September 12, 2023

What are the Industry Standard Physical Security Certifications

Featured image for “What are the Industry Standard Physical Security Certifications”

In the physical security industry there are several certifications available for consultants who conduct physical security threat, risk, and vulnerability assessments. These certifications demonstrate a consultant’s expertise in assessing and mitigating security risks in physical environments. It is important to note that there is no one-size-fits-all industry standard TRA report template. Therefore, before you get an assessment ensure that the consultants you hire have the relevant qualifications and experience for your project. Some of the notable certifications in this field include: 

Certified Protection Professional (CPP)

Offered by ASIS International, the CPP certification is one of the most widely recognized certifications for security professionals. It covers a broad range of security management topics, including physical security assessments. 

Physical Security Professional (PSP)

Also offered by ASIS International, the PSP certification focuses specifically on physical security measures and strategies. It validates an individual’s knowledge and expertise in areas such as threat assessment, vulnerability identification, and risk mitigation. 

Crime Prevention Through Environmental Design (CPTED)

While CPTED is not a specific certification, it is an industry standard and universally recognized design philosophy and approach that focuses on creating physical environments that deter criminal activity and enhance safety.  

CPTED principles are often considered and incorporated in physical security assessments conducted by consultants. These principles involve assessing the physical layout, design, and features of a space to identify vulnerabilities and recommend improvements to enhance security and reduce the likelihood of criminal incidents. Consultants who specialize in physical security assessments may utilize CPTED principles and incorporate them into their recommendations and strategies.  

Harmonized threat risk assessments (HTRA)

The Government of Canada has developed the Harmonized Threat and Risk Assessment (HTRA) methodology. This is designed to assess the potential threats and risks to the government’s information technology systems and critical infrastructure. While the HTRA methodology is specifically developed for government entities it can be used by private sector organizations, such as businesses, healthcare facilities, educational institutions, and critical infrastructure operators to identify and mitigate security risks. 

Security Standards

The SAFE Design Standard™ is a set of over two hundred performance requirements informed by environmental criminology and design scholarship, is a standardization of a CPTED process. Central to the SAFE Design Standard™ is the inclusion of informed and desired design as essential elements for achieving enhanced security. By taking a systematic, evidence-based, and risk-informed approach, the SAFE Design Standard™ supports more consistent, accurate, and repeatable means for achieving security. A core benefit of the SAFE Design Standard™ is its applicability to any type of building, site, or another built environment, in any jurisdiction, anywhere in the world. 

The Transported Asset Protection Association (TAPA) has developed the TAPA Security Standards, which provide guidelines and best practices for securing supply chains and mitigating risks. This cover various aspects of supply chain security, including facility security, transport security, and security management systems. While the standards do address physical security elements such as access controls, intrusion detection systems, and security procedures, they are not exclusively focused on physical security assessments. 

Many information security standards such as ISO 27001 and ISMS include requirements and guidance for physical security. These standard recognizes the importance of physical security controls in protecting information assets and requires organizations to assess the risks associated with physical access to information and information processing facilities. However these are a reference and the depth and effectiveness of the assessment will depend on the individual or team’s knowledge, expertise, and experience in physical security. 


These are some of the well-known certifications for consultants conducting physical security threat, risk, and vulnerability assessments. It’s important to research each certification in detail, including their prerequisites, curriculum, and re-certification requirements, to determine which one aligns best with your professional goals and interests.

To learn more about Kirsch Group’s certifications and services, click here. If you have any questions or want to discuss a Threat Risk Assessment, please get in touch



Join our mailing list: