board certified’
A high school diploma or GED equivalent after your name on a business card
*Case Management is defined as the coordination and it’s being passed around,
and direction of an investigation using various
disciplines and resources, the finding of which would whether at a corporate meeting or
be assessed to establish the facts/findings of the with clients, it’s recognized. Those
investigation as a whole; the management process of
investigation. three letters mean something. It
OR shows you have the knowledge and
Hold the APP and have four (4) years of investigations
experience to handle a full range of
experience, including at least two (2) years in case investigative assignments”
management*
Patrick Quillinan, PCI, Senior Security
Investigator, Takeda Pharmaceuticals U.S.A.,
Inc.

ASIS International Certification Handbook -- 21

 3. Resource requirements and allocation (e.g.,
PCI BODY OF KNOWLEDGE personnel, equipment, time, budget)
To be awarded the PCI designation, a candidate must
pass a comprehensive examination consisting of TASK 5: Identify, evaluate and implement
approximately 140 multiple-choice questions; 125 investigative process improvement opportunities.
“live,” scoreable questions and up to 15 pre-test
questions. Knowledge in three major areas (domains) Knowledge of
is tested. 1. Internal review (e.g., management, legal,
human resources)
The importance of each domain, and the tasks, 2. External review (e.g., regulatory bodies,
knowledge, and skills within it, determine the accreditation agency)
specifications of the PCI examination. The relative 3. Liaison resources
order of importance of the domains determines the 4. Root cause analysis and process
percentage of total exam questions. improvement techniques

DOMAIN ONE DOMAIN TWO

Case Management (35%) Investigative Techniques and Procedures
TASK 1: Analyze case for applicable ethical conflicts. (50%)
Knowledge of TASK 1: Conduct surveillance by physical, behavioral,
1. Nature/types/categories of ethical issues and electronic means in order to obtain relevant
related to cases (fiduciary, conflict of information.
interest, attorney-client)
2. The role of laws, codes, regulations and Knowledge of
organizational governance in conducting 1. Types of surveillance
investigations 2. Surveillance equipment
3. Pre-surveillance routines
TASK 2: Analyze and assess case elements, strategies 4. Procedures for documenting surveillance
activities
and risks.
Knowledge of TASK 2: Conduct interviews of individuals to obtain
1. Case categories (computer, white collar, relevant information.
financial, criminal, workplace violence)
Knowledge of
2. Qualitative and quantitative analytical
methods and tools 1. Interview techniques
3. Strategic/operational analysis 2. Indicators of deception (e.g., non-verbal
4. Criminal intelligence analysis communication)
5. Risk identification and impact 3. Subject statement documentation
6. ASIS Workplace Violence standard
TASK 3: Collect and preserve potential evidentiary
TASK 3: Determine investigative goals and develop materials for assessment and analysis.
strategy by reviewing procedural options. Knowledge of
Knowledge of 1. Forensic opportunities and resources
1. Case flow 2. Requirements of chain of custody
2. Negotiation process 3. Methods/procedures for seizure of various
3. Investigative methods types of evidence
4. Cost-benefit analysis 4. Methods/procedures for preserving various
types of evidence
5. Concepts and principles of digital forensics
TASK 4: Determine and manage investigative
6. Retrieval, storage, and documentation of
resources necessary to address case objectives.
digital information
Knowledge of 7. Concepts and principles of computer
1. Quality assurance process operations and digital media
2. Chain of custody procedures

ASIS International Certification Handbook -- 22

TASK 4: Conduct research by physical and electronic TASK 2: Prepare and present testimony.
means to obtain relevant information. Knowledge of
Knowledge of 1. Types of testimony
1. Methods of research using physical 2. Preparation for testimony
resources
2. Methods of research using information
technology
3. Methods of analysis of research results
4. Research documentation
5. Information sources (e.g., government,
proprietary, open)
6. Digital media capabilities

TASK 5: Collaborate with and obtain information

from other agencies and organizations possessing
relevant information.
Knowledge of
1. External information sources
2. Liaison techniques
3. Techniques for integrating and synthesizing
external information

TASK 6: Use special investigative techniques to

obtain relevant information.
Knowledge of
1. Concepts and methods of polygraph
examinations
2. Concepts, principles, and methods of
video/audio recordings
3. Concepts, principles, and methods of forensic
analysis (e.g., writing, documents, fingerprints,
DNA, biometrics, chemicals, fluids, etc.)
4. Concepts, principles, and methods of
undercover investigations
5. Concepts, principles, and methods of threat
assessment
6. Use of confidential sources
7. Concepts, principles, and methods of applying
IT hardware and software tools

DOMAIN THREE
Case Presentation (15%)
TASK 1: Prepare report to substantiate investigative
findings.
Knowledge of
1. Critical elements and format of an investigative
2. report
3. Investigative terminology
4. Logical sequencing of information

ASIS International Certification Handbook -- 23

 Physical Security Professional

OR
PSP: BOARD CERTIFICATION IN
WORK EXPERIENCE
PHYSICAL SECURITY Six years of progressive experience in the physical
The Physical Security Professional (PSP®) credential security* field
provides demonstrable proof of knowledge and
experience in threat assessment and risk analysis; AND
integrated physical security systems; and the EDUCATION
appropriate identification, implementation, and A high school diploma, GED equivalent, or associate
ongoing evaluation of security measures. degree
Earning a PSP demonstrates your expertise in OR
conducting physical security surveys to identify
vulnerabilities and performing cost analysis for the Hold the APP, and five (5) years of progressive
selection of integrated physical security measures. In experience in the physical security* field
addition, it confirms your specialized knowledge in
AND
systems procurement, final acceptance testing, and
implementation procedures. EDUCATION

A high school diploma, GED equivalent, or associate

PSP ELIGIBILITY REQUIREMENTS degree
Candidates wishing to take the PSP examination must
*Physical security is defined as the various physical
meet the following eligibility requirements:
measures designed to safeguard personnel, property,
WORK EXPERIENCE and information.
Four years of progressive experience in the physical
security* field

