Professional Documents
Culture Documents
ASIS INTERNATIONAL
CONTACT INFORMATION
EMAIL: certification@asisonline.org
PHONE: +1 703.519.6200
WEBSITE: asisonline.org
ADDRESS:
ASIS International
1625 Prince Street
Alexandria, Virginia
22314-2882, USA
b.) Experience with companies, associations, 1. Other eligibility requirements for the CPP,
government, or other organizations providing services PCI, or PSP still need to be met (e.g.,
or products, including consulting firms, provided the responsible charge or case management)
duties and responsibilities substantively relate to the
2. The APP designation will be expired if a
design, evaluation, and application of systems,
candidate obtains the CPP (you cannot hold
programs, or equipment, or development and
both designations at the same time)
operation of services, for protection of assets in the
private or public sectors. 3. Those who are already PCI- and/or PSP-
certified will be eligible to take the APP exam
TASK 8: Develop, implement, coordinate, and TASK 12: Evaluate and integrate technology into
evaluate policies, procedures, programs and security program to meet organizational goals
methods to protect individuals in the workplace
against human threats (e.g., harassment, violence) Knowledge of
1. Surveillance techniques and technology
Knowledge of 2. Integration of technology and personnel
1. Principles and techniques of policy and 3. Plans, drawings, and schematics
procedure development 4. Information security theory and systems
2. Protection personnel, technology, and methodology
processes
3. Regulations and standards governing or TASK 13: Coordinate and implement security policies
affecting the security industry and the that contribute to an information security program
protection of people, property, and
information Knowledge of
4. Educational and awareness program design 1. Practices to protect proprietary information
and implementation and intellectual property
2. Information protection technology,
TASK 9: Conduct and/or coordinate an investigations, and procedures
executive/personnel protection program 3. Information security program components
(e.g., asset protection, physical security,
Knowledge of procedural security, information systems
1. Travel security program components security, employee awareness, and
2. Executive/personnel protection program information destruction and recovery
components capabilities)
3. Protection personnel, technology, and 4. Information security threats
processes
Knowledge of Knowledge of
1. Principles and techniques of 1. Confidential information protection
policy/procedure development techniques and methods
2. Guidelines for individual and corporate 2. Relevant laws and regulations
behavior 3. Key concepts in the preparation of requests
3. Improvement techniques (e.g., pilot for proposals and bid reviews/evaluations
programs, education, and training) 4. Service Level Agreements (SLA) definition,
measurement and reporting
TASK 3: Develop procedures/techniques to measure 5. Contract law, indemnification, and liability
and improve departmental productivity insurance principles
6. Monitoring processes to ensure that
Knowledge of organizational needs and contractual
1. Communication strategies, methods, and requirements are being met
techniques 7. Vendor qualification and selection process
2. Techniques for quantifying
productivity/metrics/key performance DOMAIN THREE
indicators (KPI) Risk Management (25%)
3. Project management fundamentals tools and
techniques TASK 1: Conduct initial and ongoing risk assessment
4. Principles of performance evaluations, 360 processes
reviews, and coaching
Knowledge of
TASK 4: Develop, implement, and coordinate
security staffing processes and personnel 1. Risk management strategies (e.g., avoid,
development programs in order to achieve assume/accept, transfer, mitigate)
organizational objectives 2. Risk management and business impact
analysis methodology
3. Risk management theory and terminology
Knowledge of
(e.g., threats, likelihood, vulnerability,
1. Retention strategies and methodologies impact)
2. Job analysis processes
3. Cross-functional collaboration
TASK 2: Assess and prioritize threats to address
4. Training strategies, methods, and techniques
potential consequences of incidents
5. Talent management and succession planning
6. Selection, evaluation, and interview
Knowledge of
techniques for staffing
1. Potential threats to an organization
2. Holistic approach to assessing all-hazard
TASK 5: Monitor and ensure a sound ethical culture
in accordance with regulatory requirements and threats
organizational objectives 3. Techniques, tools, and resources related to
internal and external threats
Knowledge of
TASK 3: Prepare, plan, and communicate how the
1. Interpersonal communications and feedback organization will identify, classify, and address risks
techniques
2. Relevant laws and regulations
Knowledge of
3. Governance and compliance standards
4. Generally accepted ethical principles 1. Risk management compliance testing (e.g.,
5. Guidelines for individual and corporate program audit, internal controls, self-
behavior assessment)
2. Quantitative and qualitative risk assessments
3. Risk management standards
Knowledge of
1. Post-incident review techniques
2. Incident management systems and protocols
Knowledge of
1. Communication techniques and protocols of
liaison
2. Communication techniques and notification
protocols
Knowledge of
1. Training and exercise techniques
2. Post-incident review techniques
Knowledge of
TASK 3: Implement and manage an integrated
1. Protection personnel, hardware, technology, information security program
and processes
2. Audit and testing techniques (e.g., operation Knowledge of
testing) 1. Information security including confidentiality,
3. Predictive, preventive, and corrective integrity, and availability
maintenance 2. Information security systems methodology
3. Authentication techniques (e.g., multi-factor,
biometrics)
DOMAIN SIX 4. Continuous evaluation and improvement
Information Security (14% -- was 9%) programs
5. Ethical hacking and penetration testing
TASK 1: Conduct surveys to evaluate current status techniques and practices
of information security programs. 6. Encryption and data masking techniques
Knowledge of (e.g., cryptography)
1. Elements of an information security program, 7. Systems integration techniques (e.g.,
including physical security; procedural security; interoperability, licensing, networking)
information systems security; employee 8. Cost-benefit analysis methodology
awareness; and information destruction and 9. Project management techniques
recovery capabilities. 10. Budget review process (e.g., system
2. Survey techniques development lifecycle)
3. Quantitative and qualitative risk assessments 11. Vendor evaluation and selection process
4. Risk mitigation strategies (e.g., technology, 12. Final acceptance and testing procedures
personnel, process, facility design) 13. Protection technology and forensic
5. Cost-benefit analysis methods investigations
6. Protection technology, security threats 14. Training and awareness programs to mitigate
equipment, and procedures (e.g., threats and vulnerabilities (e.g., phishing,
interoperability) social engineering, ransomware, insider
7. Information security threats threats)
8. Integration of facility and system plans,
drawings, and schematics
DOMAIN THREE
Case Presentation (15%)
TASK 1: Prepare report to substantiate investigative
findings.
Knowledge of
1. Critical elements and format of an investigative
2. report
3. Investigative terminology
4. Logical sequencing of information
Common problems encountered during a remotely Please make sure your contact information –
proctored exam include: especially your email address – is current in your
online account. Also make sure to whitelist emails
◆ Weak internet connection or bandwidth from asisonline.org.
issues.
◆ Camera or microphone not working.
◆ Proper ID not provided to proctor APPLICATION FEES
ASIS exams are offered at Prometric test centers
If your internet bandwidth is poor and you lose throughout the world or through Prometric’s
internet connectivity and/or your webcam and ProProctor platform, which allows you to take the
microphone are inoperable, and you are not able to exam at your home.
complete your exam, you will forfeit the exam fee In January 2022, the ASIS Global Board of Directors
paid and will have to pay an exam retake fee in order voted to raise the certification fees as outlined below.
to test within your two-year eligibility period The ASIS Board also approved special fees for those
individuals who live in Emerging Markets, as
APPLYING FOR THE EXAMS identified by the World Bank.
The certification application must be filled out online. View the list of countries identified as Emerging
Markets by the World Bank.
Once your application has been reviewed and approved,
To receive the member discount, please become a
you will receive an authorization to test email with
instructions on how to schedule your exam. Please allow member BEFORE submitting your certification
approximately two to three weeks for your application to application.
be reviewed.
Fees for the CPP, PCI, and PSP:
Make sure the name you submit on your application
EXACTLY matches the name of your government-
ASIS members: $550
issued photo ID. If they do not match, you will not Emerging Market 1: $450
be permitted to take the exam. Emerging Market 2: $430
Nonmembers: $855
Application Documents You’ll Need: Emerging Market 1: $680
◆ Unofficial transcription from an accredited Emerging Market 2: $645
institution of higher education (if applicable)
Choosing Your Exam (English or Spanish) Due to frequent cancellations and short notification
The CPP, PCI, PSP, and APP exams are administered in rescheduling, Prometric has indicated that there may
English and Spanish. For the Spanish-language exams, be inadequate capacity at centers where the ASIS
you are also given an English translation. During the International examinations are administered.
online application process, you will choose the Managing the process of scheduling and rescheduling
language for your exam (English or Spanish). Those appointments is critical to ensure that all candidates
who select a Spanish-language exam will be assigned can obtain a testing appointment on the date and time
a Spanish-speaking proctor. requested.
ASIS does not grant extensions due to job demands, Note that you may only take the exam up to three
company budgets, employment status, personal times during your two-year candidacy. Once your
finances, changes in marital status, changes in mailing two-year candidacy has expired, you must reapply to
address, and other personal or professional reasons. take the exam and pay the applicable fees.
Extensions may be granted if there is a severe Cancellation policies apply to both test center and
hardship such as a major medical emergency in the remotely proctored exams. Prometric makes NO
immediate family, a natural disaster, or if on active exceptions to this rule.
military duty and deployed into a remote or
hazardous area. The applicant is required to provide “No Shows”
documentation of extenuating circumstances (e.g.,
doctor’s note). Military personnel will need to verify If you fail to cancel or reschedule your exam and you
their deployment status by submitting a copy of do not take the exam on the scheduled day, you will
official deployment orders. This does not apply to be considered a “no show” and all testing fees will be
individuals who are military contractors. Severe forfeited. ASIS understands that emergencies do
hardship must be documented and verifiable. happen. If you do not appear for your exam for any of
the following reasons, you will have 14 days from
In times of crises that affect many people at one time your scheduled appointment day to provide the
(e.g., pandemic, national emergencies, natural documentation below and reschedule your exam:
disasters), extension policies may be modified in the 1. Death in the immediate family
short term. All affected by the crisis will be notified of
the policy changes.
ASIS Certification Code of Professional All those applying for an ASIS exam will sign the
following attestation on the application.
Responsibility
By my signature, I attest that the information I submit
ASIS board certified security professionals and herein or in any required accompanying or subsequent
applicants for certification must adhere to the Code documentation is true and accurate to the best of my
of Professional Responsibility, agreeing to: knowledge.
◆ Perform professional duties in accordance
I understand that persons who apply for certification as
with the law and the highest moral
a Certified Protection Professional (CPP), Professional
principles. Noncompliance includes any acts Certified Investigator (PCI), Physical Security Professional
or omissions amounting to unprofessional (PSP), or Associate Protection Professional (APP), or
conduct and deemed prejudicial to the persons who have been certified by ASIS International,
certification. are subject to ASIS International’s eligibility
◆ Observe the precepts of truthfulness, requirements for certification, recertification, and to the
honesty, and integrity. ASIS Certification Code of Professional Responsibility.
◆ Be faithful, competent, and diligent in
discharging their professional duties. I understand that in order to maintain my certification, I
◆ Safeguard confidential and privileged must recertify every three years by reporting a specified
information and exercise due care to number of Continuing Professional Education (CPE)
prevent its improper disclosure. credits, in accordance with ASIS policy and procedures
◆ Not maliciously injure the professional for submitting such reports. I understand that CPE
reputation or practice of colleagues, clients, credits may be earned through education programs and
or employees. courses and other activities, and that all CPEs must
conform to the requirements specified in ASIS
Any act deemed prejudicial to the certification may
International’s Recertification Guide. I further
result in denial of approval to take the certification
understand that from time to time ASIS International
examination or disciplinary action by the Professional
may amend its requirements, policies, and procedures
Certification Board (PCB), up to and including
to include initial certification, recertification, and the
revocation of certification. Such acts may include, but
Code of Professional Responsibility.
are not limited to:
◆ Providing false or misleading statements or I also understand that I may be subject to audit at any
information when applying to take the time and that ASIS International reserves the right to
certification examination or to recertify. take action for failure to comply with the audit
◆ Any act or omission that violates the procedures.
provisions of the ASIS Certification Code of
While holding ASIS International certification, I agree to
Professional Responsibility.
notify ASIS International in writing immediately if I fail
◆ Any act that violates the criminal or civil laws
to comply with any of the requirements for gaining or
of any jurisdiction. maintaining certification or recertification, such as, but
◆ Any act that is the proper basis for not limited to, no longer working the profession, no
suspension or revocation of a professional longer holding Lifetime Retired status due to returning
license. to full-time employment, failing to earn the number of
◆ Any act or omission that violates the PCB CPE credits needed to maintain certification or to be
Disciplinary Rules and Procedures. recertified, or having been disciplined – including
◆ Failure to cooperate with the PCB’s Board of suspension, expulsion, or loss of the credential – as a
Professional Review in performance of its result of having been found in violation of the Code of
duties in investigating any allegation against Professional Responsibility. I also agree to notify ASIS
an applicant or current certificant. International in writing of any address or name