PCI Certification

appea
ASIS INTERNATIONAL
CONTACT INFORMATION
ASIS is here to help! This Handbook covers all the information on
ASIS’ four certification programs. If you have questions after
reviewing the Handbook, please contact the Certification Team at:
EMAIL: certification@asisonline.org
PHONE: +1 703.519.6200
WEBSITE: asisonline.org
ADDRESS:
ASIS International
1625 Prince Street
Alexandria, Virginia
22314-2882, USA
OFFICE HOURS: Monday through Friday,

9:00 am to 5:00 pm, Eastern Standard Time (except US-based
holidays).
CONTENTS
ASIS International Board Certifications .......................................................................................... 6
ASIS Professional Certification Board (PCB) ................................................................................... 6
ASIS International Certification Programs ...................................................................................... 6
Certification vs. Certificate Programs ......................................................................................... 7
Why Choose an ASIS Certification? ............................................................................................ 7
Is ASIS membership required? ................................................................................................... 7
Which Exam is Right for You? .................................................................................................... 7
Eligibility Requirements for all Applicants ...................................................................................... 8
Eligibility Requirement Changes in 2021 ........................................................................................ 8
APP: Board Certification in Security Management Fundamentals .................................................. 9
APP Eligibility Requirements ...................................................................................................... 9
APP Eligibility Requirements with an ASIS Certification .............................................................. 9
APP Body of Knowledge .............................................................................................................. 10
CPP: Board Certification in Security Management ....................................................................... 15
CPP Eligibility Requirements .................................................................................................... 15
CPP Body of Knowledge ............................................................................................................... 16
PCI: Board Certification in Investigations ..................................................................................... 21
PCI Eligibility Requirements ......................................................................................................... 21
PCI Body of Knowledge ................................................................................................................ 21
PSP: Board Certification in Physical Security ................................................................................ 24
PSP Eligibility Requirements ........................................................................................................ 24
PSP Body of Knowledge ............................................................................................................... 24
Taking Exams Remotely ............................................................................................................... 28
Applying for the Exams ................................................................................................................ 28
Application Documents You’ll Need: ........................................................................................ 28
Deadline Reminders ................................................................................................................ 28
Application Fees .......................................................................................................................... 28
Fees for the CPP, PCI, and PSP: ................................................................................................ 28
Fees for the APP: ..................................................................................................................... 29
Refunds ................................................................................................................................... 29
Retesting ................................................................................................................................. 29
Retest fees for the CPP, PCI, and PSP: ...................................................................................... 29
Retest fees for the APP: ........................................................................................................... 29
Approval Notification from ASIS .............................................................................................. 29
Appealing a Decision ............................................................................................................... 29
Scheduling Your Exam ................................................................................................................. 30
Making Your Exam Appointment ............................................................................................. 30
Testing Accommodations for Candidates with Disabilities and Other Special Considerations .. 31
Extension Policies – Exam Applications .................................................................................... 31
“No Shows” ............................................................................................................................. 31
On Exam Day ............................................................................................................................... 32
Check-in at a Prometric Testing Center .................................................................................... 32
What to Bring and Not Bring to Testing Center ........................................................................ 32
Check-in for Remotely Proctored Exams .................................................................................. 32
Check-in ID Requirements ....................................................................................................... 33
During the Exam ...................................................................................................................... 33
Exam Results ........................................................................................................................... 34
Weather Emergencies ............................................................................................................. 34
How Are the Exams Structured? .................................................................................................. 34
Scoring the Exam ..................................................................................................................... 34
Studying for the Exam ................................................................................................................. 35
Exam Preparation Resources ................................................................................................... 35
Free Study Tools ...................................................................................................................... 36
I Passed the Exam, Now What? ................................................................................................... 36
Recertification ......................................................................................................................... 36
ASIS Application and Certificant Policies ...................................................................................... 36
Statement of Impartiality ............................................................................................................ 36
ASIS Certification Code of Professional Responsibility.............................................................. 37
Attestation of Continued Eligibility for Certification ................................................................. 37
Revocation of Certification .......................................................................................................... 38
Lifetime Designation.................................................................................................................... 38
Release of Candidate and Certificant Information ....................................................................... 39
ASIS Certificates .......................................................................................................................... 39
Third-Party Intervention .............................................................................................................. 39
Filing a Complaint ........................................................................................................................ 39
About Our Testing Partner........................................................................................................... 39
International Organization for Standardization (ISO)
About This Handbook 17024.
This Handbook contains all the policies and
procedures of ASIS’s four certification programs. All THE SAFETY ACT DESIGNATION
those applying to take an ASIS certification exam
must agree to comply with the information contained
in this manual. This handbook was updated 1 ASIS board-certified professionals, their employers, and
December 2022 and supersedes all previous their customers are protected from lawsuits involving the
ASIS certification process that arise out of an act of
versions.
terrorism.
ASIS INTERNATIONAL BOARD ASIS PROFESSIONAL CERTIFICATION

CERTIFICATIONS BOARD (PCB)
ASIS International was the first organization to offer a The ASIS certification programs are governed by the
credential specifically for security managers, and our Professional Certification Board (PCB). The PCB
programs remain the global standard. Developed by establishes all policies related to the program
practitioners for practitioners, ASIS board including eligibility requirements, body of knowledge,
certifications provide you with a competitive edge. and exam development. All PCB directors are CPP,
Distinguished by their global development and PCI, PSP, and/or APP certified.
application, ASIS certifications are transferable across Directors of the Professional Certification Board (PCB)
all industry sectors and geographic borders. The role manage the certification programs by assuring that
and tasks of security managers are researched and standards are developed and maintained, quality
documented to define each certification. In addition, assurance is in place, and the exams accurately reflect
a job analysis is routinely conducted to ensure the the duties and responsibilities of security professionals in
exams reflect current practices. the areas of security management, investigations, and
Our requirements are demanding and consequently, physical security. The PCB is a committee of the ASIS
our certifications are held only by a distinguished Global Board of Directors. Directors of the PCB are
group of professionals. Earning your CPP®, PCI®, PSP®, chosen through a nomination process. The board meets
or APP conveys to your peers, employees, and three times per year.
employer that you possess substantial, relevant
experience as well as demonstrated and tested ASIS INTERNATIONAL CERTIFICATION
competence.
PROGRAMS
Certification serves as a visible acknowledgment of your
demonstrated mastery of core security principles and
skills essential to the best practice of security
management.
However, not all certifications are equal. To truly set

yourself apart, you need a certification that encourages
professional growth. One that is globally recognized as
the standard for professionalism. You need an ASIS
AN INTERNATIONALLY RECOGNIZED, GLOBALLY Board Certification.
ACCREDITED PROGRAM By earning a CPP, PCI, PSP, or APP, your employer,
ASIS board certifications are developed and clients, and colleagues will instantly recognize you as
maintained through a rigorous process exemplified the “best of the best.” Earning an ASIS certification is a
through the program’s accreditation by the ANSI milestone accomplishment that will help you reach your
career goals.
National Accreditation Board (ANAB) against the
ASIS International Certification Handbook -- 6

Certification vs. Certificate Programs Is ASIS membership required?
People are often unclear about the difference Membership to ASIS is not required, however,
between a certification program and a certificate members enjoy many advantages, including discounts
program. The goal of both types of programs are on all certification-related products and services
meant for professional development of industry
including exam fees, prep materials, study groups,
experts.
and more! And, once you get certified, ASIS members
Professional certification (such as the CPP, PCI, PSP, continue to receive discounts for their required
and APP) is the voluntary process by which a third- continuing education credits. Before applying to take
party organization grants a time-limited recognition an ASIS certification exam, become a member first.
and use of a credential to an individual after verifying
Right away, you’ll see the benefits!
that he or she has met predetermined and
standardized criteria, usually through eligibility
requirements and an exam. Most professional Which Exam is Right for You?
certification programs require that certificants ASIS offers four certifications for those in security-
recertify their designation after a set amount of time related fields:
to ensure they are remaining current and
knowledgeable in the industry. ◆ Certified Protection Professional (CPP)
A certificate program is a training program on a ◆ Professional Certified Investigator (PCI)

specialized topic for which participants receive a ◆ Physical Security Professional (PSP)
certificate after completing the course. Some ◆ Associate Protection Professional (APP)
certificate programs require attendees to pass an
assessment of some kind to verify they’ve learned Some professionals hold one ASIS certification, some
what the class was teaching. Many certificate two, and some hold three (the APP cannot be held in
programs will provide a “certificate of completion” at conjunction with the CPP). Here is an overview of all
the end of the course. ASIS offers a number of four programs:
certificate programs, many of which can be used to
◆ The Certified Protection Professional (CPP)
acquire Continuing Professional Education (CPE)
program is designed for those who have
credits that can be used to prepare for ASIS’
demonstrated competency in all areas of
certification programs or used to recertify your
security management.
designation.
◆ The Professional Certified Investigator (PCI)
Why Choose an ASIS Certification? program is designed for those whose
◆ Elevate your professional stature and peer responsibilities include case management,
recognition evidence collections, and preparation of
◆ Gain a competitive edge in job placement or reports and testimony to substantiate
advancement within your organization findings.
◆ Realize deep personal satisfaction and ◆ The Physical Security Professional (PSP)
professional achievement program is designed for those whose primary
◆ Broaden your knowledge base responsibility is to conduct threat surveys,
◆ Keep updated on best practices design integrated security systems that
◆ Achieve global recognition as a highly motivated include equipment, procedures, and people,
expert in your field or install, operate, and maintain those
ASIS board certified practitioners are leaders, willing systems.
mentors, and trusted strategic partners, serving both ◆ The Associate Protection Professional (APP)
their organizations and the profession.
program is designed for those with 1-4 years
Today, security professionals from 91 countries of experience in the fundamentals of security
proudly maintain their ASIS board certifications. management.
ASIS highly recommends reviewing the body of
knowledge for each program (outlined below). All

questions on the exams relate to one of the domains ◆ Not have been convicted of any criminal
listed in each program’s body of knowledge. Using the offense that would reflect negatively on the
body of knowledge, make an honest assessment of your security profession, ASIS, or the certification
own experiences in each domain. Not only will this help
you decide which exam is right for you; it will also help program
you structure your study needs. ◆ Sign and agree to abide by the ASIS
Certification Code of Professional
ELIGIBILITY REQUIREMENTS FOR ALL Responsibility (see pg. 36)
APPLICANTS ◆ Agree to abide by the policies of the ASIS
The following pages outline the eligibility Certification programs as described in this
requirements and body of knowledge for each ASIS handbook and the ASIS Recertification Guide.
certification program. In addition to the specific
eligibility requirements below, all applicants and
certificants must: ELIGIBILITY REQUIREMENT CHANGES IN
◆ Have been employed full-time in a security- 2021
related role. Current employment is not In 2020, the PCB voted to slightly reduce the eligibility
required. requirements for all four certification programs.
◆ Up to one year of internship experience can These changes were made after a thorough review of
be counted towards this requirement, how the security management profession has
matured in the past 40 years (when the CPP was
provided it is directly relevant to the
launched), how our programs compare to other
certification and full-time (internships can be
security-related certifications, and a review of the
unpaid).
educational and experience histories of our
applicants.
2021 ELIGIBILITY REQUIREMENTS
APP PSP PCI CPP
No Higher Education 3 years 5 (4) years 5 (4) years 7 (6) years
Bachelor’s Degree 2 years 4 (3) years 4 (3) years 6 (5) years
Master’s Degree 1 year 3 (3) years 3 (3) years 5 (4) years
Responsible Charge/Case Mgt 0 years 0 years 2 years 3 years

Associate Protection Professional
c.) Experience as a full-time educator on the faculty
APP: BOARD CERTIFICATION IN of an accredited educational institution, provided
SECURITY MANAGEMENT the responsibilities for courses and other duties
FUNDAMENTALS relate primarily to knowledge areas pertinent to
the management and operation of protection of
ASIS International launched the Associate Protection
assets programs in the public or private sectors.
Professional (APP) certification program in 2019, as
part of ASIS International’s ongoing strategy to offer APP Eligibility Requirements with an ASIS
professional development and educational
Certification
opportunities for professionals at all levels of the
security management field. The chart below shows how the eligibility
requirements would be altered for those holding the
The Associate Protection Professional (APP)
APP designation
designation is intended for those with 1-3 years of
security management experience*. The exam will With With No
measure the professional’s knowledge of security Master’s Bachelor’s Degree
management fundamentals, business operations, risk CPP Degree Degree
management, and response management. Current
Experience 5 years 6 years 7 years
APP Eligibility Requirements Requirements
With an APP 4 years 5 years 6 years
Security Management Education With With No
Experience* Master’s Bachelor’s Degree
One year Master’s degree (or PCI Degree Degree
international
Current
equivalent)
Experience 3 years 4 years 5 years
Two years Bachelor’s degree (or
Requirements
international
equivalent) With an APP 3 years 3 years 4 years
With With No
Three years No higher education
degree Master’s Bachelor’s Degree
PSP Degree Degree
Current
a.) Experience as a security professional in the Experience 3 years 4 years 5 years
protection of assets, in the public or private sector, Requirements
criminal justice system, government intelligence, or With an APP 3 years 3 years 4 years
investigative agencies
b.) Experience with companies, associations, 1. Other eligibility requirements for the CPP,
government, or other organizations providing services PCI, or PSP still need to be met (e.g.,
or products, including consulting firms, provided the responsible charge or case management)
duties and responsibilities substantively relate to the
2. The APP designation will be expired if a
design, evaluation, and application of systems,
candidate obtains the CPP (you cannot hold
programs, or equipment, or development and
both designations at the same time)
operation of services, for protection of assets in the
private or public sectors. 3. Those who are already PCI- and/or PSP-
certified will be eligible to take the APP exam

(provided they meet the requirements of the
individual program) Knowledge of
4. CPPs are not permitted to take the APP 1. Roles and responsibilities of external
exam organizations and agencies
1. Local, national, and international
public/private partnerships
APP BODY OF KNOWLEDGE 2. Methods for creating effective working
To be awarded the APP designation, a candidate must relationships
pass a comprehensive examination consisting of
approximately 125 multiple-choice questions. The TASK 4: Develop, implement, and coordinate
candidate will select one answer from the four employee security awareness programs
choices offered. In total, there are 100 “live,”
scoreable questions and up to 25 pre-test questions. Knowledge of
Knowledge in four major areas (domains) is tested. 1. The nature of verbal and non-verbal
communication and cultural considerations
The importance of each domain, and the tasks, 2. Security industry standards
knowledge, and skills within it, determine the 3. Training methodologies
specifications of the APP examination. The relative 4. Communication strategies, techniques, and
order of importance of the domains determines the methods
percentage of the total exam questions. 5. Security awareness program objectives and
metrics
DOMAIN ONE
TASK 5: Implement and/or coordinate an
Security Fundamentals (35%) investigative program
TASK 1: Implement and coordinate the
organization’s security program(s) to protect the Knowledge of
organization’s assets 1. Report preparation for internal purposes and
legal proceedings
Knowledge of 2. Components of investigative processes
3. Types of investigations (e.g., incident,
1. Security theory and terminology
misconduct, compliance)
2. Project management techniques
3. Security industry standards 4. Internal and external resources to support
4. Protection techniques and methods investigative functions
5. Security program and procedures
TASK 6: Provide coordination, assistance, and
assessment
evidence such as documentation and testimony to
6. Security principles of planning,
support legal proceedings
organization, and control
TASK 2: Implement methods to improve the security Knowledge of

program on a continuous basis through the use of 1. Required components of effective
auditing, review, and assessment documentation (e.g., legal, employee,
procedural, policy, compliance)
Knowledge of 2. Evidence collection and protection
1. Data collection and intelligence analysis techniques
3. Relevant laws and regulations regarding
techniques
records management, retention, legal holds,
2. Continuous assessment and improvement
processes and destruction practices (Note: No country-
3. Audit and testing techniques specific laws will be on the APP exam)
TASK 7: Conduct background investigations for

hiring, promotion, and/or retention of individuals
TASK 3: Develop and coordinate external relations
programs with public sector law enforcement or
other external organizations to achieve security
objectives

Knowledge of Knowledge of
1. Background investigations and personnel 1. Risk mitigation techniques (e.g., technology,
screening techniques personnel, process, facility design,
2. Quality and types of information and data infrastructure)
sources 2. Physical security protection equipment,
3. Criminal, civil, and employment law and technology, and personnel
procedures 3. Security survey techniques
TASK 8: Develop, implement, coordinate, and TASK 12: Evaluate and integrate technology into
evaluate policies, procedures, programs and security program to meet organizational goals
methods to protect individuals in the workplace
against human threats (e.g., harassment, violence) Knowledge of
1. Surveillance techniques and technology
Knowledge of 2. Integration of technology and personnel
1. Principles and techniques of policy and 3. Plans, drawings, and schematics
procedure development 4. Information security theory and systems
2. Protection personnel, technology, and methodology
processes
3. Regulations and standards governing or TASK 13: Coordinate and implement security policies
affecting the security industry and the that contribute to an information security program
protection of people, property, and
information Knowledge of
4. Educational and awareness program design 1. Practices to protect proprietary information
and implementation and intellectual property
2. Information protection technology,
TASK 9: Conduct and/or coordinate an investigations, and procedures
executive/personnel protection program 3. Information security program components
(e.g., asset protection, physical security,
Knowledge of procedural security, information systems
1. Travel security program components security, employee awareness, and
2. Executive/personnel protection program information destruction and recovery
components capabilities)
3. Protection personnel, technology, and 4. Information security threats
processes
TASK 10: Develop and/or maintain a physical DOMAIN TWO

security program for an organizational asset Business Operations (22%)
Knowledge of TASK 1: Propose budgets and implement financial

1. Resource management techniques controls to ensure fiscal responsibility
2. Preventive and corrective maintenance for
systems Knowledge of
3. Physical security protection equipment, 1. Data analysis techniques and cost-benefit
technology, and personnel analysis
4. Security theory, techniques, and processes 2. Principles of business management accounting,
5. Fundamentals of security system design control, and audits
3. Return on Investment (ROI) analysis
TASK 11: Recommend, implement, and coordinate 4. Fundamental business finance principles and
physical security controls to mitigate security risks financial reporting
5. Budget planning process
6. Required components of effective
documentation (e.g., budget, balance sheet,
vendor work order, contracts)

TASK 2: Implement security policies, procedures, TASK 6: Provide advice and assistance in developing
plans, and directives to achieve organizational key performance indicators and negotiate
objectives contractual terms for security vendors/suppliers
Knowledge of Knowledge of
1. Principles and techniques of 1. Confidential information protection
policy/procedure development techniques and methods
2. Guidelines for individual and corporate 2. Relevant laws and regulations
behavior 3. Key concepts in the preparation of requests
3. Improvement techniques (e.g., pilot for proposals and bid reviews/evaluations
programs, education, and training) 4. Service Level Agreements (SLA) definition,
measurement and reporting
TASK 3: Develop procedures/techniques to measure 5. Contract law, indemnification, and liability
and improve departmental productivity insurance principles
6. Monitoring processes to ensure that
Knowledge of organizational needs and contractual
1. Communication strategies, methods, and requirements are being met
techniques 7. Vendor qualification and selection process
2. Techniques for quantifying
productivity/metrics/key performance DOMAIN THREE
indicators (KPI) Risk Management (25%)
3. Project management fundamentals tools and
techniques TASK 1: Conduct initial and ongoing risk assessment
4. Principles of performance evaluations, 360 processes
reviews, and coaching
Knowledge of
TASK 4: Develop, implement, and coordinate
security staffing processes and personnel 1. Risk management strategies (e.g., avoid,
development programs in order to achieve assume/accept, transfer, mitigate)
organizational objectives 2. Risk management and business impact
analysis methodology
3. Risk management theory and terminology
Knowledge of
(e.g., threats, likelihood, vulnerability,
1. Retention strategies and methodologies impact)
2. Job analysis processes
3. Cross-functional collaboration
TASK 2: Assess and prioritize threats to address
4. Training strategies, methods, and techniques
potential consequences of incidents
5. Talent management and succession planning
6. Selection, evaluation, and interview
Knowledge of
techniques for staffing
1. Potential threats to an organization
2. Holistic approach to assessing all-hazard
TASK 5: Monitor and ensure a sound ethical culture
in accordance with regulatory requirements and threats
organizational objectives 3. Techniques, tools, and resources related to
internal and external threats
Knowledge of
TASK 3: Prepare, plan, and communicate how the
1. Interpersonal communications and feedback organization will identify, classify, and address risks
techniques
2. Relevant laws and regulations
Knowledge of
3. Governance and compliance standards
4. Generally accepted ethical principles 1. Risk management compliance testing (e.g.,
5. Guidelines for individual and corporate program audit, internal controls, self-
behavior assessment)
2. Quantitative and qualitative risk assessments
3. Risk management standards

4. Vulnerability, threat, and impact TASK 3: Conduct a post-incident review
assessments
Knowledge of
TASK 4: Implement and/or coordinate 1. Mitigation opportunities during response
recommended countermeasures for new risk and recovery processes
treatment strategies 2. Post-incident review techniques
Knowledge of TASK 4: Implement contingency plans for common

1. Countermeasures types of incidents (e.g., bomb threat, active shooter,
2. Mitigation techniques natural disasters)
3. Cost-benefit analysis methods for risk
treatment strategies Knowledge of
1. Short- and long-term recovery strategies
TASK 5: Establish a business continuity or continuity 2. Incident management systems and protocols
of operations plan (COOP)
TASK 5: Identify vulnerabilities and coordinate
Knowledge of additional countermeasures for an asset in a
1. Business continuity standards degraded state following an incident
2. Emergency planning techniques
3. Risk analysis Knowledge of
4. Gap analysis 1. Triage/prioritization and damage assessment
techniques
TASK 6: Ensure pre-incident resource planning (e.g., 2. Prevention, intervention, and response
mutual aid agreements, table-top exercises) tactics
Knowledge of TASK 6: Assess and prioritize threats to mitigate

1. Data collection and trend analysis techniques consequences of incidents
2. Techniques, tools, and resources related to
internal and external threats Knowledge of
3. Quality and types of information and data 1. Triage/prioritization and damage assessment
sources techniques
4. Holistic approach to assessing all-hazard 2. Resource management techniques
threats
TASK 7: Coordinate and assist with evidence
DOMAIN FOUR collection for post-incident review (e.g.,
Response Management (18%) documentation, testimony)
TASK 1: Respond to and manage an incident using Knowledge of

best practices 1. Communication techniques and notification
protocols
Knowledge of 2. Communication techniques and protocols of
1. Primary roles and duties in an incident liaison
command structure
2. Emergency operations center (EOC) TASK 8: Coordinate with emergency services during
management principles and practices incident response
TASK 2: Coordinate the recovery and resumption of Knowledge of

operations following an incident 1. Emergency operations center (EOC) concepts
and design
Knowledge of 2. Emergency operations center (EOC)
1. Recovery assistance resources management principles and practices
2. Mitigation opportunities during response 3. Communication techniques and protocols of
and recovery processes liaison

TASK 9: Monitor the response effectiveness to
incident(s)
Knowledge of
1. Post-incident review techniques
2. Incident management systems and protocols
TASK 10: Communicate regular status updates to

leadership and other key stakeholders throughout
incident
Knowledge of
1. Communication techniques and protocols of
liaison
2. Communication techniques and notification
protocols
TASK 11: Monitor and audit the plan of how the

organization will respond to incidents
Knowledge of
1. Training and exercise techniques
2. Post-incident review techniques

Certified Protection Professional
CPP: BOARD CERTIFICATION IN a.) Experience as a security professional in the

SECURITY MANAGEMENT protection of assets, in the public or private sector,
The gold standard for more than 40 years, the criminal justice system, government intelligence, or
Certified Protection Professional (CPP®) credential investigative agencies.
provides demonstrable proof of knowledge and
management skills in seven key domains of security. b.) Experience with companies, associations,
government, or other organizations providing
Earning a CPP provides independent confirmation of services or products, including consulting firms,
your ability to assume leadership responsibilities and
provided the duties and responsibilities
effectively manage broad security concerns.
substantively relate to the design, evaluation,
and application of systems, programs, or
CPP Eligibility Requirements equipment, or development and operation of
Candidates wishing to take the CPP examination must
services, for protection of assets in the private or
meet the following eligibility requirements:
public sectors.
WORK EXPERIENCE c.) Experience as a full-time educator on the faculty

Without higher education degree: of an accredited educational institution, provided
Seven (7) years of security experience (or six years if the responsibilities for courses and other duties
you already hold an APP), at least three (3) years of
relate primarily to knowledge areas pertinent to
which shall have been in responsible* charge of a
security function.
assets programs in the public or private sectors.
With a higher education degree:
*Experience is defined as the individual having been
Master’s Degree or international equivalent from an personally engaged in security or loss prevention on a
accredited institution of higher education and have full-time basis or as a primary duty. Included is:
five (5) years of security experience (or four years if
you already hold an APP), at least three (3) years of ** Responsible charge means that the applicant has
which shall have been in responsible charge* of a the authority to make independent decisions and take
security function. independent actions to determine operational
OR methodology and manage execution of a security
Bachelor’s Degree or international equivalent from related project or process. This definition does not
an accredited institution of higher education and
require the individual to supervise others and
have six (6) years of security experience (or five years
generally excludes such positions as patrol officer or
if you already hold an APP), at least three (3) years of
which shall have been in responsible charge** of a the equivalent.
security function.

3. Potential security threats (e.g., "all hazards,"
CPP BODY OF KNOWLEDGE criminal activity, terrorism, consequential)
To be awarded the CPP designation, a candidate must
pass a comprehensive examination consisting of TASK 3: Evaluate methods to improve the security
approximately 225 multiple-choice questions. The program on a continuous basis through the use of
candidate will select one answer from the four auditing, review, and assessment.
choices offered. In total, there are 200 “live,” Knowledge of
scoreable questions and up to 25 pre-test questions.
1. Cost-benefit analysis methods
Knowledge in seven major areas (domains) is tested.
2. Risk management strategies (e.g., avoid,
The importance of each domain, and the tasks, assume/accept, transfer, spread)
knowledge, and skills within it, determine the 3. Risk mitigation techniques (e.g., technology,
specifications of the CPP examination. The relative personnel, process, facility design)
order of importance of the domains determines the 4. Data collection and trend analysis techniques
percentage of the total exam questions.
TASK 4: Develop and manage professional
relationships with external organizations to achieve
In 2019/2020, ASIS conducted a job analysis study to
ensure the CPP Body of Knowledge still represents the security objectives.
knowledge and skills needed to be a successful Knowledge of
security manager. Minor changes were made and 1. Roles and responsibilities of external
noted below in red (these are minor changes that did organization and agencies
not change the meaning and were made for better 2. Methods for creating effective working
clarity). Completely new information is marked in relationships
green (Domain One, Task One and Domain Three, 3. Techniques and protocols of liaison
Task 4). Exam questions regarding the new 4. Local and national public/private
information will start to appear on the exam in early partnerships
2021.
TASK 5: Develop, implement, and manage workforce
DOMAIN ONE security awareness programs to achieve
Security Principles and Practices (22% -- was organizational goals and objectives.
Knowledge of
21%)
1. Training methodologies
TASK 1: Plan, develop, implement, and manage the 2. Communication strategies, techniques, and
organization’s security program to protect the methods
organization’s assets. 3. Awareness program objectives and program
Knowledge of metrics
1. Principles of planning, organization, and 4. Elements of a security awareness program
control (e.g., roles and responsibilities, physical risk,
2. Security theory, techniques, and processes communication risk, privacy)
(e.g., artificial intelligence, IoT)
3. Security industry standards (e.g., ASIS/ISO) DOMAIN TWO
4. Continuous assessment and improvement
processes Business Principles and Practices (15% --
5. Cross-functional organizational collaboration was 13%)
6. Enterprise Security Risk Management
(ESRM) TASK 1: Develop and manage budgets and financial
controls to achieve fiscal responsibility.
TASK 2: Develop, manage, or conduct the security Knowledge of
risk assessment process. 1. Principles of management accounting,
Knowledge of control, audits, and fiduciary responsibility
1. Quantitative and qualitative risk assessments 2. Business finance principles and financial
2. Vulnerability, threat, and impact reporting
assessments 3. Return on Investment (ROI) analysis
4. The lifecycle for budget planning purposes

TASK 2: Develop, implement, and manage policies, TASK 6: Develop performance requirements and
procedures, plans, and directives to achieve contractual terms for security vendors/suppliers.
organizational objectives. Knowledge of
Knowledge of
1. Key concepts in the preparation of requests
1. Principles and techniques of
for proposals and bid reviews/evaluations
policy/procedures development
2. Service Level Agreement (SLA) terms,
2. Communication strategies, methods, and
metrics, and reporting
techniques
3. Contract law, indemnification, and liability
3. Training strategies, methods, and techniques
insurance principles
4. Cross-functional collaboration
4. Monitoring processes to ensure that
5. Relevant laws and regulations
organizational needs and contractual
requirements are being met
TASK 3: Develop procedures/techniques to measure
and improve organizational productivity.
Knowledge of
DOMAIN THREE
1. Techniques for quantifying Investigations (9% -- was 10%)
productivity/metrics/key performance
TASK 1: Identify, develop, implement, and manage
indicators (KPI)
investigative operations.
2. Data analysis techniques and cost-benefit
analysis Knowledge of
3. Improvement techniques (e.g., pilot/beta 1. Principles and techniques of policy and
testing programs, education, training) procedure development
2. Organizational objectives and cross-
TASK 4: Develop, implement, and manage security functional collaboration
staffing processes and personnel development programs 3. Types of investigations (e.g., incident,
in order to achieve organizational objectives. misconduct, compliance, due diligence)
Knowledge of 4. Internal and external resources to support
1. Interview techniques for staffing investigative functions
2. Candidate selection and evaluation 5. Report preparation for internal/external
techniques purposes and legal proceedings
3. Job analysis processes 6. Laws pertaining to developing and
4. Pre-employment background screening managing investigative programs
5. Principles of performance evaluations, 360
reviews, and coaching/mentoring TASK 2: Manage or conduct the collection,
6. Interpersonal and feedback techniques preservation, and disposition of evidence to support
7. Training strategies, methodologies, and investigative actions.
resources Knowledge of
8. Retention strategies and methodologies
9. Talent management and succession planning 1. Protection/preservation of crime scene
2. Evidence collection techniques
3. Requirements of chain of custody
TASK 5: Monitor and ensure an acceptable ethical 4. Methods for preservation/disposition of
climate in accordance with regulatory requirements evidence
and organizational culture. 5. Laws pertaining to the collection,
Knowledge of preservation, and disposition of evidence
1. Governance standards
2. Guidelines for individual and corporate TASK 3: Manage or conduct surveillance processes.
behavior
3. Generally accepted ethical principles Knowledge of
4. Confidential information protection 1. Surveillance and counter-surveillance
techniques and methods techniques
5. Legal and regulatory compliance 2. Technology/equipment and personnel to
conduct surveillance (e.g., Unmanned Aircraft
Systems (UAS), robotics)

3. Laws pertaining to managing surveillance 2. Quality and types of information sources
processes (e.g., open source, social media, government
databases, credit reports)
3. Screening policies and guidelines
TASK 4: Manage and conduct investigations
4. Laws and regulations pertaining to personnel
requiring specialized tools, techniques, and
screening
resources.
Knowledge of TASK 2: Develop, implement, manage, and evaluate
1. Financial and fraud related crimes policies and procedures to protect individuals in the
2. Intellectual property and espionage crimes workplace against human threats (e.g., harassment,
3. Crimes against property (e.g., arson, violence, active assailant).
vandalism, theft, sabotage) Knowledge of
4. Cybercrimes (e.g., distributed denial of
1. Protection techniques and methods
service (DDoS), phishing, ransomware)
2. Threat assessment
5. Crimes against persons (e.g., workplace
3. Prevention, intervention, and response
violence, human trafficking, harassment) tactics
4. Educational and awareness program design
TASK 5: Manage or conduct investigative interviews. and implementation
5. Travel security (e.g., flight planning, global
Knowledge of
threats, consulate services, route selection,
1. Interview and interrogation techniques contingency planning)
2. Techniques for detecting deception 6. Industry/labor regulations and applicable
3. Non-verbal communication and cultural laws
considerations 7. Organizational efforts to reduce employee
4. Rights of interviewees
substance abuse
5. Required components of written statements
6. Legal considerations pertaining to managing
investigative interviews TASK 3: Develop, implement, and manage executive
protection programs.
TASK 6: Provide support to legal counsel in actual or Knowledge of
potential criminal or civil proceedings. 1. Executive protection techniques and
Knowledge of methods
1. Statutes, regulations, and case law governing 2. Threat analysis
or affecting the security industry and the 3. Liaison and resource management
protection of people, property, and techniques
information 4. Selection, costs, and effectiveness of
2. Criminal law and procedures proprietary and contract executive
3. Civil law and procedures protection personnel
4. Employment law (e.g., confidential
information, wrongful termination, DOMAIN FIVE
discrimination, harassment)
Physical Security (16% -- was 25%)
DOMAIN FOUR TASK 1: Conduct facility surveys to determine the
current status of physical security.
Personnel Security (11% -- was 12%)
Knowledge of
TASK 1: Develop, implement, and manage
1. Security protection equipment and
background investigation processes for hiring, personnel (e.g., Unmanned Aircraft Systems
promotion, and retention of individuals. (UAS), robotics)
Knowledge of 2. Survey techniques (e.g., document review,
checklist, onsite visit, stakeholder interviews)
1. Background investigations and personnel 3. Building plans, drawings, and schematics
screening techniques 4. Risk assessment techniques
5. Gap analysis

TASK 2: Select, implement, and manage physical TASK 2: Develop policies and procedures to ensure
security strategies to mitigate security risks. information is evaluated and protected against
Knowledge of vulnerabilities and threats.
1. Fundamentals of security system design
Knowledge of
2. Countermeasures (e.g., policies, technology,
procedures) 1. Principles of information security
3. Budgetary projection development process management
(e.g., technology, hardware, labor) 2. Information security theory and terminology
4. Bid package development and evaluation 3. Information security industry standards (e.g.,
process ISO, PII, PCI)
5. Vendor qualification and selection process 4. Laws and regulations regarding records
6. Testing procedures and final acceptance management including collection, retention,
(e.g., commissioning, factory acceptance legal holds, and disposition practices (e.g.,
test) General Data Protection Regulation (GDPR),
7. Project management techniques biometric information)
8. Cost-benefit analysis techniques 5. Practices to protect proprietary information
9. Labor-technology relationship and intellectual property
6. Information protection measures including
TASK 3: Assess the effectiveness of physical security security processes, physical access systems,
measures by testing and monitoring. and data management
Knowledge of
TASK 3: Implement and manage an integrated
1. Protection personnel, hardware, technology, information security program
and processes
2. Audit and testing techniques (e.g., operation Knowledge of
testing) 1. Information security including confidentiality,
3. Predictive, preventive, and corrective integrity, and availability
maintenance 2. Information security systems methodology
3. Authentication techniques (e.g., multi-factor,
biometrics)
DOMAIN SIX 4. Continuous evaluation and improvement
Information Security (14% -- was 9%) programs
5. Ethical hacking and penetration testing
TASK 1: Conduct surveys to evaluate current status techniques and practices
of information security programs. 6. Encryption and data masking techniques
Knowledge of (e.g., cryptography)
1. Elements of an information security program, 7. Systems integration techniques (e.g.,
including physical security; procedural security; interoperability, licensing, networking)
information systems security; employee 8. Cost-benefit analysis methodology
awareness; and information destruction and 9. Project management techniques
recovery capabilities. 10. Budget review process (e.g., system
2. Survey techniques development lifecycle)
3. Quantitative and qualitative risk assessments 11. Vendor evaluation and selection process
4. Risk mitigation strategies (e.g., technology, 12. Final acceptance and testing procedures
personnel, process, facility design) 13. Protection technology and forensic
5. Cost-benefit analysis methods investigations
6. Protection technology, security threats 14. Training and awareness programs to mitigate
equipment, and procedures (e.g., threats and vulnerabilities (e.g., phishing,
interoperability) social engineering, ransomware, insider
7. Information security threats threats)
8. Integration of facility and system plans,
drawings, and schematics

DOMAIN SEVEN 3. Recovery assistance resources (e.g., mutual
aid, employee assistance program (EAP),
Crisis Management (13% -- was 10%) counseling)
4. Mitigation opportunities in the recovery
TASK 1: Assess and prioritize threats to mitigate
process
potential consequences of incidents.
Knowledge of
1. Threats by type, likelihood of occurrence,
and consequences
2. “All hazards” approach to assessing threats
(e.g., natural disaster, chemical, biological,
radiological, nuclear, explosives (CBRNE))
3. Cost-benefit analysis
4. Mitigation strategies
5. Risk management and business impact
analysis methodology
6. Business continuity standards (e.g., ASIS
ORM.1, ISO 22301)
TASK 2: Prepare and plan how the organization

respond to incidents.
Knowledge of
1. Resource management techniques (e.g.,
mutual aid agreements, MOUs)
2. Emergency planning techniques
3. Triage and damage assessment techniques
4. Communication techniques and notification
protocols (e.g., interoperability, common
operating terms, emergency notification
system)
5. Training and exercise techniques (e.g.,
tabletop and full-scale exercises)
6. Emergency operations center (EOC) concepts
and design
7. Primary roles and duties in an Incident
Command Structure (ICS) (e.g., information
dissemination, liaison, Public Information
Officer (PIO))
TASK 3: Respond to and manage an incident.

Knowledge of
1. Resource allocation
2. Emergency Operations Centre (EOC)
management principles and practices
3. Incident management systems and protocols
TASK 4: Manage incident recovery and resumption

of operations.
Knowledge of
1. Resource management
2. Short- and long-term recovery strategies

Professional Certified Investigator
Certification is applicable to a wide range of
PCI: BOARD CERTIFICATION IN specialized investigations, including:
INVESTIGATIONS Arson, Child Abuse, Forensics, Gaming, Healthcare
The Professional Certified Investigator (PCI®) fraud, High Tech Crime, Insurance Fraud, Loss
credential provides demonstrable proof of knowledge Prevention, Narcotics, Property and Casualty, Threat
and experience in case management, evidence Assessment, White Collar Crime, and Workplace
collection, and preparation of reports and testimony Violence
to substantiate findings.
Earning a PCI provides independent confirmation of PCI BODY OF KNOWLEDGE

specialized skills in security investigations, including To be awarded the PCI designation, a candidate must
case evaluation and review of options for case pass a comprehensive examination consisting of
management strategies. It validates your ability to approximately 140 multiple-choice questions. The
collect information through the effective use of candidate will select one answer from the four
surveillance, interviews, and interrogations. choices offered. In total, there are 125 “live,”
Knowledge in three major areas (domains) is tested.
PCI ELIGIBILITY REQUIREMENTS
Candidates wishing to take the PCI examination must The importance of each domain, and the tasks,
meet the following eligibility requirements: knowledge, and skills within it, determine the
specifications of the PCI examination. The relative
Without higher education degree: order of importance of the domains determines the
Five (5) years of investigations experience (or four percentage of total exam questions.
years if you already hold an APP), including at least
two years in case management* DOMAIN ONE
With a higher education degree:
Case Management (35%)
Master’s Degree or international equivalent from an TASK 1: Analyze case for applicable ethical conflicts.
accredited institution of higher education and have Knowledge of
three (3) years of investigations experience,
1. Nature/types/categories of ethical issues
including at least two years in case management* related to cases (fiduciary, conflict of
OR interest, attorney-client)
Bachelor’s Degree or international equivalent from 2. The role of laws, codes, regulations and
an accredited institution of higher education and organizational governance in conducting
have four (4) years of investigations experience (or investigations
three years if you already hold an APP), including at
least two years in case management* TASK 2: Analyze and assess case elements, strategies
and risks.
*Case Management is defined as the coordination
Knowledge of
and direction of an investigation using various
1. Case categories (computer, white collar,
disciplines and resources, the finding of which would financial, criminal, workplace violence)
be assessed to establish the facts/findings of the 2. Qualitative and quantitative analytical
investigation as a whole, the management process of methods and tools
investigation. 3. Strategic/operational analysis
4. Criminal intelligence analysis

5. Risk identification and impact 3. Subject statement documentation
6. ASIS Workplace Violence standard
TASK 3: Collect and preserve potential evidentiary
TASK 3: Determine investigative goals and develop materials for assessment and analysis.
strategy by reviewing procedural options. Knowledge of
Knowledge of 1. Forensic opportunities and resources
1. Case flow 2. Requirements of chain of custody
2. Negotiation process 3. Methods/procedures for seizure of various
3. Investigative methods types of evidence
4. Cost-benefit analysis 4. Methods/procedures for preserving various
types of evidence
TASK 4: Determine and manage investigative 5. Concepts and principles of digital forensics
resources necessary to address case objectives. 6. Retrieval, storage, and documentation of
digital information
Knowledge of 7. Concepts and principles of computer
1. Quality assurance process operations and digital media
2. Chain of custody procedures
3. Resource requirements and allocation (e.g., TASK 4: Conduct research by physical and electronic
personnel, equipment, time, budget) means to obtain relevant information.
Knowledge of
TASK 5: Identify, evaluate and implement
investigative process improvement opportunities. 1. Methods of research using physical
resources
Knowledge of 2. Methods of research using information
1. Internal review (e.g., management, legal, technology
human resources) 3. Methods of analysis of research results
2. External review (e.g., regulatory bodies, 4. Research documentation
accreditation agency) 5. Information sources (e.g., government,
3. Liaison resources proprietary, open)
4. Root cause analysis and process 6. Digital media capabilities
improvement techniques
TASK 5: Collaborate with and obtain information
DOMAIN TWO from other agencies and organizations possessing
relevant information.
Investigative Techniques and Procedures
Knowledge of
(50%)
1. External information sources
TASK 1: Conduct surveillance by physical, behavioral, 2. Liaison techniques
and electronic means in order to obtain relevant 3. Techniques for integrating and synthesizing
information. external information
Knowledge of
TASK 6: Use special investigative techniques to
1. Types of surveillance
obtain relevant information.
2. Surveillance equipment
3. Pre-surveillance routines Knowledge of
4. Procedures for documenting surveillance 1. Concepts and methods of polygraph
activities examinations
2. Concepts, principles, and methods of
TASK 2: Conduct interviews of individuals to obtain video/audio recordings
relevant information. 3. Concepts, principles, and methods of forensic
analysis (e.g., writing, documents, fingerprints,
Knowledge of DNA, biometrics, chemicals, fluids, etc.)
1. Interview techniques 4. Concepts, principles, and methods of
2. Indicators of deception (e.g., non-verbal undercover investigations
communication)

5. Concepts, principles, and methods of threat
assessment
6. Use of confidential sources
7. Concepts, principles, and methods of applying
IT hardware and software tools
DOMAIN THREE
Case Presentation (15%)
TASK 1: Prepare report to substantiate investigative
findings.
Knowledge of
1. Critical elements and format of an investigative
2. report
3. Investigative terminology
4. Logical sequencing of information
TASK 2: Prepare and present testimony.

Knowledge of
1. Types of testimony
2. Preparation for testimony

Physical Security Professional
PSP: BOARD CERTIFICATION IN a.) Experience as a security professional in the

PHYSICAL SECURITY protection of assets, in the public or private sector,
criminal justice system, government intelligence, or
The Physical Security Professional (PSP®) credential
provides demonstrable proof of knowledge and investigative agencies
experience in threat assessment and risk analysis;
b.) Experience with companies, associations,
integrated physical security systems; and the
government, or other organizations providing
appropriate identification, implementation, and
ongoing evaluation of security measures. services or products, including consulting firms,
provided the duties and responsibilities
Earning a PSP demonstrates your expertise in substantively relate to the design, evaluation,
conducting physical security surveys to identify and application of systems, programs, or
vulnerabilities and performing cost analysis for the
equipment, or development and operation of
selection of integrated physical security measures. In
addition, it confirms your specialized knowledge in services, for protection of assets in the private or
systems procurement, final acceptance testing, and public sectors.
implementation procedures.
c.) Experience as a full-time educator on the faculty
PSP ELIGIBILITY REQUIREMENTS of an accredited educational institution, provided
the responsibilities for courses and other duties
Candidates wishing to take the PSP examination must
relate primarily to knowledge areas pertinent to
meet the following eligibility requirements:
Without higher education degree: assets programs in the public or private sectors.
Five (5) years of physical security experience* (or
four years if you already hold an APP)
PSP BODY OF KNOWLEDGE
With a higher education degree: To be awarded the PSP designation, a candidate must
Master’s Degree or international equivalent* from pass a comprehensive examination consisting of
an accredited institution of higher education and have approximately 140 multiple-choice questions. The
candidate will select one answer from the four
three (3) years of physical security experience
choices offered. In total, there are 125 “live,”
OR
Bachelor’s Degree or international equivalent* from
Knowledge in three major areas (domains) is tested.
an accredited institution of higher education and
have four (4) years of physical security experience importance of each domain, and the tasks,
(or three years if you already hold an APP) knowledge, and skills within it, determine the
specifications of the PSP examination. The relative
*Experience is defined as the individual having been order of importance of the domains determines the
personally engaged in security or loss prevention on a percentage of total exam questions.
full-time basis or as a primary duty. Included is:
In 2022, ASIS conducted a job analysis study to ensure
the PSP Body of Knowledge still represents the
knowledge and skills needed to be a successful
physical security manager. Only minor changes were

made and noted below in green (these minor changes Knowledge of:
were made by the subject matter experts for better 1. Relevant data and methods for collection
(e.g., security survey, interviews, incident
clarity). Exam questions regarding these updates will
reports, crime statistics, personnel issues,
start to appear on the exam in late 2023. issues experienced by other similar
organizations)
2. Effectiveness of current security
DOMAIN ONE technologies/equipment, personnel, and
Physical Security Assessment (34%) procedures
3. Interpretation of building plans, drawings,
Task 1: Develop a physical security assessment plan. and schematics
Knowledge of: 4. Applicable standards/regulations/codes and
1. Key area or critical asset identification where to find them
2. Risk assessment models and considerations 5. Environmental factors and conditions (e.g.,
(e.g., inside-outward, outside-inward, site- facility location, architectural barriers,
specific risk assessment, functional lighting, entrances) that impact physical
approach) security]
3. Qualitative and quantitative assessment
methods Task 5: Perform a risk analysis to develop
4. Types of resources & guidelines needed for countermeasures.
the assessment (e.g., stakeholders, budget, Knowledge of:
equipment, policies, standards) 1. Risk analysis strategies and methods
2. Risk management principles
Task 2: Identify assets to determine their value, 3. Analysis and interpretation of collected data
critically, and loss impact. 4. Threat/hazard and vulnerability
Knowledge of: identification
1. Definitions and terminology related to 5. Loss event profile analyses (e.g.,
assets, value, loss impact, and criticality consequences)
2. The nature and types of assets (tangible and 6. Appropriate countermeasures related to
intangible) specific risks
3. How to determine value for various types of 7. Cost benefit analysis (e.g., return on
assets and business operations investment (ROI), total cost of ownership)
8. Legal and regulatory considerations related
Task 3: Assess the nature of the threats and hazards to various countermeasures/security
so that the risk can be determined. applications (e.g., video surveillance, privacy
Knowledge of: issues, personally identifiable information,
1. The nature, types, severity, and likelihood of life safety)
threats and hazards (e.g., natural disasters,
cyber, criminal events, terrorism, socio- DOMAIN TWO
political, cultural) Application, Design, and Integration of
2. Operating environment (e.g., geography,
socioeconomic environment, criminal
Physical Security Systems [35%]
activity, existing security countermeasures,
security risk level) Task 1: Establish security program performance
3. Potential impact of external organizations requirements.
(e.g., competitors, organizations in Knowledge of:
immediate proximity) on facility's security 1. Design constraints (e.g., regulations, budget,
program materials, system compatibility)
4. Other internal and external factors (e.g., 2. Incorporation of risk analysis results in
legal, loss of reputation, economic, supply design
chain) and their impact on the facility's 3. Relevant security terminology (e.g., punch
security program list, field test)
4. Relevant security concepts (e.g., CPTED,
Task 4: Conduct an assessment to identify and defense-in-depth, the 4 Ds- deter, detect,
quantify vulnerabilities of the organization. delay, deny)
5. Applicable codes, standards, and guidelines

6. Operational requirements (e.g., policies, 5. Project management concepts
procedures, staffing) 6. Scheduling (e.g., Gantt charts, PERT charts,
7. Functional requirements (e.g., system milestones, objectives)
capabilities, features, fault tolerance) 7. Cost estimation and cost-benefit analysis of
8. Performance requirements (e.g., technical design options (e.g., value engineering)
capability, systems design capacities)
9. Success metrics DOMAIN THREE
Task 2: Determine appropriate physical security
Implementation of Physical Security
countermeasures. Measures [31%]
Knowledge of:
1. Structural security measures (e.g., barriers, Task 1: Outline criteria for pre-bid meeting.
lighting, locks, blast mitigation, ballistic Knowledge of:
protection) 1. Bid process (e.g., site visits, RFI, substitution
2. Crime prevention through environmental requests, pre-bid meeting)
design (CPTED) 2. Bid package types (e.g., RFP, RFQ, IFB, sole
3. Electronic security systems (e.g., access source)
control, video surveillance, intrusion 3. Bid package components (e.g., project
detection) timelines, costs, personnel, documentation,
4. Security staffing (e.g., officers, technicians, scope of work)
management, administration) 4. Criteria for evaluation of bids (e.g., cost,
5. Personnel, package, and vehicle screening experience, scheduling, certification,
6. Emergency notification systems (e.g., mass resources)
notifications, public address, two-way 5. Technical compliance criteria
intercom) 6. Ethics in contracting
7. Principles of data storage and management
(e.g., cloud, on-premise, redundancy, Task 2: Develop procurement plan for goods and
retention, user permissions, personally services.
identifiable information, regulatory Knowledge of:
requirements) 1. Vendor evaluation and selection (e.g.,
8. Principles of network infrastructure and interviews, due diligence, reference checks)
physical network security (e.g., token ring, 2. Project management functions and
LAN/WAN, VPN, DHCP vs. static, TCP/IP) processes
9. Security audio communications (e.g., radio, 3. Procurement process
telephone, intercom, IP audio)
10. Systems monitoring and display (e.g., control Task 3: Manage implementation of goods and
centers/consoles, central monitoring station) services.
11. Primary and backup power sources (e.g., Knowledge of:
grid, battery, UPS, generators, 1. Installation and inspection techniques
alternative/renewable) 2. Systems integrations
12. Signal and data transmission methods (e.g., 3. Commissioning
copper, fiber, wireless) 4. Installation problem resolution (e.g., punch
13. Visitor and vendor management policies lists)
5. Systems configuration management (e.g., as-
Task 3: Design physical security systems and project built drawings)
documentation. 6. Final acceptance testing criteria (e.g., system
Knowledge of: acceptance testing, factory acceptance
1. Design phases (e.g., pre-design, schematic testing)
development, construction, documentation) 7. End-user training requirements
2. Design elements (e.g., calculations, drawings,
specifications, review, technical data) Task 4: Develop requirements for personnel involved
3. Construction specification standards (e.g., in support of the security program.
Constructions Specifications Institute, Knowledge of:
Owner’s equipment standards, American 1. Roles, responsibilities, and limitations of
Institute of Architects (AIA) MasterSpec) security personnel (including proprietary [in-
4. Systems integration house] and contract security staff)

2. Human resource management (e.g.,
establishing KPIs, performance review,
improvement processes, recruiting,
onboarding, progressive discipline)
1. Security personnel professional development
(e.g., training, certification)
2. General, post, and special orders
3. Security personnel uniforms and equipment
4. Security awareness training and education
for non-security personnel
Task 5: Monitor and evaluate program throughout

the system life cycle.
Knowledge of:
1. Maintenance of systems and hardware (e.g.,
preventative, corrective, upgrades,
calibration, service agreements)
2. Warranty types (e.g., manufacturer,
installation, replacement parts, extended)
3. Ongoing system training (e.g., system
upgrades, manufacturer’s certification)
4. System evaluation and replacement process

◆ Resumé or CV detailing your work
TAKING EXAMS REMOTELY experience as it relates to the security
ASIS offers remotely proctored exams that you can industry and aligns with the domains of the
take in the comfort of your home. The exams are the certification exam you for which are applying
same high caliber as they have always been but now ◆ Names and contact information for three
you do not have to travel to a Prometric test center to references who can verify your work
sit for the exam. When you schedule your exam, you experience
will decide whether to take the exam at a Prometric ◆ Name of supervisor who can verify your
test center or by using Prometric’s ProProctor option. employment
And while there will be no difference in the exams
themselves, there are additional technical All foreign-language submissions must be
requirements you must have if you select the accompanied with an English translation.
ProProctor exam delivery option.
Deadline Reminders
DUE TO FIREWALL SECURITIES, IT IS HIGHLY
RECOMMENDED THAT YOU DO NOT TAKE A ASIS will send periodic reminders about deadlines (e.g.,
REMOTELY PROCTORED EXAM ON YOUR COMPANY scheduling an exam, requests for additional
COMPUTER. Please read the Technical Requirements information); however, meeting and adhering to
and Other FAQs and Know Before You Test deadlines are ultimately the responsibility of the
information before deciding which testing method is applicant. ASIS cannot guarantee that you have received
best for you. and/or read any correspondence.
Common problems encountered during a remotely Please make sure your contact information –
proctored exam include: especially your email address – is current in your
online account. Also make sure to whitelist emails
◆ Weak internet connection or bandwidth from asisonline.org.
issues.
◆ Camera or microphone not working.
◆ Proper ID not provided to proctor APPLICATION FEES
ASIS exams are offered at Prometric test centers
If your internet bandwidth is poor and you lose throughout the world or through Prometric’s
internet connectivity and/or your webcam and ProProctor platform, which allows you to take the
microphone are inoperable, and you are not able to exam at your home.
complete your exam, you will forfeit the exam fee In January 2022, the ASIS Global Board of Directors
paid and will have to pay an exam retake fee in order voted to raise the certification fees as outlined below.
to test within your two-year eligibility period The ASIS Board also approved special fees for those
individuals who live in Emerging Markets, as
APPLYING FOR THE EXAMS identified by the World Bank.
The certification application must be filled out online. View the list of countries identified as Emerging
Markets by the World Bank.
Once your application has been reviewed and approved,
To receive the member discount, please become a
you will receive an authorization to test email with
instructions on how to schedule your exam. Please allow member BEFORE submitting your certification
approximately two to three weeks for your application to application.
be reviewed.
Fees for the CPP, PCI, and PSP:
Make sure the name you submit on your application
EXACTLY matches the name of your government-
ASIS members: $550
issued photo ID. If they do not match, you will not Emerging Market 1: $450
be permitted to take the exam. Emerging Market 2: $430
Nonmembers: $855
Application Documents You’ll Need: Emerging Market 1: $680
◆ Unofficial transcription from an accredited Emerging Market 2: $645
institution of higher education (if applicable)

Fees for the APP: ◆ Your eligibility ID (ASIS ID), which you’ll need
to schedule your exam date
ASIS members: $280 ◆ Instructions for scheduling your exam
Emerging Market 1: $250 ◆ Studying suggestions
Emerging Market 2: $240 You have two years and up to three attempts from
Nonmembers: $585 the date of the authorization to test email to take and
Emerging Market 1: $475 pass your exam before you must reapply.
Emerging Market 2: $455 Remember the name on your IDs must exactly
match the name on your authorization to test email.
Note: All fees include a nonrefundable $150.
ASIS study materials, which are recommended but Appealing a Decision
not required, must be purchased separately.
An appeal procedure is available to any individual
who has applied for or received an ASIS certification
Refunds
and wants to contest any adverse decision. This policy
If your application is cancelled or denied for any applies only to the procedural aspects of the
reason, you will receive a refund of your fee minus a credentialing process. Those areas not subject to
$150 nonrefundable processing fee.
appeal are further identified under the section
If your application is approved and you fail to heading “General Principles Relating to Appeals” at
schedule and take the exam within the two-year
the end of this section. Any individual who does not
eligibility (candidacy) period, you will not receive a
refund. file a written request for an appeal within the
required time limit shall waive the right to appeal.
Retesting Submitting an appeal will not result in any
discriminatory actions against the appellant.
Candidates may only take the exam up to three times in
their two-year eligibility period. In addition, there must Throughout the certification process, individuals may
be 90 days between each testing date. Those who fail appeal certain decisions made by ASIS. Examples of
the exam three times may reapply to take exam after
appeals include:
their eligibility period ends.
◆ Decisions regarding eligibility
Retest fees for the CPP, PCI, and PSP: ◆ Eligibility time limits
ASIS members and nonmembers: $455 ◆ Recertification CPE interpretations
◆ Criminal Convictions
Emerging Market 1: $340
◆ Unauthorized Use
Emerging Market 2: $315
To appeal a decision regarding your certification, the
Retest fees for the APP: following is required:
ASIS members and nonmembers: $300 ◆ Appeals must be submitted within 30 days of
Emerging Market 1: $225 an applicant receiving notification of an
Emerging Market 2: $210 adverse decision, with day one as the date of
the applicant’s notification email.
Candidates paying the retesting fee will receive an ◆ A letter must be submitted explaining
exam retake authorization email from ASIS after the actions being appealed to
retake eligibility is in Prometric’s scheduling system. certification@asisonline.org
Once the exam retake authorization email has been ◆ Appeals must be sent by mail or email. If
received, a new exam appointment can be made. sent by mail, ASIS strongly suggests sending
Retest fees are nonrefundable. by certified or express mail so the package
can be traced
Approval Notification from ASIS ◆ Appeal must be submitted to the PCB
Certificant Relations Committee
If you are approved to take an ASIS certification exam, ◆ Appeals must identify the adverse decision
an authorization to test email will be emailed to you. being appealed and state the reasons for the
This letter will include: appeal. Any new or additional information

for consideration should be included in the
letter
SCHEDULING YOUR EXAM
Appeals should be sent to: After you receive your Approval to Test email from
ASIS, you will go to the Prometric website to schedule
PCB Certificant Relations Committee your exam.
c/o ASIS International
1625 Prince Street There are now two ways to take your exam. You will
have the option to:
Alexandria, VA 22314
Attn: Certification Department 1. Take the exam in a Prometric testing center.
certification@asisonline.org OR
2. Take the exam through Prometric’s remote
PCB Certificant Relations Appeal Process proctored ProProctor platform using your
◆ Once the written appeal has been received, own computer (company-owned computers
the ASIS Certification Team will log the are not recommended). If you choose to take
appeal in the appropriate database. the exam using ProProctor, please make sure
◆ The appeal will be evaluated by the you can meet these technical requirements.
Certification Director for compliance with Our exams are offered year-round. You will not be
ASIS appeal submission policies. able to schedule your exam until you have been
◆ The appeal and related materials will be
approved to take the exam and have received the
forwarded to the PCB Certificant Relations authorization to test email.
Committee for a decision. The committee
will make its best effort to make a decision
within 90 days of receipt of the appeal. ASIS
Making Your Exam Appointment
may have this decision reviewed by legal Online scheduling
counsel prior to being sent to appellant. The exam can be scheduled online at
◆ A record of the appeal decision will be prometric.com/asis
recorded and logged into the appeals
You will be asked for:
tracking spreadsheet and in the appellant’s
online record. ◆ Your Eligibility ID, which can be found on
◆ Whenever possible, the appellant will your authorization to test email (your ASIS
receive progress reports of the process and Contact Number or Member ID)
will be notified in writing of the decision of ◆ The first four letters of your last (sur) name
the Certificant Relations Committee and the Scheduling by Phone
reasons for that decision within 30 days of Prometric: +1.800.699.4975, Monday – Friday, 8:00
the review. am - 8:00 pm (EST) and Saturday 8:00 am - 4:00 pm
◆ The Committee’s decisions are final and may (EST)
not be appealed.
Prometric will help you select the optimal test date,
General Principles Relating to Appeals location (Testing Center or Remote Proctored), and
answer questions about the testing process.
◆ Appeals will be considered for hardships as
outlined in the ASIS Extension Policies. Candidates will be given a confirmation number to
◆ Appeals will be considered if the appellant bring to the testing center at the time of the exam. If
feels ASIS Staff made an error in the scheduling a remotely proctored exam, you will need
application review. to have this confirmation number available to provide
◆ ASIS eligibility requirements as well as the to your proctor.
other policies of the certification program
cannot be appealed. Confirmation Email from Prometric
◆ The passing score of the exam cannot be Once your exam appointment is confirmed, Prometric
appealed. will send you an email with your exam date, time,
location (Testing Center or Remote Proctored), and
confirmation number. Make sure to print out this
letter and have with you on testing day along with
two forms of identification, one of which must be a
government-issued photo ID (such as a passport or

driver’s license, employee ID card, state ID card).
Acceptable forms of secondary ID include credit card, Cancellation Policy
check card, ATM card and both must have the
candidate’s signature. (Social Security cards and military Note: Cancellation policies apply to both test center
IDs are not an acceptable form of identification.) and remotely proctored exams.
Choosing Your Exam (English or Spanish) Due to frequent cancellations and short notification
The CPP, PCI, PSP, and APP exams are administered in rescheduling, Prometric has indicated that there may
English and Spanish. For the Spanish-language exams, be inadequate capacity at centers where the ASIS
you are also given an English translation. During the International examinations are administered.
online application process, you will choose the Managing the process of scheduling and rescheduling
language for your exam (English or Spanish). Those appointments is critical to ensure that all candidates
who select a Spanish-language exam will be assigned can obtain a testing appointment on the date and time
a Spanish-speaking proctor. requested.
To provide a first-choice experience for all candidates,

Testing Accommodations for Candidates Prometric will charge a reschedule/cancellation fee.
with Disabilities and Other Special This fee will be assessed either at Prometric.com/ASIS
if the candidate reschedules or cancels online, or via
Considerations
phone +1.800.699.4975 through Prometric’s
All ASIS programs comply with the Americans with customer service.
Disabilities Act and are non-discriminatory. If specific
testing arrangements are needed due a disability If a candidate reschedules or cancels 31 or more days
condition, candidates may request special before the scheduled test day, there is no charge.
accommodations by checking the “Disabled/Special If a candidate reschedules or cancels 4-30 days before
Access Required” on the online application and the scheduled test day, there is a fee of $62.50 per
explaining the accommodation needed in the text box reschedule. Candidates cannot reschedule three or less
provided when completing their application. Special days before their scheduled testing date. All
testing accommodations must be approved by ASIS rescheduling or cancellation fees are to be made directly
prior to scheduling your exam. You will be required
through Prometric.
to provide documentation before ASIS can approve
your request. Requests are reviewed and approved If a candidate is a “no show” and does not adhere to
on a case-by-case basis. the above procedures, the full candidate testing fee is
forfeited. You may schedule a new exam and pay the
Extension Policies – Exam Applications retest fee.
ASIS does not grant extensions due to job demands, Note that you may only take the exam up to three
company budgets, employment status, personal times during your two-year candidacy. Once your
finances, changes in marital status, changes in mailing two-year candidacy has expired, you must reapply to
address, and other personal or professional reasons. take the exam and pay the applicable fees.
Extensions may be granted if there is a severe Cancellation policies apply to both test center and
hardship such as a major medical emergency in the remotely proctored exams. Prometric makes NO
immediate family, a natural disaster, or if on active exceptions to this rule.
military duty and deployed into a remote or
hazardous area. The applicant is required to provide “No Shows”
documentation of extenuating circumstances (e.g.,
doctor’s note). Military personnel will need to verify If you fail to cancel or reschedule your exam and you
their deployment status by submitting a copy of do not take the exam on the scheduled day, you will
official deployment orders. This does not apply to be considered a “no show” and all testing fees will be
individuals who are military contractors. Severe forfeited. ASIS understands that emergencies do
hardship must be documented and verifiable. happen. If you do not appear for your exam for any of
the following reasons, you will have 14 days from
In times of crises that affect many people at one time your scheduled appointment day to provide the
(e.g., pandemic, national emergencies, natural documentation below and reschedule your exam:
disasters), extension policies may be modified in the 1. Death in the immediate family
short term. All affected by the crisis will be notified of
the policy changes.

◆ Death certificate or doctor’s note, which a locker during the exam, so please limit what you
must be signed by a licensed physician or bring to the testing center.
mortician and include contact information
Jewelry outside of wedding and engagement rings is
2. Serious injury or disabling injury (to yourself or prohibited and all hair accessories are subject to
immediate family member) inspection. Please refrain from using ornate clips,
Doctor’s note, with date of medical visit. The combs, barrettes, headbands, and other hair
documentation: accessories as you may be prohibited from wearing
◆ Should explain that the onset of the illness or them into the testing room and asked to store them
injury was 24 hours before the exam in your locker. Violation of security protocol may
◆ Must be signed by a licensed physician and result in confiscation of prohibited devices and filing a
include contact information report with local authorities.
◆ Does not need to include details of the
illness or emergency, but the doctor should Check-in for Remotely Proctored Exams
indicate that the condition prevented the Candidates testing with a remotely proctored exam
candidate from testing should make sure you allow 15 minutes to prepare
3. Court appearance or jury duty your testing environment. Due to increased security
protocols, we strongly recommend NOT taking the
◆ Court or jury summons, subpoena, which
exam on a company-owned computer.
must include date and your name
4. Military duty Check-in for remotely proctored exams is a two-step
process:
◆ Duty letter, which must include date and
your name STEP ONE – Checking Your Identification
ASIS reserves the right to request additional evidence Image Capture – Using the ProProctor software, you
to support your reason for failing to appear. If ASIS will take and capture a picture of your face.
and Prometric accept the explanation, you will be
permitted to schedule a new appointment within ID Capture – Next, you will capture a photo of your ID
your eligibility period without paying the rescheduling (see Check-in ID Requirements below for acceptable
fee. ID). For those taking the exam remotely, you will only
need one form of ID.
ON EXAM DAY Checklist – You will review the checklist on screen to
No matter whether you are taking the exam at a ensure you are ready to launch the exam
testing center or taking it through remote proctoring,
you will be required to follow specific check-in STEP TWO – Meet Your Prometric Readiness Agent
procedures. Candidate Detail Confirmation – You will have a
video chat with the agent to confirm your personal
Check-in at a Prometric Testing Center information
Plan to arrive at the testing center 30 minutes before 360 Environmental Check – Using your webcam, you
the scheduled appointment to allow time for check-in will show the agent a 360-degree scan of your room
procedures. If you will be driving, identify in advance and your workstation. You’ll need a medium/large
the exact location, the best route, and where to park. hand-held mirror so Readiness Agent can see your
If you arrive more than 15 minutes late, Prometric computer. NOTE: DO NOT HAVE YOUR LAPTOP
Testing Center staff may choose not to seat you if HOOKED TO A DOCKING STATION.
doing so would disrupt other exam takers. If this Candidate Person Check – Your Readiness Agent will
occurs, your exam registration fees will not be ask you to stand up to do a scan of your person. This
refunded. There are no exceptions to this rule. scan will include – but is not limited to – conducting a
sleeve, pocket, and glasses check. Additionally, you
What to Bring and Not Bring to Testing will be asked to turn all pockets inside out. NOTE:
Center EMPTY YOUR POCKETS BEFOFE STARTING THE CHECK-
IN PROCESS.
For test security reasons, all personal items such as
purses, book bags, cell phones, etc., must be placed in

Check-in ID Requirements Sound Distractions Alternatives
You must have the following items, or you will not be Candidates can bring their own small earplugs to the
center with them. You must present the ear plugs to
allowed to take the exam:
the test center proctors for examination before
Two forms of identification are required at the test entering the testing room. Note that candidates may
center (only one form of ID is needed for those not bring their own large headphone-style noise
taking the exam remotely), one of which must be a reducers without a special accommodation.
government-issued photo ID (such as a passport,
driver’s license, employee ID card, state ID card). Candidates may opt to use the noise-reducing
Acceptable forms of secondary ID include credit card, headphones available at Prometric sites. These are
check card, ATM card and both must have the large “airport” style headphones and may be
candidate’s signature. (Social Security cards and military uncomfortable when worn for a long period. There
IDs are not an acceptable form of identification.) are no small earplug-type noise reducers available at
Prometric centers.
Only your first and last/surname on your approval
letter from ASIS and identifications must match Eating, drinking, and smoking are not permitted during
EXACTLY or you may NOT be permitted to test. This the exam. If you bring a jacket or sweater, you will be
includes abbreviated or hyphenated names. required to wear it at all times in the testing room.
Prometric Confirmation Email and Number (from the Visitors are not allowed in the test center, and childcare
is not provided.
email you get from Prometric when you schedule your
exam).
During the Exam
If you are testing outside your country of citizenship,
you must present a valid passport. If you are testing in Once you have completed the check-in process, you
your country of citizenship, you may present a will be assigned to a testing station or to a remote
passport, driver’s license, or national ID. Expired IDs proctor.
and military IDs will not be accepted.
At a testing station
If you fail to bring/have the proper identification,
◆ You will be provided with erasable note
you will not be allowed to take the exam and will
boards and dry erase markers.
forfeit the exam fee.
◆ No scratch paper, dictionaries, books, notes, or
Security Measures at Testing Center other personal aids are permitted in the testing
Prometric testing center staff are not allowed to pat area.
down a candidate during the check-in process and ◆ To use the restroom, candidates must notify the
they will use a security wand (similar to those used at test center administrator (TCA) or remote
airports), to check candidates for any type of cheating proctor; however, if you take a break, the time
devices. This is in addition to having the candidates clock on the exam is not stopped.
turn their pockets inside out. ◆ No breaks are scheduled.
◆ No conversation about the test is permitted
◆ The performance of all candidates is monitored
with the TCA, proctors, or other test takers.
and may be analyzed to detect fraud.
Candidates who violate security measures will Your remote setting must meet the following
not have their exams scores validated by ASIS. requirements:
◆ If you offer or receive help during the exam, you
◆ Testing location must be indoors (walled),
will be escorted from the testing center and
well lit, free from background noise and
reported to the PCB. Your exam will not be
disruptions.
scored, exam fees will not be refunded, and you ◆ No third party may be present in the room or
will be prohibited from taking the exam again. enter the room for the duration of the exam.
◆ All exam materials, including all questions and all If this occurs, your exam will be terminated
forms of the exam, are copyrighted and the and/or your results invalidated.
property of ASIS. Any distribution of these ◆ Your workstation and surrounding area must
materials through reproduction or oral or written be free of pens, paper, electronic devices,
communication is strictly prohibited and etc.
punishable by law.

◆ Two tissues are permitted at workstation but testing center, please check the Prometric site
must be inspected by the Proctor prior to closure website at
start of exam. https://www.prometric.com/closures
A 15-minute onscreen tutorial will orient you to the

features of the computer testing environment. When HOW ARE THE EXAMS STRUCTURED?
you have completed the tutorial, you will start the All ASIS certification exams are multiple choice. You
exam. will be provided four possible answers, only one of
which will be correct. Following are the number of
Test Taking Tips exam items (questions) per exam and the maximum
◆ Relax! Reducing physical stress will help you time you are permitted to complete and submit the
be more alert. exam:
◆ Find the right work pace. Don’t rush or go
◆ CPP – 200 “live” (scoreable) and 25 pre-test
too slowly. Find a pace that is comfortable.
(unscored) items. 4 hours.
◆ Follow the directions and work carefully.
◆ PSP – 125 “live” (scoreable) and 15 pre-test
◆ Read all the options for each question before
(unscored) items. 2.5 hours.
marking the answer.
◆ PCI – 125 “live” (scoreable) and 15 pre-test
◆ Skip difficult questions. You can mark questions
(unscored) items. 2.5 hours.
to come back to later. If you’re still not sure,
◆ APP – 100 “live” (scoreable) and 25 pre-test
make an informed guess.
2 hours
◆ Both unanswered questions and wrong answers
are counted as wrong responses. Your score is There will be a timer on your computer screen
based on the total number of correct responses. showing how much time you have left. Please make
◆ Keep an eye on the exam timer (on your sure that you have answered all the items. Any
screen). If you do not submit your exam before unanswered items will be marked incorrect.
your time is over, the exam will automatically
shut off when the time runs out. Scoring the Exam
All ASIS exams use the “scaled score” method to
Exam Results determine the passing point of each exam question.
Once you submit your exam, you will be directed to Before a question is presented on the exam, it is pre-
answer a short survey before you receive your score. tested. This allows Prometric’s psychometricians to
These preliminary results will be emailed to the email weigh the performance of each question and its level
address you provided to Prometric (allow up to five of difficulty.
hours to receive this email). Official verification of
Individual questions are given a weighted/scaled
your score will be sent to you by ASIS approximately
score based on level of difficulty. A scaled score is a
three weeks after you take the exam. You can also call
transformed raw exam score (the number of exam
go to Prometric’s website to retrieve your score questions answered correctly). To interpret any exam
report (you will be asked for your confirmation
score, a uniform frame of reference is required.
number and last name).
Scaled scores provide that frame of reference based
End-of-Exam Survey on the standard adopted by ASIS regarding the level
of knowledge necessary to pass the exams without
After you submit your exam and before you receive
regard to the specific exam version taken.
your preliminary results, you will be asked to complete
a short survey. This is your opportunity to tell both ASIS This explains why each exam may have a different
and Prometric about your testing experience. Your number of questions per domain area. A scaled score
comments will have no bearing on your exam score. ASIS of at least 650 is required to pass the exam. A scaled
uses the results of this survey to enhance our score is neither the number of questions you
certification procedures. answered correctly nor the percentage of questions
you answered correctly.
Weather Emergencies
The passing score was established via a systematic
If severe weather, natural disaster, or other such procedure (standard setting study) that employed the
incidents make a testing center inaccessible or judgment of a representative group of ASIS-certified
unsafe, the exam may be rescheduled or cancelled professionals with the assistance of exam
(at no cost to the candidate). To check on your development experts from Prometric. This group of

subject matter experts recommended a standard to material. Each is available for individual purchase or
ASIS for what a minimally competent security as the set depicted below.
professional needs to know about the tested content
to obtain a passing score. Each ITEM on the computer- • Protection of Assets (POA)
based test is electronically scored based on how the POA is a comprehensive reference covering a range of
item performed during pre-test. Because of this technical and managerial subjects providing the
method, it is virtually impossible for your exam score solutions necessary to meet the security demands of
to be incorrect; therefore, exams taken by computer- the 21st century. The POA was updated in June 2021.
based testing are not eligible for a hand score. • Online
• Print (bundle)
STUDYING FOR THE EXAM • ASIS Standards & Guidelines
ASIS certification exams are experience-based. ASIS Standards set forth industry-recommended best
Therefore, the more hands-on experience you have practices on specific concerns inherent to the security
related to the body of knowledge, the more industry and provide tools and processes for
successful you’ll be on the exam. Everybody has a implementation. Along with POA, these seven
different studying preference: some like to study by standards and guidelines make up the CPP reference
themselves and others prefer a group study set. Standards: CSO, ORM.1, WVPI AA, PAP;
approach. ASIS does not require any one method of Guidelines: GSRA, IAP, PBS.
studying but we do offer the following
• Free Online Access for ASIS Members
recommendations:
• Standards & Guidelines CPP softcover
Start with the body of knowledge. Read each domain bundle
carefully and make an honest assessment of your own
PROFESSIONAL CERTIFIED INVESTIGATOR
experience. This will help you decide where you need to
concentrate your studying efforts. Two publications now comprise the PCI reference
materials.
◆ ASIS Self-Assessment for CPP, PCI, PSP, and APP
Exams • POA Investigations volume (replaces The
◆ ASIS also offers Reference Sets for each Professional Investigator’s Manual).
certification. Our item writers and reviewers
ASIS International's Investigations Standard
use these same materials to reference the
correct answers on our exams.* • Free Online Access for ASIS Members
◆ ASIS offers many study opportunities for each • Investigations Standard for nonmembers
exam. Visit our Education section of the PHYSICAL SECURITY PROFESSIONAL
asisonline.org website for more information.*
The publications listed below comprise the PSP
◆ Many ASIS Chapters offer study groups.
reference material. Available as a softcover set or on
Kindle. Each title is available for individual purchase.
*ASIS does not guarantee success on the exams
because you study using ASIS preparatory materials. • POA Physical Security volume (Replaces
Physical Security Principles)
Exam Preparation Resources • Implementing Physical Protection Systems: A
ASIS offers a number of resources to help you study Practical Guide, 2nd Ed
for your board certification (costs are not included in • ASIS Business Continuity Management Guideline
the application fees). Candidates are encouraged to
refer to the following reference material as they are • Free Online Access for ASIS Members
preparing for the CPP, PCI, PSP, or APP examination. • Guideline for nonmembers
After carefully reviewing the domains of study and • ASIS Physical Asset Protection Standard (Replaces
identifying individual learning needs, candidates may ASIS Facilities Physical Security Measures Guideline)
use additional references and study opportunities as
necessary. • Free Online Access for ASIS Members
CERTIFIED PROTECTION PROFESSIONAL • Standard for nonmembers

The Protection of Assets (POA) and set of ASIS
ASSOCIATE PROTECTION PROFESSIONAL
standards and guidelines comprise the CPP reference
The publications listed below comprise the
recommended APP reference materials, which

include five Standards and three volumes from the the exam, they may no longer be accurate. These are
ASIS Protection of Assets. ASIS offers the following intended only to know how exam questions will be
individually or in bundles. formulated.
Five Standards CPP Practice Exam
• Physical Asset Protection PCI Practice Exam
• Security and Resilience in Organizations and their PSP Practice Exam
Supply Chains - Requirements with Guidance
• Investigations I PASSED THE EXAM, NOW WHAT?
• Workplace Violence and Active Assailant –
Upon successful completion of the examination, you
Prevention, Intervention, and Response
will receive a certificate bearing your name,
• Risk Assessment certification cycle begins and end date, and
certification number. Please allow at least four weeks
to receive your certificate.
Protection of Assets Volumes (Updated June 2021)
Also, you will receive an email from Credly (ASIS’
• Protection of Assets: Business Principles digital credentialing partner) with the subject line
• Protection of Assets: Crisis Management “You’ve earned a badge from ASIS International.” The
• Protection of Assets: Security Management message will provide an invitation and instructions to
(Note: Replaces POA Information Security claim your digital badge(s) and certificate (s). Please
volume) allow two weeks to receive your digital credentials.
ASIS offers three pricing bundles for the APP: Wear your new designation proudly! Add it to your
designation to your email signatures, business cards,
• APP Standards Bundle and social media accounts!
• Protection of Assets Bundle for the APP
Certification Recertification
• APP Complete Reference Set All those who hold an ASIS certification must recertify
For those who have an APP and are studying for the every three years by earning Continuing Professional
CPP, ASIS offers an APP Transition package that Education credits (CPEs). Recertification tells your
colleagues, peers, and employer that you committed
include the Investigations, Physical Security. and
to staying current in the security profession. For more
Personnel volumes of the POA. Also offered is an APP information on recertification requirements, please
to CPP Complete Reference Set. download the Recertification Guide.
ASIS offers other preparatory items (such as flash
cards and study manuals. Please search for these ASIS APPLICATION AND CERTIFICANT
items in the ASIS Store. POLICIES
CERTIFICATION REVIEWS
STATEMENT OF IMPARTIALITY
ASIS offers both in-person and online review courses
The ASIS Professional Certification Board (PCB) and
to help you prepare for your exam. Many ASIS
certification staff understand the importance of
Chapters also offer study groups. Contact the ASIS impartiality and conflicts in the management of
Chapter in your area for more information. certification activities. When undertaking dealings
with members and nonmembers, all involved in the
Neither the Professional Certification Board nor ASIS
certification process will maintain a high level of
Certification staff have any involvement in the ASIS
ethical conduct and avoid conflicts of interest in
review courses. Review course instructors have no
connection with the performance of their duties.
access to actual exam questions.
There shall be an avoidance of any actions and/or
Free Study Tools commitments that might create the appearance of:
The Practice Exams contain items that once appeared
on the actual certification exams but are now retired. ◆ Using positions for personal gain
Use these practice exams to familiarize yourself with ◆ Giving improper preferential treatment
how exam items will appear on the current exam(s). ◆ Impeding efficiency
Note: Because these questions no longer appear on ◆ Losing independence or impartiality

◆ Adversely affecting the confidence of ASIS ◆ Making any false or misleading statements to
constituents in the integrity of certification the PCB regarding an applicant or current
operations. certificant.
The PCB and certification staff will ensure that in its
dealings with constituents, they are and will remain Attestation of Continued Eligibility for
impartial and confidential. Certification
ASIS Certification Code of Professional All those applying for an ASIS exam will sign the
following attestation on the application.
Responsibility
By my signature, I attest that the information I submit
ASIS board certified security professionals and herein or in any required accompanying or subsequent
applicants for certification must adhere to the Code documentation is true and accurate to the best of my
of Professional Responsibility, agreeing to: knowledge.
◆ Perform professional duties in accordance
I understand that persons who apply for certification as
with the law and the highest moral
a Certified Protection Professional (CPP), Professional
principles. Noncompliance includes any acts Certified Investigator (PCI), Physical Security Professional
or omissions amounting to unprofessional (PSP), or Associate Protection Professional (APP), or
conduct and deemed prejudicial to the persons who have been certified by ASIS International,
certification. are subject to ASIS International’s eligibility
◆ Observe the precepts of truthfulness, requirements for certification, recertification, and to the
honesty, and integrity. ASIS Certification Code of Professional Responsibility.
◆ Be faithful, competent, and diligent in
discharging their professional duties. I understand that in order to maintain my certification, I
◆ Safeguard confidential and privileged must recertify every three years by reporting a specified
information and exercise due care to number of Continuing Professional Education (CPE)
prevent its improper disclosure. credits, in accordance with ASIS policy and procedures
◆ Not maliciously injure the professional for submitting such reports. I understand that CPE
reputation or practice of colleagues, clients, credits may be earned through education programs and
or employees. courses and other activities, and that all CPEs must
conform to the requirements specified in ASIS
Any act deemed prejudicial to the certification may
International’s Recertification Guide. I further
result in denial of approval to take the certification
understand that from time to time ASIS International
examination or disciplinary action by the Professional
may amend its requirements, policies, and procedures
Certification Board (PCB), up to and including
to include initial certification, recertification, and the
revocation of certification. Such acts may include, but
Code of Professional Responsibility.
are not limited to:
◆ Providing false or misleading statements or I also understand that I may be subject to audit at any
information when applying to take the time and that ASIS International reserves the right to
certification examination or to recertify. take action for failure to comply with the audit
◆ Any act or omission that violates the procedures.
provisions of the ASIS Certification Code of
While holding ASIS International certification, I agree to
Professional Responsibility.
notify ASIS International in writing immediately if I fail
◆ Any act that violates the criminal or civil laws
to comply with any of the requirements for gaining or
of any jurisdiction. maintaining certification or recertification, such as, but
◆ Any act that is the proper basis for not limited to, no longer working the profession, no
suspension or revocation of a professional longer holding Lifetime Retired status due to returning
license. to full-time employment, failing to earn the number of
◆ Any act or omission that violates the PCB CPE credits needed to maintain certification or to be
Disciplinary Rules and Procedures. recertified, or having been disciplined – including
◆ Failure to cooperate with the PCB’s Board of suspension, expulsion, or loss of the credential – as a
Professional Review in performance of its result of having been found in violation of the Code of
duties in investigating any allegation against Professional Responsibility. I also agree to notify ASIS
an applicant or current certificant. International in writing of any address or name

change(s) within thirty (30) days after the change a majority of the PCB, in official session, affirm
becomes effective. the panel’s determination that the individual is
not eligible for continued certification, then a
If requested to do so, ASIS International may verify notice will be issued. If your certification is
my certification status. revoked, you may be asked to return your
certificate and cease using the designation.
REVOCATION OF CERTIFICATION
Certifications are subject to revocation for any of the LIFETIME DESIGNATION
following causes: CPPs, PCIs, or PSPs may be considered for Lifetime
◆ The certified individual shall not have been Designation, if the individual meets the following
eligible to receive such certification, irrespective criteria:
of whether or not the facts were known to, or ◆ Be a CPP, PCI, or PSP in good standing
could have been ascertained by, the PCB at the ◆ Have maintained a single certification for twelve
time of issuance of such certification; or consecutive years preceding the date of
◆ The certified individual shall have made any application
misstatement of fact in the application for such ◆ Be currently retired (“retired” is defined as
certification or any other statement or complete cessation from any security-related
representation, connected with the application employment or practice or representation of
for certification; or any such employment or practice) and have
◆ The certified individual has been found to have no legal, financial, or business interest with
engaged in unethical practices or has been any form of security-related employment or
convicted of a felony. practice, as defined by the applicable
No certification shall be revoked unless the following certification exam domain
procedures are followed: ◆ Have paid the recertification fee for the current
◆ A copy of the charges against the certified term
individual and the information concerning the If a lifetime certificant returns to professional practice
event or events from which such charges have after the end of the last term of their regular
arisen is sent by registered mail to the certification, they must submit a recertification
individual. Such notice shall state that no action application demonstrating the successful completion
will be taken against the certified individual of sixty (60) CPEs within the previous three-year
until after a hearing unless the individual fails to period, or they must retake and pass the appropriate
request a hearing or offer a defense within 15 certification exam. Lifetime certificants are
days. automatically eligible to sit for the exam of their prior
◆ The certified individual is given at least 15 certification, without the need to submit additional
days to prepare a defense. supporting materials but are required to pay the
◆ A hearing is held on such charges, before a application fees.
designated panel, at which time the person is If you are granted a Lifetime Certification, you will
given a full opportunity to be heard in his or receive a new certificate with your new designation.
her own defense, including the right to be To display this new designation, you will use the
presented by counsel, the right to cross- following: CPP – Life Certified (Retired), PSP – Life
examine witnesses appearing, and to examine Certified (Retired), or PCI – Life Certified (Retired).
documents material to said charges. You cannot use the designation without these
Accommodation support will be provided to qualifying descriptions.
eligible individuals. To apply for lifetime certification, please complete
◆ The panel shall initially determine whether or
and submit this application at
not the individual’s certification should be
certification@asisonline.org. There is a $100 fee to
revoked. The initial determination of the panel,
including all evidence submitted at the hearing, apply.
shall be reviewed. Upon review, the PCB may
affirm, reverse, modify, or remand the original
determination of the panel.
◆ If the initial determination of the panel is to
revoke the certification of the individual, and if

RELEASE OF CANDIDATE AND
CERTIFICANT INFORMATION
Release to third parties of confidential information of FILING A COMPLAINT
ASIS candidates and certificants is prohibited unless Complaints regarding the eligibility requirements, test
ASIS obtains signed permission from the candidate or scheduling, policies, and procedures of the ASIS
certificant to do so or ASIS is compelled to do so by certification program, certification personnel, or
law. Consent to release information must include to another certificant may be filed in writing to the
whom the candidate or certificant information can be Certification Director. Please submit your complaint in
released and the information that can be released. writing and mail or email to
Information cannot be released if the law prohibits certification@asisonline.org. All information related
this release. to the complaint will be confidential; only the
complainant(s), the respondent, and those
investigating the complaint will be kept apprised of
ASIS CERTIFICATES the investigation.
All certificates related to the CPP, PCI, PSP, and APP
designations are the sole property of ASIS Please provide sufficient objective evidence to
International. The certificate may only be displayed substantiate the complaint. All complaints will be
during the time period for which the credential is reviewed by the Certification Director and/or
valid. Certificates remain the property of ASIS and members of the PCB Certificant Relations Committee.
must be returned to ASIS, if requested. The formerly
certified individual should immediately cease from Whenever possible, ASIS will make progress reports
using the ASIS International designations and remove to both the person submitting the complaint and to
them from all printed, electronic, or other forms of the person to whom the complaint is lodged. Receipt
communications. of your complaint will be sent to you and will include
actions taken by ASIS to remedy the situation. When
the complaint has been resolved, the person filing the
THIRD-PARTY INTERVENTION complaint will be notified with the results of the
The Professional Certification Board (PCB) sets the review. ASIS’s complete complaint policy can be
policies of the ASIS Certification Programs. There is an found here.
appropriate and required “wall” between ASIS
certification activities and the ASIS Global Board, ASIS ABOUT OUR TESTING PARTNER
staff, and ASIS’s CEO. Only the PCB can adjudicate Prometric is an independent testing company
certification matters. currently under contract with ASIS to administer the
ASIS certification exams. Experts at Prometric work
Because ASIS certification programs are accredited by closely with ASIS and the Professional Certification
ANAB to the ISO/17024 Standard, involving third Board (PCB) to develop exams that accurately
parties to try to change a decision made by the PCB is evaluate a candidate’s knowledge of the security
against ANAB accreditation requirements and doing profession. Prometric scores the exam, sends the
so jeopardizes ASIS accreditation status as an results to ASIS, and stores exam records. ASIS staff
and the PCB oversee Prometric’s activities to ensure
international certification body. In addition, ASIS
that all aspects of the exam process meet certification
strives to apply our policies consistently in order to be standards.
fair to all. Allowing special “rules” to some is simply
not fair to the 10,000+ certificants who do follow the
policies. Finally, due to confidentiality requirements,
the PCB and the Certification Team can only
communicate directly with the certificant; they
cannot share information with third parties.

PCI Certification

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

PCI Certification

Uploaded by

Copyright:

Available Formats

appea

ASIS is here to help! This Handbook covers all the information on

ASIS’ four certification programs. If you have questions after

reviewing the Handbook, please contact the Certification Team at:

OFFICE HOURS: Monday through Friday,

ASIS INTERNATIONAL BOARD ASIS PROFESSIONAL CERTIFICATION

However, not all certifications are equal. To truly set

ASIS International Certification Handbook -- 6

A certificate program is a training program on a ◆ Professional Certified Investigator (PCI)

ASIS International Certification Handbook -- 7

2021 ELIGIBILITY REQUIREMENTS

APP PSP PCI CPP

No Higher Education 3 years 5 (4) years 5 (4) years 7 (6) years

Bachelor’s Degree 2 years 4 (3) years 4 (3) years 6 (5) years

Master’s Degree 1 year 3 (3) years 3 (3) years 5 (4) years

Responsible Charge/Case Mgt 0 years 0 years 2 years 3 years

ASIS International Certification Handbook -- 8

ASIS International Certification Handbook -- 9

TASK 2: Implement methods to improve the security Knowledge of

TASK 7: Conduct background investigations for

ASIS International Certification Handbook -- 10

TASK 10: Develop and/or maintain a physical DOMAIN TWO

Knowledge of TASK 1: Propose budgets and implement financial

ASIS International Certification Handbook -- 11

ASIS International Certification Handbook -- 12

Knowledge of TASK 4: Implement contingency plans for common

Knowledge of TASK 6: Assess and prioritize threats to mitigate

TASK 1: Respond to and manage an incident using Knowledge of

TASK 2: Coordinate the recovery and resumption of Knowledge of

ASIS International Certification Handbook -- 13

TASK 10: Communicate regular status updates to

TASK 11: Monitor and audit the plan of how the

ASIS International Certification Handbook -- 14

CPP: BOARD CERTIFICATION IN a.) Experience as a security professional in the

WORK EXPERIENCE c.) Experience as a full-time educator on the faculty

ASIS International Certification Handbook -- 15

ASIS International Certification Handbook -- 16

ASIS International Certification Handbook -- 17

ASIS International Certification Handbook -- 18

ASIS International Certification Handbook -- 19

TASK 2: Prepare and plan how the organization

TASK 3: Respond to and manage an incident.

TASK 4: Manage incident recovery and resumption

ASIS International Certification Handbook -- 20

Earning a PCI provides independent confirmation of PCI BODY OF KNOWLEDGE

ASIS International Certification Handbook -- 21

ASIS International Certification Handbook -- 22

TASK 2: Prepare and present testimony.

ASIS International Certification Handbook -- 23

PSP: BOARD CERTIFICATION IN a.) Experience as a security professional in the

ASIS International Certification Handbook -- 24

ASIS International Certification Handbook -- 25

ASIS International Certification Handbook -- 26

Task 5: Monitor and evaluate program throughout

ASIS International Certification Handbook -- 27

ASIS International Certification Handbook -- 28

ASIS International Certification Handbook -- 29

ASIS International Certification Handbook -- 30

To provide a first-choice experience for all candidates,

ASIS International Certification Handbook -- 31

ASIS International Certification Handbook -- 32

ASIS International Certification Handbook -- 33

A 15-minute onscreen tutorial will orient you to the