AND “Beyond all other reasons for earning

EDUCATION your certification, the most
Bachelor’s degree or higher from an accredited
institution of higher education
fundamental is personal growth.
OR
Making an effort to learn something
Hold the APP, and three (3) years of progressive
and then testing one’s self against an
experience in the physical security* field established set of parameters is a
AND reward in itself. The credential
Bachelor’s degree or higher from an accredited demonstrates the level of
institution of higher education commitment to a chosen profession.”
Anthony Frassetta, PSP, Senior
Technology Specialist

ASIS International Certification Handbook -- 24

 organizations in immediate proximity) on
PSP BODY OF KNOWLEDGE
facility’s security program
To be awarded the PSP designation, a candidate must
4. Other external factors (e.g., legal, loss of
pass a comprehensive examination consisting of
approximately 140 multiple-choice questions; 125 reputation, economic) and their impact on
“live,” scoreable questions and up to 15 pre-test the facility’s security program
questions. Knowledge in three major areas (domains) TASK 4: Conduct an assessment to identify and
is tested.
quantify vulnerabilities of the organization.
The importance of each domain, and the tasks,
Knowledge of
knowledge, and skills within it, determine the
specifications of the PSP examination. The relative 1. Relevant data and methods for collection
order of importance of the domains determines the (e.g., security survey, interviews, past
percentage of total exam questions. incident reports, crime statistics, employee
issues, issues experienced by other similar
DOMAIN ONE organizations)
Physical Security Assessment (34%) 2. Qualitative and quantitative methods for
assessing vulnerabilities to probable threats
TASK 1: Develop a physical security assessment plan.
and hazards
Knowledge of 3. Existing equipment, physical security
1. Risk assessment models and considerations systems, personnel, and procedures
2. Qualitative and quantitative assessment 4. Effectiveness of security technologies and
methods
equipment currently in place
3. Key areas of the facility or assets that may be
involved in assessment 5. Interpretation of building plans, drawings,
4. Types of resources needed for assessment and schematics
6. Applicable standards/regulations/codes and
TASK 2: Identify assets to determine their value, where to find them
criticality, and loss impact. 7. Environmental factors and conditions (e.g.,
facility location, architectural barriers,
Knowledge of
lighting, entrances) that impact physical
1. Definitions and terminology related to security
assets, value, loss impact, and criticality
TASK 5: Perform a risk analysis so that appropriate
2. The nature and types of assets (tangible and
countermeasures can be developed.
intangible)
3. How to determine value of various types of Knowledge of
assets and business operations
1. Risk analyses strategies and methods
TASK 3: Assess the nature of the threats so that the 2. Risk management principles
scope of the problem can be determined. 3. Methods for analysis and interpretation of
collected data
Knowledge of
4. Threat and vulnerability identification
1. The nature, types, severity, and likelihood of 5. Loss event profile analyses
threats and hazards (e.g., natural disasters, 6. Appropriate countermeasures related to
cyber, criminal events, terrorism, socio- specific threats
political, cultural) 7. Cost benefit analysis (e.g., return on
2. Operating environment (e.g., geography, investment (ROI) analysis, total cost of
socio-economic environment, criminal ownership)
activity) 8. Legal issues related to various
3. Potential impact of external organizations countermeasures/security applications (e.g.,
(e.g., competitors, supply chain, video surveillance, privacy issues, personally
identifiable information)

ASIS International Certification Handbook -- 25

DOMAIN TWO 13. Considerations regarding Personally
Identifiable Information
Application, Design, and Integration of (physical/logical/biometric)
Physical Security Systems (34%) 14. Visitor management systems and circulation
control
TASK 1: Establish security program performance
requirements. TASK 3: Design physical system and prepare
construction and procurement documentation.
Knowledge of
Knowledge of
1. Design constraints (e.g., regulations, budget,
cost, materials, equipment, and system 1. Design phases (pre-design, schematic design,
compatibility) design development, construction
2. Applicability of risk analysis results documentation)
3. Relevant security terminology and concepts 2. Design elements (calculations, drawings,
4. Applicable codes, standards and guidelines specifications, review of manufacturer’s
5. Functional requirements (e.g., system submittals and technical data)
capabilities, features, fault tolerance) 3. Construction specification standards (e.g.,
6. Performance requirements (e.g., technical Construction specifications Institute, owner’s
capability, systems design capabilities) equipment standards, American Institute of
7. Operational requirements (e.g., policies, Architects MasterSpec)
procedures, staffing) 4. Systems integration (technical approach,
8. Success metrics connecting with non-security systems)
5. Project management concepts
TASK 2: Determine appropriate physical security 6. Scheduling (e.g., Gantt charts, PERT charts,
measures. milestones, and objectives)
Knowledge of 7. Cost estimation and cost-benefit analysis of
design options
1. Structural security measures (e.g., barriers,
8. Value engineering
lighting, locks, blast migration, ballistic
protection) DOMAIN THREE
2. Crime prevention through environmental
design (CPTED) concepts Implementation of Physical Security
3. Electronic security systems (e.g., access Measures (32%)
control, video surveillance, intrusion
TASK 1: Outline criteria for pre-bid meeting to ensure
detection)
comprehensiveness and appropriateness of
4. Security staffing (e.g., officers, technicians,
implementation.
management)
5. Personnel, package, and vehicle screening Knowledge of
6. Emergency notification systems
1. Bid package components
7. Principles of data storage and management
2. Criteria for evaluation of bids
8. Principles of network infrastructure and
3. Technical compliance criteria
network security
4. Ethics in contracting
9. Security audio communications (e.g., radio,
telephone, intercom, IP audio) TASK 2: Procure system and implement
10. Systems monitoring and display (control recommended solutions to solve problems identified.
centers/consoles) Knowledge of
11. Systems redundancy alternative power
sources (e.g., battery, UPS, generators, surge 1. Project management functions and
protection) processes throughout the system life cycle
12. Signal and data transmission methods

ASIS International Certification Handbook -- 26

 2. Vendor pre-qualification (interviews and due
diligence)
3. Procurement process

TASK 3: Conduct final acceptance testing and

implement/provide procedures for ongoing
monitoring and evaluation of the measures.

Knowledge of

1. Installation/maintenance inspection
techniques
2. Systems integration
3. Commissioning
4. Installation problem resolution (punchlists)
5. Systems configuration management
6. Final acceptance testing criteria
7. End-user training requirements

TASK 4: Implement procedures for ongoing

monitoring and evaluation throughout the system life
cycle.

Knowledge of

1. Maintenance inspection techniques

2. Test and acceptance criteria
3. Warranty types
4. Ongoing maintenance, inspections and
upgrade
5. Ongoing training requirements
6. Systems disposal and replacement processes

TASK 5: Develop requirements for personnel involved

in support of the security program.

Knowledge of

1. Roles, responsibilities and limitations of

security personnel (including proprietary (in-
house) and contract security staff)
2. Human resource management
3. Security personnel training, development
and certification
4. General, post and special orders
5. Security personnel uniforms and equipment
6. Personnel performance review and
improvement processes
7. Methods to provide security awareness
training and education for non-security
personnel

ASIS International Certification Handbook -- 27

 All foreign-language submissions must be
PROGRAM CHANGES AND UPDATES
accompanied with an English translation.
Every five years, following best practices for
certification programs, ASIS conducts a job analysis
study to ensure that the body of knowledge still aligns
Deadline Reminders
with the work being performed by certified ASIS will send periodic reminders about deadlines (e.g.,
professionals. In May 2016, the results of the CPP® job scheduling an exam, requests for additional
analysis study were incorporated into the exam. In information); however, meeting and adhering to
November 2017 the results of both a PSP® and PCI® deadlines are ultimately the responsibility of the
job analysis study first appeared on exams. applicant. ASIS cannot guarantee that you have received
and/or read any correspondence.
INTRODUCING REMOTE PROCTORING! Please make sure your contact information –
ASIS now offers remotely proctored exams that you especially your email address – is current in your
can take in the comfort of your home or office! The online account. Also make sure to whitelist emails
exams will be the same high caliber as they have from asisonline.org.
always been but now you do not have to travel to a
Prometric test center to sit for the exam. When you
schedule your exam, you will decide whether to take
APPLICATION FEES
the exam at a Prometric test center or by using ASIS exams are offered at Prometric test centers
Prometric’s ProProctor option. And while there will be throughout the world or through Prometric’s
no difference in the exams themselves, there are ProProctor platform, which allows you to take the
additional technical requirements you must have if exam at your home or office.
you select the ProProctor exam delivery option. The cost for submitting a CPP, PCI, or PSP certification
application are:
Please read the technical requirements and other
FAQs before deciding which testing method is best $335 ASIS members
for you. $485 nonmembers
The cost for submitting an APP certification
APPLYING FOR THE EXAMS application are:
The certification application must be filled out online.
$200 ASIS members
Once your application has been reviewed and approved, $350 nonmembers
you will receive an Authorization to Test email with
instructions on how to schedule your exam. Please allow To receive the member discount, please become a
approximately two to three weeks for your application to member BEFORE submitting your certification
be reviewed. application.

Make sure the name you submit on your application Refunds

EXACTLY matches the name of your government-
issued photo ID. If they do not match, you will not If your application is cancelled or denied for any
be permitted to take the exam. reason, you will receive a refund of your fee minus a
$135 nonrefundable processing fee.
Application Documents You’ll Need: If your application is approved and you fail to
schedule and take the exam within the two-year
◆ Unofficial transcription from an accredited
eligibility (candidacy) period, you will not receive a
institution of higher education (if applicable) refund.
◆ Resumé or CV detailing your work
experience as it relates to the security
Retesting
industry and aligns with the domains of the
certification exam you for which are applying Candidates may only take the exam up to three times in
◆ Names and contact information for three their two-year eligibility period. In addition, there must
references who can verify your work be 90 days between each testing date. Those who fail
experience the exam three times may reapply to take exam after
◆ Name of supervisor who can verify your their eligibility period ends.
employment

ASIS International Certification Handbook -- 28

RETEST FEES: When necessary, the PCB Certificant Relations
ASIS members: $225 Committee has the authority to seek legal advice
Nonmembers: $225 regarding any aspect of the applicant’s appeal.
(APP retest takers: $150) The ASIS certification staff, on behalf of the PCB
Certificant Relations Committee, will notify the applicant
Approval Notification from ASIS of the PCB Certificant Relations Committee’s decision,
If you are approved to take an ASIS certification exam, and the reasons therefore, as specified in the appeals
an Authorization to Test letter will be emailed to you. time frame. (An initial response should be provided
This letter will include: within 30 days, acknowledging receipt of complaint.
There should be a 60-day investigative review process,
◆ Your eligibility ID, which you’ll need to
renewable for another 60-day period based on findings.)
schedule your exam date
◆ Instructions for scheduling your exam The PCB Certificant Relations Committee’s decision is
◆ Studying suggestions final.
You have two years and up to three attempts from
the date of the Authorization to Test to take and pass SCHEDULING YOUR EXAM
your exam before you must reapply. After you receive your Approval to Test email from
Remember the name on your IDs must exactly ASIS, you will go to the Prometric website to schedule
match the name on your Authorization to Test your exam.
Letter.
There are now two ways to take your exam. You will
have the option to:
Appealing a Declined Application
Appeals will be considered within 30 days of an 1. Take the exam in a Prometric testing center.
applicant receiving notification of an adverse decision, OR
with day one as the date of the applicant’s notification 2. Take the exam through Prometric’s remote
email. Please follow these instructions when filing an proctored ProProctor platform using your
appeal: own computer. If you choose to take the
exam using ProProctor, please make sure
◆ A letter must be submitted explaining action you can meet these technical requirements.
being requested to [email protected]
◆ Appeals must be sent by mail or email. If Our exams are offered year-round. Please remember
sent by mail, ASIS strongly suggests sending that you cannot schedule your exam until you have
by certified or express mail so the package been approved to take the exam and have received
can be traced the Authorization to Test letter.
◆ Appeal must be submitted to the PCB Certificant
Relations Committee After you receive your Approval to Test email from
◆ Appeals must identify the adverse decision ASIS, you will go to the Prometric website to schedule
being appealed and state the reasons for the your exam. You will have two choices: take the exam
appeal. Also, any new or additional information at a Prometric computer-based test (CBT) center or
for consideration should be included in the you may take the exam using your own computer
through Prometric’s remote proctored ProProctor
letter
platform. If you choose to take the exam using
Appeals should be sent to: ProProctor, please make sure you can meet these
PCB Certificant Relations Committee technical requirements.
c/o ASIS International
1625 Prince Street To locate a test center near you, go to
Alexandria, VA 22314 prometric.com/asis. Our exams are offered year-
Attn: Certification Department round.
[email protected]
Please remember that you cannot schedule your
PCB Certificant Relations Appeal Process exam until you have been approved to take the exam
The PCB Certificant Relations Committee will review and and have received the Authorization to Test letter.
consider a properly filed appeal.

ASIS International Certification Handbook -- 29

Making Your Exam Appointment accommodations by checking the “Disabled/Special
Access Required” on the online application and
Online scheduling explaining the accommodation needed in the text box
The exam can be scheduled online at provided when completing their application. Special
prometric.com/asis testing accommodations must be approved by ASIS
You will be asked for: prior to scheduling your exam. You will be required
to provide documentation before ASIS can approve
◆ Your Eligibility ID, which can be found on
your request. Requests are reviewed and approved
your Authorization to Test letter (your ASIS
on a case-by-case basis.
Contact Number or Member ID)
◆ The first four letters of your last (sur) name
Extension Policies – Exam Applications
Scheduling by Phone
Prometric: +1.800.699.4975, Monday – Friday, 8:00 ASIS does not grant extensions due to job demands,
am - 8:00 pm (EST) and Saturday 8:00 am - 4:00 pm company budgets, employment status, personal
(EST) finances, changes in marital status, changes in mailing
address, and other personal or professional reasons.
Prometric will help you select the optimal test date, Extensions may be granted if there is a severe
location (Testing Center or Remote Proctored), and hardship such as a major medical emergency in the
answer questions about the testing process. immediate family, a natural disaster, or if on active
Candidates will be given a confirmation number to military duty and deployed into a remote or
bring to the testing center at the time of the exam. If hazardous area. The applicant is required to provide
scheduling a remotely proctored exam, you will need documentation of extenuating circumstances (e.g.,
to have this confirmation number available to provide doctor’s note). Military personnel will need to verify
to your proctor. their deployment status by submitting a copy of
official deployment orders. This does not apply to
Confirmation Email from Prometric individuals who are military contractors. Severe
Once your exam appointment is confirmed, Prometric hardship must be documented and verifiable.
will send you an email with your exam date, time,
location (Testing Center or Remote Proctored), and In times of crises that affect many people at one time
confirmation number. Make sure to print out this (e.g., pandemic, national emergencies, natural
letter and have with you on testing day along with disasters), extension policies may be modified in the
two forms of identification, one of which must be a short term. All affected by the crisis will be notified of
government-issued photo ID (such as a passport or the policy changes.
driver’s license, employee ID card, state ID card).
Acceptable forms of secondary ID include credit card, Cancellation Policy
check card, ATM card. both must have the
candidate’s signature. (A Social Security card is not an Note: Cancellation policies apply to both test center
acceptable form of identification.) and remotely proctored exams.

Choosing Your Exam (English or Spanish) Due to frequent cancellations and short notification
The CPP, PCI, and PSP exams are administered in rescheduling, Prometric has indicated that there may
English and Spanish. Note that remote proctoring is be inadequate capacity at centers where the ASIS
not currently available for our Spanish-language International examinations are administered.
exams. For the Spanish-language exams, you are also Managing the process of scheduling and rescheduling
given an English translation. During the online appointments is critical to ensure that all candidates
application process, you will choose the language for can obtain a testing appointment on the date and time
your exam (English or Spanish). requested.

To provide a first-choice experience for all candidates,

Testing Accommodations for Candidates Prometric will charge a reschedule/cancellation fee.
with Disabilities and Other Special This fee will be assessed either at Prometric.com/ASIS
if the candidate reschedules or cancels online, or via
Considerations phone +1.800.699.4975 through Prometric’s
All ASIS programs comply with the Americans with customer service.
Disabilities Act and are non-discriminatory. If specific
testing arrangements are needed due a disability If a candidate reschedules or cancels 31 or more days
condition, candidates may request special before the scheduled test day, there is no charge.

ASIS International Certification Handbook -- 30

If a candidate reschedules or cancels 4-30 days before ASIS reserves the right to request additional evidence
the scheduled test day, there is a fee of $62.50 per to support your reason for failing to appear. If ASIS
reschedule. Candidates cannot reschedule three or less and Prometric accept the explanation, you will be
days before their scheduled testing date. All rescheduling permitted to schedule a new appointment within
or cancellation fees are to be made directly through your eligibility period without paying the rescheduling
Prometric. fee.
If a candidate is a “no show” and does not adhere to
the above procedures, the full candidate testing fee is ON EXAM DAY
forfeited. You may schedule a new exam and pay the No matter whether you are taking the exam at a
$225 retest fee. testing center or taking it through remote proctoring,
Note that you may only take the exam up to three you will be required to follow specific check-in
times during your two-year candidacy. Once your procedures.
two-year candidacy has expired, you must reapply to
take the exam and pay the applicable fees. Check-in at a Prometric Testing Center
Cancellation policies apply to both test center and Plan to arrive at the testing center 30 minutes before
remotely proctored exams. Prometric makes NO the scheduled appointment to allow time for check-in
exceptions to this rule. procedures. If you will be driving, identify in advance
the exact location, the best route, and where to park.
“No Shows”
If you arrive more than 15 minutes late, Prometric
If you fail to cancel or reschedule your exam and you Testing Center staff may choose not to seat you if
do not take the exam on the scheduled day, you will doing so would disrupt other exam takers. If this
be considered a “no show” and all testing fees will be occurs, your exam registration fees will not be
forfeited. ASIS understands that emergencies do refunded. There are no exceptions to this rule.
happen. If you do not appear for your exam for any of
the following reasons, you will have 14 days from What to Bring and Not Bring to Testing
your scheduled appointment day to provide the
documentation below and reschedule your exam: Center
1. Death in the immediate family For test security reasons, all personal items such as
purses, book bags, cell phones, etc., must be placed in
◆ Death certificate or doctor’s note, which a locker during the exam, so please limit what you
must be signed by a licensed physician or bring to the testing center.
mortician and include contact information
2. Serious injury or disabling injury (to yourself or Jewelry outside of wedding and engagement rings is
immediate family member) prohibited and all hair accessories are subject to
inspection. Please refrain from using ornate clips,
Doctor’s note, with date of medical visit. The combs, barrettes, headbands, and other hair
documentation: accessories as you may be prohibited from wearing
◆ Should explain that the onset of the illness or them into the testing room and asked to store them
injury was 24 hours before the exam in your locker. Violation of security protocol may
◆ Must be signed by a licensed physician and result in confiscation of prohibited devices and filing a
include contact information report with local authorities.
◆ Does not need to include details of the
illness or emergency, but the doctor should Check-in for Remotely Proctored Exams
indicate that the condition prevented the
candidate from testing Candidates testing with a remotely proctored exam
should make sure you allow 15 minutes to prepare
3. Court appearance or jury duty your testing environment.
◆ Court or jury summons, subpoena, which
must include date and your name Check-in for remotely proctored exams is a two-step
process:
4. Military duty
◆ Duty letter, which must include date and STEP ONE – Checking your Identification
your name Image Capture – Using the ProProctor software, you
will take and capture a picture of your face.

ASIS International Certification Handbook -- 31

ID Capture – Next, you will capture a photo of your Security Measures at Testing Center
two forms of ID (see Check-in ID Requirements below Prometric testing center staff are not allowed to pat
for acceptable ID) down a candidate during the check-in process and
they will use a security wand (similar to those used at
Checklist – You will review the checklist on screen to
airports), to check candidates for any type of cheating
ensure you are ready to launch the exam
devices. This is in addition to having the candidates
STEP TWO – Meet Your Prometric Readiness Agent turn their pockets inside out.

Candidate Detail Confirmation – You will have a ◆ The performance of all candidates is monitored
video chat with the agent to confirm your personal and may be analyzed to detect fraud.
information Candidates who violate security measures will
not have their exams scores validated by ASIS.
360 Environmental Check – Using your webcam, you ◆ If you offer or receive help during the exam, you
will show the agent a 360-degree scan of your room will be escorted from the testing center and
and your workstation. You’ll need a medium/large reported to the PCB. Your exam will not be
mirror in the room so Readiness Agent can see your
scored, exam fees will not be refunded, and you
computer. NOTE: DO NOT HAVE YOUR LAPTOP
will be prohibited from taking the exam again.
HOOKED TO A DOCKING STATION.
◆ All exam materials, including all questions and all
Candidate Person Check – Your Readiness Agent will forms of the exam, are copyrighted and the
ask you to stand up to do a scan of your person. This property of ASIS. Any distribution of these
scan will include – but is not limited to – conducting a materials through reproduction or oral or written
sleeve, pocket, and glasses check. Additionally, you
communication is strictly prohibited and
will be asked to turn all pockets inside out. NOTE:
EMPTY YOUR POCKETS BEFOFE STARTING THE CHECK- punishable by law.
IN PROCESS. Sound Distractions Alternatives
Candidates can bring their own small earplugs to the
Check-in ID Requirements center with them. You must present the ear plugs to
You must have the following items, or you will not be the test center proctors for examination before
allowed to take the exam: entering the testing room. Note that candidates may
not bring their own large headphone-style noise
Two forms of identification, one of which must be a
reducers without a special accommodation.
government-issued photo ID (such as a passport,
driver’s license, employee ID card, state ID card). Candidates may opt to use the noise-reducing
Acceptable forms of secondary ID include credit card, headphones available at Prometric sites. These are
check card, ATM card. Both must have the candidate’s large “airport” style headphones and may be
signature. (A Social Security card is not an acceptable uncomfortable when worn for a long period. There
form of identification.) are no small earplug-type noise reducers available at
▪ Only your first and last/surname on your Prometric centers.
approval letter from ASIS and identifications
must match EXACTLY or you may NOT be Eating, drinking, and smoking are not permitted during
permitted to test. This includes abbreviated or the exam. If you bring a jacket or sweater, you will be
hyphenated names. required to wear it at all times in the testing room.
Visitors are not allowed in the test center, and childcare
Prometric Confirmation Email and Number (from the is not provided.
email you get when you schedule your exam).
If you are testing outside your country of citizenship, During the Exam
you must present a valid passport. If you are testing in
Once you have completed the check-in process, you
your country of citizenship, you may present a
will be assigned to a testing station or to a remote
passport, driver’s license, national ID, or military ID.
proctor.
Expired IDs will not be accepted.
At your testing station
If you fail to bring/have the proper identification,
you will not be allowed to take the exam and will ◆ You will be provided with erasable note
forfeit the exam fee. boards and dry erase markers.

