ASIS-APP Exam Format | ASIS-APP Course Contents | ASIS-APP Course Outline | ASIS-APP Exam Syllabus | ASIS-APP Exam Objectives

Exam Specification:

- Exam Name: ASIS-APP Associate Protection Professional
- Exam Code: ASIS-APP
- Exam Duration: 2 hours
- Exam Format: Multiple-choice questions
- Passing Score: Determined by ASIS International

Course Outline:

1. Security Principles and Practices
- Security theories and concepts
- Risk management principles
- Security program development and implementation
- Security laws- regulations- and ethics

2. Physical Security
- Facility security planning and design
- Access control systems and techniques
- Security lighting and surveillance systems
- Security guarding and patrols

3. Investigations
- Investigation process and techniques
- Interviewing and interrogation techniques
- Evidence collection and preservation
- Incident reporting and documentation

4. Crisis Management
- Emergency response planning and procedures
- Business continuity planning
- Crisis communication and media relations
- Critical incident stress management

5. Personnel Security
- Background screening and employment vetting
- Employee training and awareness programs
- Workplace violence prevention and response
- Insider threat management

6. Information Security
- Information security principles and practices
- Cybersecurity threats and countermeasures
- Security of physical and digital assets
- Data privacy and protection

Exam Objectives:

1. Understand foundational security principles and practices.
2. Apply risk management concepts to security programs.
3. Demonstrate knowledge of physical security planning and techniques.
4. Conduct effective security investigations.
5. Develop and implement crisis management and emergency response plans.
6. Apply personnel security measures and best practices.
7. Understand information security principles and safeguarding techniques.

Exam Syllabus:

- Implement and coordinate the organization’s security program(s) to protect the organization’s assets
- Security theory and terminology
- Project management techniques
- Security industry standards
- Protection techniques and methods
- Security program and procedures assessment
- Security principles of planning- organization- and control

- Implement methods to improve the security program on a continuous basis through the use of auditing- review- and assessment
- Data collection and intelligence analysis techniques
- Continuous assessment and improvement processes
- Audit and testing techniques

- Develop and coordinate external relations programs with public sector law enforcement or other external organizations to achieve security objectives
- Roles and responsibilities of external organizations and agencies
- Local- national- and international public/private partnerships
- Methods for creating effective working relationships

- Develop- implement- and coordinate employee security awareness programs
- The nature of verbal and non-verbal communication and cultural considerations
- Security industry standards
- Training methodologies
- Communication strategies- techniques- and methods
- Security awareness program objectives and metrics

- Implement and/or coordinate an investigative program
- Report preparation for internal purposes and legal proceedings
- Components of investigative processes
- Types of investigations (e.g.- incident- misconduct- compliance)
- Internal and external resources to support investigative functions

- Provide coordination- assistance- and evidence such as documentation and testimony to support legal proceedings
- Required components of effective documentation (e.g.- legal- employee- procedural- policy- compliance)
- Evidence collection and protection techniques
- Relevant laws and regulations regarding records management- retention- legal holds- and destruction practices

- Conduct background investigations for hiring- promotion- and/or retention of individuals
- Background investigations and personnel screening techniques
- Quality and types of information and data sources
- Criminal- civil- and employment law and procedures

- Develop- implement- coordinate- and evaluate policies- procedures- programs and methods to protect individuals in the workplace against human threats (e.g.- harassment- violence)
- Principles and techniques of policy and procedure development
- Protection personnel- technology- and processes
- Regulations and standards governing or affecting the security industry and the protection of people- property- and information
- Educational and awareness program design and implementation

- Conduct and/or coordinate an executive/personnel protection program
- Travel security program components
- Executive/personnel protection program components
- Protection personnel- technology- and processes

- Develop and/or maintain a physical security program for an organizational asset
- Resource management techniques
- Preventive and corrective maintenance for systems
- Physical security protection equipment- technology- and personnel
- Security theory- techniques- and processes
- Fundamentals of security system design

- Recommend- implement- and coordinate physical security controls to mitigate security risks
- Risk mitigation techniques (e.g.- technology- personnel- process- facility design- infrastructure)
- Physical security protection equipment- technology- and personnel
- Security survey techniques

- Evaluate and integrate technology into security program to meet organizational goals
- Surveillance techniques and technology
- Integration of technology and personnel
- Plans- drawings- and schematics
- Information security theory and systems methodology

- Coordinate and implement security policies that contribute to an information security program
- Practices to protect proprietary information and intellectual property
- Information protection technology- investigations- and procedures
- Information security program components (e.g.- asset protection- physical security- procedural security- information systems security- employee awareness- and information destruction and recovery capabilities)
- Information security threats

- Propose budgets and implement financial controls to ensure fiscal responsibility
- Data analysis techniques and cost-benefit analysis
- Principles of business management accounting- control- and audits
- Return on Investment (ROI) analysis
- Fundamental business finance principles and financial reporting
- Budget planning process
- Required components of effective documentation (e.g.- budget- balance sheet- vendor work order- contracts)

- Implement security policies- procedures- plans- and directives to achieve organizational objectives
- Principles and techniques of policy/procedure development
- Guidelines for individual and corporate behavior
- Improvement techniques (e.g.- pilot programs- education- and training)

- Develop procedures/techniques to measure and improve departmental productivity
- Communication strategies- methods- and techniques
- Techniques for quantifying productivity/metrics/key performance indicators (KPI)
- Project management fundamentals tools and techniques
- Principles of performance evaluations- 360 reviews- and coaching

- Develop- implement- and coordinate security staffing processes and personnel development programs in order to achieve organizational objectives
- Retention strategies and methodologies
- Job analysis processes
- Cross-functional collaboration
- Training strategies- methods- and techniques
- Talent management and succession planning
- Selection- evaluation- and interview techniques for staffing

- Monitor and ensure a sound ethical culture in accordance with regulatory requirements and organizational objectives
- Interpersonal communications and feedback techniques
- Relevant laws and regulations
- Governance and compliance standards
- Generally accepted ethical principles
- Guidelines for individual and corporate behavior

- Provide advice and assistance in developing key performance indicators and negotiate contractual terms for security vendors/suppliers
- Confidential information protection techniques and methods
- Relevant laws and regulations
- Key concepts in the preparation of requests for proposals and bid reviews/evaluations
- Service Level Agreements (SLA) definition- measurement and reporting
- Contract law- indemnification- and liability insurance principles
- Monitoring processes to ensure that organizational needs and contractual requirements are being met
- Vendor qualification and selection process

- Conduct initial and ongoing risk assessment processes
- Risk management strategies (e.g.- avoid- assume/accept- transfer- mitigate)
- Risk management and business impact analysis methodology
- Risk management theory and terminology (e.g.- threats- likelihood- vulnerability- impact)

- Assess and prioritize threats to address potential consequences of incidents
- Potential threats to an organization
- Holistic approach to assessing all-hazard threats
- Techniques- tools- and resources related to internal and external threats

- Prepare- plan- and communicate how the organization will identify- classify- and address risks
- Risk management compliance testing (e.g.- program audit- internal controls- self-assessment)
- Quantitative and qualitative risk assessments
- Risk management standards
- Vulnerability- threat- and impact assessments

- Implement and/or coordinate recommended countermeasures for new risk treatment strategies
- Countermeasures
- Mitigation techniques
- Cost-benefit analysis methods for risk treatment strategies

- Establish a business continuity or continuity of operations plan (COOP)
- Business continuity standards
- Emergency planning techniques
- Risk analysis
- Gap analysis

- Ensure pre-incident resource planning (e.g.- mutual aid agreements- table-top exercises)
- Data collection and trend analysis techniques
- Techniques- tools- and resources related to internal and external threats
- Quality and types of information and data sources
- Holistic approach to assessing all-hazard threats

- Respond to and manage an incident using best practices
- Primary roles and duties in an incident command structure
- Emergency operations center (EOC) management principles and practices

- Coordinate the recovery and resumption of operations following an incident
- Recovery assistance resources
- Mitigation opportunities during response and recovery processes

- Conduct a post-incident review
- Mitigation opportunities during response and recovery processes
- Post-incident review techniques

- Implement contingency plans for common types of incidents (e.g.- bomb threat- active shooter- natural disasters)
- Short- and long-term recovery strategies
- Incident management systems and protocols

- Identify vulnerabilities and coordinate additional countermeasures for an asset in a degraded state following an incident
- Triage/prioritization and damage assessment techniques
- Prevention- intervention- and response tactics

- Assess and prioritize threats to mitigate consequences of incidents
- Triage/prioritization and damage assessment techniques
- Resource management techniques

- Coordinate and assist with evidence collection for post-incident review (e.g.- documentation- testimony)
- Communication techniques and notification protocols
- Communication techniques and protocols of liaison

- Coordinate with emergency services during incident response
- Emergency operations center (EOC) concepts and design
- Emergency operations center (EOC) management principles and practices
- Communication techniques and protocols of liaison

- Monitor the response effectiveness to incident(s)
- Post-incident review techniques
- Incident management systems and protocols

- Communicate regular status updates to leadership and other key stakeholders throughout incident
- Communication techniques and protocols of liaison
- Communication techniques and notification protocols

- Monitor and audit the plan of how the organization will respond to incidents
- Training and exercise techniques
- Post-incident review techniques