Lesson 1.2: Core Resources & Standards

By /

Back to: ASIS PSP – Preparation Course

0

Objective: By the end of this lesson, you will be able to identify the four official reference documents for the PSP exam, understand which domains they map to, and know how to study them effectively (e.g., distinguishing between “Normative” and “Informative” content).

1. The Official Reference Set

The PSP exam is strictly based on a defined set of four publications. If it is in these books, it is testable. If it is not, it likely isn’t.

A. Protection of Assets (POA): Physical Security (2021 Edition)

  • What it is: The “Encyclopedia.” It covers the broad theory, concepts, and the “Why” behind physical security.
  • Primary Domains: Domain 1 (Assessment) & Domain 2 (Design).
  • Key Focus:
    • Security Management principles.
    • Detailed breakdowns of specific countermeasures (e.g., exact definitions of intrusion sensor types).
    • The philosophy of “Defense in Depth.”

B. Implementing Physical Protection Systems: A Practical Guide (3rd Edition)

  • What it is: The “How-To Manual.” This is arguably the most critical book for the Design and Implementation domains.
  • Primary Domains: Domain 2 (Design) & Domain 3 (Implementation).
  • Key Chapters to Master:
    • Chapters 1-3: Project Management & Planning (Crucial for Domain 3).
    • Chapter 5: Basic Design Concepts (Point vs. Area security).
    • Chapter 9: Structural Security Measures (Barriers, locks, lighting).
    • Chapters 10-12: Electronic Systems (Access Control, Video, Intrusion).

C. Physical Asset Protection (PAP) Standard (ASIS PAP-2021)

  • What it is: A formal ANSI standard. It outlines the Management Systems Approach (Plan-Do-Check-Act) to physical security.
  • Primary Domains: Domain 1 (Assessment) & Domain 3 (Implementation).
  • Key Focus:
    • Establishing the context of the organization.
    • Performance evaluation (metrics and monitoring).
    • Note: You must know the sequence of the “Physical Asset Protection Cycle.”

D. Business Continuity Management (BCM) Guideline (2021)

  • What it is: A guide on keeping the business running during and after a crisis.
  • Primary Domains: Domain 1 (Assessment – Risk Analysis) & Domain 3 (Implementation – Recovery).
  • Key Focus:
    • BIA (Business Impact Analysis): Differentiating between RTO (Recovery Time Objective) and RPO (Recovery Point Objective).
    • Crisis Management vs. Business Continuity.

2. Mapping Resources to the Domains

To study efficiently, map your reading to the exam blueprint. Do not just read cover-to-cover; read by domain.

Exam DomainPrimary Resource(s)Focus Areas
1. Assessment (34%)POA (Physical Security)
PAP Standard
BCM Guideline		Risk Assessment Matrix, BIA, Security Survey methods, Defining Assets/Threats.
2. Design (34%)Implementing PPS (Ch 5-12)
POA (Physical Security)		CPTED, Lighting calculations, Lock types, Sensor selection, Integration logic.
3. Implementation (32%)Implementing PPS (Ch 1-3, 13)
PAP Standard		Project Management (Gantt charts), RFP/RFQ process, Testing (FAT/SAT), Training, Maintenance.

3. How to “Read” a Standard (Exam Strategy)

ASIS Standards use specific language that defines what is mandatory vs. what is optional. This is a common source of exam questions.

  • “Shall” = Mandatory.
    • Example: “The organization shall conduct a risk assessment.”
    • Exam Tip: If a question asks what you must do according to the standard, look for the “shall” statement in your memory.
  • “Should” = Recommended.
    • Example: “The perimeter should be illuminated.”
    • Exam Tip: This is a best practice, but not strictly required for compliance.
  • “Consider” = Optional / Suggestion.
    • Example: “The design team may consider using biometrics.”

4. The “Implementing PPS” Lifecycle

The Implementing Physical Protection Systems book introduces a specific lifecycle you must memorize. The exam will ask what happens in which phase.

  1. Planning Phase: Risk Assessment, defining requirements.
  2. Design Phase: Creating the solution, detailed specs.
  3. Estimation Phase: Budgeting.
  4. Procurement Phase: Bidding (RFP/RFQ), selecting vendors.
  5. Installation Phase: Physical work, Project Management.
  6. Commissioning Phase: Testing, Training, Handover.
    • Trap: Training happens before the final handover, not after.