ASIS International Certification Handbook -- 32

 ◆ No scratch paper, dictionaries, books, notes, or These preliminary results will be emailed to the email
other personal aids are permitted in the testing address you provided to Prometric (allow up to five
area. hours to receive this email). Official verification of
◆ To use the restroom, candidates must notify the your score will be sent to you approximately three
test center administrator (TCA) or remote weeks after you take the exam. You can also call
proctor; however, if you take a break, the time Prometric’s customer services at +1.800.853.6769 to
clock on the exam is not stopped. have your score report email resent.
◆ No breaks are scheduled.
End-of-Exam Survey
◆ No conversation about the test is permitted
with the TCA, proctors, or other test takers. After you submit your exam and before you receive
your preliminary results, you will be asked to complete
Your office or home setting must meet the following a short survey. This is your opportunity to tell both ASIS
requirements: and Prometric about your testing experience. Your
◆ Testing location must be indoors (walled), comments will have no bearing on your exam score. ASIS
uses the results of this survey to enhance our
well lit, free from background noise and
disruptions. certification procedures.
◆ No third party may be present in the room or
enter the room for the duration of the exam. Weather Emergencies
If this occurs, your exam will be terminated If severe weather, natural disaster, or other such
and/or your results invalidated. incidents make a testing center inaccessible or
◆ Your workstation and surrounding area must unsafe, the exam may be rescheduled or cancelled
be free of pens, paper, electronic devices, (at no cost to the candidate). To check on your
etc. testing center, please check the Prometric site
◆ Two tissues are permitted at workstation but closure website at
must be inspected by the Proctor prior to https://www.prometric.com/en-
start of exam. us/pages/siteclosure.aspx
A 15-minute onscreen tutorial will orient you to the
features of the computer testing environment. When HOW ARE THE EXAMS STRUCTURED?
you have completed the tutorial, you will start the All ASIS certification exams are multiple choice. You
exam. will be provided four possible answers, only one of
which will be correct. Following are the number of
Test Taking Tips
exam items (questions) per exam and the maximum
◆ Relax! Reducing physical stress will help you time you are permitted to complete and submit the
be more alert. exam:
◆ Find the right work pace. Don’t rush or go
too slowly. Find a pace that is comfortable. ◆ CPP – 200 “live” (scoreable) and 25 pre-test
◆ Follow the directions and work carefully. (unscored) items. 4 hours.
◆ Read all the options for each question before ◆ PSP – 125 “live” (scoreable) and 15 pre-test
marking the answer. (unscored) items. 2.5 hours.
◆ Skip difficult questions. You can mark questions ◆ PCI – 125 “live” (scoreable) and 15 pre-test
to come back to later. If you’re still not sure, (unscored) items. 2.5 hours.
make an informed guess. ◆ APP – 100 “live” (scoreable) and 25 pre-test
◆ Both unanswered questions and wrong answers 2 hours
are counted as wrong responses. Your score is There will be a timer on your computer screen
based on the total number of correct responses. showing how much time you have left. Please make
◆ Keep an eye on the exam timer (on your sure that you have answered all the items. Any
screen). If you do not submit your exam before unanswered items will be marked incorrect.
your time is over, the exam will automatically
shut off when the time runs out. Scoring the Exam
All ASIS exams use the “scaled score” method to
Exam Results determine the passing point of each exam question.
Once you submit your exam, you will be directed to Before a question is presented on the exam, it is pre-
answer a short survey before you receive your score. tested. This allows Prometric’s psychometricians to

ASIS International Certification Handbook -- 33

weigh the performance of each question and its level ◆ ASIS offers many study opportunities for each
of difficulty. exam. Visit our Education section of the
asisonline.org website for more information.*
Individual questions are given a weighted/scaled ◆ Many ASIS Chapters offer study groups.
score based on level of difficulty. A scaled score is a
transformed raw exam score (the number of exam *ASIS does not guarantee success on the exams
questions answered correctly). To interpret any exam because you study using ASIS preparatory materials.
score, a uniform frame of reference is required.
Scaled scores provide that frame of reference based
Exam Preparation Resources
on the standard adopted by ASIS regarding the level
of knowledge necessary to pass the exams without ASIS offers a number of resources to help you study
regard to the specific exam version taken. for your board certification. Candidates are
encouraged to refer to the following reference
This explains why each exam may have a different material as they are preparing for the CPP, PCI, PSP,
number of questions per domain area. A scaled score or APP examination. After carefully reviewing the
of at least 650 is required to pass the exam. A scaled domains of study and identifying individual learning
score is neither the number of questions you needs, candidates may use additional references and
answered correctly nor the percentage of questions study opportunities as necessary.
you answered correctly.
CERTIFIED PROTECTION PROFESSIONAL
The passing score was established via a systematic The Protection of Assets (POA) and set of ASIS
procedure (standard setting study) that employed the standards and guidelines comprise the CPP reference
judgment of a representative group of ASIS-certified material. Each is available for individual purchase or
professionals with the assistance of exam as the set depicted below.
development experts from Prometric. This group of
subject matter experts recommended a standard to • Protection of Assets (POA)
ASIS for what a minimally competent security POA is a comprehensive reference covering a range of
professional needs to know about the tested content technical and managerial subjects providing the
to obtain a passing score. Each ITEM on the computer- solutions necessary to meet the security demands of
based test is electronically scored based on how the the 21st century.
item performed during pre-test. Because of this
• Online
method, it is virtually impossible for your exam score
• Print (bundle)
to be incorrect; therefore, exams taken by computer-
based testing are not eligible for a hand score. • ASIS Standards & Guidelines
ASIS Standards set forth industry-recommended best
practices on specific concerns inherent to the security
STUDYING FOR THE EXAM industry and provide tools and processes for
ASIS certification exams are experience-based. implementation. Along with POA, these seven
Therefore, the more hands-on experience you have standards and guidelines make up the CPP reference
related to the body of knowledge, the more set. Standards: CSO, ORM.1, WVPI.1; Guidelines:
successful you’ll be on the exam. Everybody has a FPSM, GSRA, IAP, PBS.
different studying preference: some like to study by
themselves and others prefer a group study • Free Online Access for ASIS Members
approach. ASIS does not require any one method of • Standards & Guidelines CPP softcover
studying but we do offer the following bundle
recommendations: PROFESSIONAL CERTIFIED INVESTIGATOR
Start with the body of knowledge. Read each domain Two publications now comprise the PCI reference
carefully and make an honest assessment of your own materials.
experience. This will help you decide where you need to
• The Professional Investigator’s Manual is available in
concentrate your studying efforts.
softcover or on Kindle.
◆ ASIS Self-Assessment for CPP, PCI, or PSP
Exams • ASIS International's Investigations Standard
◆ ASIS also offers Reference Sets for each • Free Online Access for ASIS Members
certification. Our item writers and reviewers • Investigations Standard for nonmembers
use these same materials to reference the
correct answers on our exams.*

ASIS International Certification Handbook -- 34

PHYSICAL SECURITY PROFESSIONAL Neither the Professional Certification Board nor ASIS
The publications listed below comprise the PSP Certification staff have any involvement in the ASIS
reference material. Available as a softcover set or on review courses. Review course instructors have no
Kindle. Each title is available for individual purchase. access to actual exam questions.

• Physical Security Principles Free Study Tools

The Practice Exams contain items that once appeared
• Implementing Physical Protection Systems: A on the actual certification exams but are now retired.
Practical Guide, 2nd Ed Use these practice exams to familiarize yourself with
how exam items will appear on the current exam(s).
• ASIS Business Continuity Guideline: A Practical
Note: Because these questions no longer appear on
Approach
the exam, they may no longer be accurate. These are
• Free Online Access for ASIS Members intended only to know how exam questions will be
• Guideline for nonmembers formulated.
• ASIS Facilities Physical Security Measures Guideline CPP Practice Exam
• Free download for ASIS members PCI Practice Exam
• Guideline for nonmembers PSP Practice Exam

ASSOCIATE PROTECTION PROFESSIONAL

I PASSED THE EXAM, NOW WHAT?
The publications listed below comprise the
Upon successful completion of the examination, you
recommended APP reference materials, which
will receive a certificate bearing your name,
include five Standards and three volumes from the certification cycle begins and end date, and
ASIS Protection of Assets. ASIS offers the following certification number.
individually or in bundles.
Also, you will receive an email from Acclaim (ASIS’
Five Standards digital credentialing partner) with the subject line
“You’ve earned a badge from ASIS International.” The
• Security Management Standard: Physical Asset message will provide an invitation and instructions to
Protection claim your digital badge(s). Please allow two to four
• Security and Resilience in Organizations and their weeks to receive your certificate and digital
Supply Chains - Requirements with Guidance credential.
• Investigations
• Workplace Violence Prevention and Intervention Wear your new designation proudly! Add it to your
Standard email signatures, business cards, and social media
accounts!
• Risk Assessment
Protection of Assets Volumes Recertification
• Protection of Assets: Security Management All those who hold an ASIS certification must recertify
• Protection of Assets: Crisis Management every three years by earning Continuing Professional
• Protect of Assets: Information Security Education credits. Recertification tells your
colleagues, peers, and employer that you committed
ASIS offers three pricing bundles for the APP:
to staying current in the security profession. For more
• APP Standards Bundle information on recertification requirements, please
• Protection of Assets Bundle for the APP download the Recertification Guide.
Certification
• APP Complete Reference Set ASIS APPLICATION AND CERTIFICANT
Please search for these items in the ASIS Store. POLICIES
CERTIFICATION REVIEWS STATEMENT OF IMPARTIALITY
ASIS offers both in-person and online review courses The ASIS Professional Certification Board (PCB) and
to help you prepare for your exam. Many ASIS certification staff understand the importance of
Chapters also offer study groups. Contact the ASIS impartiality and conflicts in the management of
Chapter in your area for more information. certification activities. When undertaking dealings

ASIS International Certification Handbook -- 35

with members and nonmembers, all involved in the ◆ Any act that violates the criminal or civil laws
certification process will maintain a high level of of any jurisdiction.
ethical conduct and avoid conflicts of interest in ◆ Any act that is the proper basis for
connection with the performance of their duties. suspension or revocation of a professional
license.
There shall be an avoidance of any actions and/or ◆ Any act or omission that violates the PCB
commitments that might create the appearance of:
Disciplinary Rules and Procedures.
◆ Using positions for personal gain ◆ Failure to cooperate with the PCB’s Board of
◆ Giving improper preferential treatment Professional Review in performance of its
◆ Impeding efficiency duties in investigating any allegation against
◆ Losing independence or impartiality an applicant or current certificant.
◆ Adversely affecting the confidence of ASIS ◆ Making any false or misleading statements to
constituents in the integrity of certification the PCB regarding an applicant or current
operations. certificant.
The PCB and certification staff will ensure that in its
dealings with constituents, they are and will remain Attestation of Continued Eligibility for
impartial and confidential. Certification
ASIS Certification Code of Professional All those applying for an ASIS exam will sign the
following attestation on the application.
Responsibility
By my signature, I attest that the information I submit
ASIS board certified security professionals and herein or in any required accompanying or subsequent
applicants for certification must adhere to the Code documentation is true and accurate to the best of my
of Professional Responsibility, agreeing to: knowledge.
◆ Perform professional duties in accordance
I understand that persons who apply for certification as
with the law and the highest moral
a Certified Protection Professional (CPP), Professional
principles. Noncompliance includes any acts
Certified Investigator (PCI), Physical Security Professional
or omissions amounting to unprofessional
(PSP), or Associate Protection Professional (APP), or
conduct and deemed prejudicial to the
persons who have been certified by ASIS International,
certification.
are subject to ASIS International’s eligibility
◆ Observe the precepts of truthfulness, requirements for certification, recertification, and to the
honesty, and integrity. ASIS Certification Code of Professional Responsibility.
◆ Be faithful, competent, and diligent in
discharging their professional duties. I understand that in order to maintain my certification, I
◆ Safeguard confidential and privileged must recertify every three years by reporting a specified
information and exercise due care to number of Continuing Professional Education (CPE)
prevent its improper disclosure. credits, in accordance with ASIS policy and procedures
◆ Not maliciously injure the professional for submitting such reports. I understand that CPE
reputation or practice of colleagues, clients, credits may be earned through education programs and
or employees. courses and other activities, and that all CPEs must
conform to the requirements specified in ASIS
Any act deemed prejudicial to the certification may
International’s Recertification Guide. I further
result in denial of approval to take the certification
understand that from time to time ASIS International
examination or disciplinary action by the Professional
may amend its requirements, policies, and procedures
Certification Board (PCB), up to and including
to include initial certification, recertification, and the
revocation of certification. Such acts may include, but
Code of Professional Responsibility.
are not limited to:
◆ Providing false or misleading statements or I also understand that I may be subject to audit at any
information when applying to take the time and that ASIS International reserves the right to
certification examination or to recertify. take action for failure to comply with the audit
◆ Any act or omission that violates the procedures.
provisions of the ASIS Certification Code of
While holding ASIS International certification, I agree to
Professional Responsibility.
notify ASIS International in writing immediately if I fail
to comply with any of the requirements for gaining or

ASIS International Certification Handbook -- 36

maintaining certification or recertification, such as, but Accommodation support will be provided to
not limited to, no longer working the profession, no eligible individuals.
longer holding Lifetime Retired status due to returning ◆ The panel shall initially determine whether or
to full-time employment, failing to earn the number of not the individual’s certification should be
CPE credits needed to maintain certification or to be revoked. The initial determination of the panel,
recertified, or having been disciplined – including including all evidence submitted at the hearing,
suspension, expulsion, or loss of the credential – as a shall be reviewed. Upon review, the PCB may
result of having been found in violation of the Code of affirm, reverse, modify, or remand the original
Professional Responsibility. I also agree to notify ASIS determination of the panel.
International in writing of any address or name ◆ If the initial determination of the panel is to
change(s) within thirty (30) days after the change revoke the certification of the individual, and if
becomes effective. a majority of the PCB, in official session, affirm
the panel’s determination that the individual is
If requested to do so, ASIS International may verify
my certification status. not eligible for continued certification, then a
notice will be issued. If your certification is
revoked, you will be asked to return your
REVOCATION OF CERTIFICATION certificate and cease using the designation.
Certifications are subject to revocation for any of the
following causes: LIFETIME DESIGNATION
◆ The certified individual shall not have been CPPs, PCIs, or PSPs may be considered for Lifetime
eligible to receive such certification, irrespective Designation, if the individual meets the following
of whether or not the facts were known to, or criteria:
could have been ascertained by, the PCB at the
◆ Be a CPP, PCI, or PSP in good standing
time of issuance of such certification; or
◆ Have maintained a single certification for twelve
◆ The certified individual shall have made any
consecutive years preceding the date of
misstatement of fact in the application for such
application
certification or any other statement or
◆ Be currently retired (“retired” is defined as
representation, connected with the application
complete cessation from any security-related
for certification; or
employment or practice or representation of
◆ The certified individual has been found to have
any such employment or practice) and have
engaged in unethical practices or has been
no legal, financial, or business interest with
convicted of a felony.
any form of security-related employment or
No certification shall be revoked unless the following practice, as defined by the applicable
procedures are followed: certification exam domain
◆ A copy of the charges against the certified ◆ Have paid the recertification fee for the current
individual and the information concerning the term
event or events from which such charges have If a lifetime certificant returns to professional practice
arisen is sent by registered mail to the after the end of the last term of their regular
individual. Such notice shall state that no action certification, they must submit a recertification
will be taken against the certified individual application demonstrating the successful completion
until after a hearing unless the individual fails to of sixty (60) CPEs within the previous three-year
request a hearing or offer a defense within 15 period, or they must retake and pass the appropriate
days. certification exam. Lifetime certificants are
◆ The certified individual is given at least 15 automatically eligible to sit for the exam of their prior
days to prepare a defense. certification, without the need to submit additional
◆ A hearing is held on such charges, before a supporting materials but are required to pay the
designated panel, at which time the person is application fees.
given a full opportunity to be heard in his or If you are granted a Lifetime Certification, you will
her own defense, including the right to be receive a new certificate with your new designation.
presented by counsel, the right to cross- To display this new designation, you will use the
examine witnesses appearing, and to examine following: CPP – Life Certified (Retired), PSP – Life
documents material to said charges. Certified (Retired), or PCI – Life Certified (Retired).

ASIS International Certification Handbook -- 37

You cannot use the designation without these communicate directly with the certificant; they
qualifying descriptions. cannot share information with third parties.
To apply for lifetime certification, please complete
and submit this application at FILING A COMPLAINT
[email protected]. There is a $100 fee to
Complaints regarding the eligibility requirements, test
apply. scheduling, policies and procedures of the ASIS
certification program, certification personnel, or
RELEASE OF CANDIDATE AND another certificant may be filed in writing to the
Certification Director. Please submit your complaint in
CERTIFICANT INFORMATION writing and mail or email to
Release to third parties of confidential information of [email protected].
ASIS candidates and certificants is prohibited unless
Please provide sufficient objective evidence to
ASIS obtains signed permission from the candidate or
substantiate the complaint. All complaints will be
certificant to do so. Consent to release information
reviewed by the Certification Director and/or
must include to whom the candidate or certificant
members of the PCB Certificant Relations Committee.
information can be released and the information that
Receipt of your complaint will be sent to you and will
can be released.
include actions taken by ASIS to remedy the situation.
When the complaint has been resolved, the person
ASIS CERTIFICATES filing the complaint will be notified with the results of
All certificates related to the CPP, PCI, PSP, and APP the review.
designations are the sole property of ASIS
International. Suspended and revoked certificates ABOUT OUR TESTING PARTNER
must be returned to ASIS International Certification
Prometric is an independent testing company
Directors within 15 days of notice of suspension
currently under contract with ASIS to administer the
and/or revocation. The formerly certified individual
ASIS certification exams. Experts at Prometric work
should immediately cease from using the ASIS
closely with ASIS and the Professional Certification
International designations and removed them from all
Board (PCB) to develop exams that accurately
printed, electronic, or other forms of
evaluate a candidate’s knowledge of the security
communications.
profession. Prometric scores the exam, sends the
results to ASIS, and stores exam records. ASIS staff
THIRD-PARTY INTERVENTION and the PCB oversee Prometric’s activities to ensure
The Professional Certification Board (PCB) sets the that all aspects of the exam process meet certification
standards.
policies of the ASIS Certification Programs. There is an
appropriate and required “wall” between ASIS
certification activities and the ASIS Global Board, ASIS
staff, and ASIS’s CEO. Only the PCB can adjudicate
certification matters.

Because ASIS certification programs are accredited by

ANSI to the ISO/17024 Standard, involving third
parties to try to change a decision made by the PCB is
against ANSI accreditation requirements and doing so
jeopardizes ASIS accreditation status as an
international certification body. In addition, ASIS
strives to apply our policies consistently in order to be
fair to all. Allowing special “rules” to some is simply
not fair to the 10,000+ certificants who do follow the
policies. Finally, due to confidentiality requirements,
the PCB and the Certification Team can only

ASIS International Certification Handbook -- 38