CERTIFIED PROTECTION PROFESSIONAL CPP Certification Examination Review October

CERTIFIED PROTECTION PROFESSIONAL (CPP) Certification Examination Review October 2017 Dennis Shepp, CPP

SUBJECTS (DOMAINS) Business Security Principles Information Crisis Personnel Security – Investigations. Principles & Physical Security & Practices Management Security Practices CERTIFIED PROTECTION PROFESSIONAL (CPP) Certification Examination Review DOMAIN 1 – Security Principles & Practices (21%) DOMAIN 2 – Business Principles & Practices (13%) DOMAIN 3 – Investigations (10%) DOMAIN 4 – Personnel Security (12%) DOMAIN 5 – Physical Security (25%) DOMAIN 6 – Information Security (9%) DOMAIN 7 – Crisis Management (10%)

CERTIFIED PROTECTION PROFESSIONAL (CPP) Certification Examination Review 2 DOMAIN 2 – Business Principles & Practices (13%) October 2017 Dennis Shepp, CPP

CERTIFIED PROTECTION PROFESSIONAL (CPP) Certification Examination Review Task 02/01 Develop and manage budgets and financial controls to achieve fiscal responsibility Task 02/02 Develop, implement, and manage policies, procedures, plans, and directives to achieve organizational objectives Task 02/03 Develop procedures/ techniques to measure and improve organizational productivity Task 02/04 Develop, implement, and manage security staffing processes and personnel development programs in order to achieve organizational objectives October 2017 Dennis Shepp, CPP

CERTIFIED PROTECTION PROFESSIONAL (CPP) Certification Examination Review Task 02/05 Monitor and ensure a sound ethical climate in accordance with regulatory requirements and the organization’s directives and standards to support and promote proper business practices Task 02/06 Provide advice and assistance to management and others in developing performance requirements and contractual terms for security vendors/suppliers October 2017 Dennis Shepp, CPP

CERTIFIED PROTECTION PROFESSIONAL (CPP) Certification Examination Review Task 02/01 Develop and manage budgets and financial controls to achieve fiscal responsibility October 2017 Dennis Shepp, CPP

CERTIFIED PROTECTION PROFESSIONAL (CPP) Certification Examination Review Knowledge of: 02/01/01 Principles of management accounting, control, and audits 02/01/02 Business finance principles and financial reporting 02/01/03 Return on Investment (ROI) analysis 02/01/04 The lifecycle for budget planning purposes October 2017 Dennis Shepp, CPP

Task 2. 1. 1 Develop and manage budgets and financial controls to achieve fiscal responsibility explaining the principles of management accounting, control, and audits. CHAPTER 2 FINANCIAL MANAGEMENT, POA Sec Mgmt Chap 2. 6) (Kindle Locations 1391 -1394). • Financial management practices provide analysis and decision tools that allow businesses to monitor the financial operations of an organization and make better financial decisions. • Understanding the accounting principles used in generating financial reports.

• Reports make it possible to analyze the current state of business finances and project how financial decisions will affect the business – hence security. • Financial analysis it is possible to develop budgets and set expected goals for revenue or return on investment (ROI). • Publicly traded & privately owned companies must follow accounting and financial reporting standards. • Oversight responsibility should be separated from authority - purpose of an independent auditor who analyzes the facts, draws conclusions & recommendations.

• Must be developed in cooperation with functional areas that are stakeholders • Develop budget to align with financial strategy • Controls to monitor execution: o Accounting process o Internal auditing o Financial authority limits

Task 2. 1. 2 Develop and manage budgets and financial controls to achieve fiscal responsibility explaining business finance principles and financial reporting. CHAPTER 2 FINANCIAL MANAGEMENT, POA Sec Mgmt page 13 to 25) • Must understand accounting principles (GAAP) • Develop financial strategy • Must consider ROI – using formulas to evaluate leasing vs purchasing, etc • Income Statements • Balance Sheets • Cash Flow Statements • Ratios (Risk Ratio; Current Ratio; Quick Ratio; Debt/Equity; Profit Margin; Liability)

• Three financial reports or statements have become accepted as standard: the income statement, balance sheet, and statement of cash flows. • The income statement tells how much money an organization generates (revenue), how much it spends (expenses), and the difference between those figures (net income). • The balance sheet summarizes an organization’s investing and financing. The report’s underlying equation is as follows: assets = liabilities + shareholder equity. • The cash flow statement (statement of cash flows) how cash inflows and outflows affect an organization.

• Demonstrates whether the organization is generating enough cash to cover operations or purchase assets. POA: Security Management Chapter 2. 3 FINANCIAL RATIOS (Kindle Locations 1526 -1528). • Financial analysis involves understanding various profitability measurements and business risks. • The quantitative method of profitability analysis relies on ratios of numbers in financial statements. • Ratios are helpful for comparing performance against expected values in an industry or against an organization’s historical performance.

2. 3. 1 PROFITABILITY RATIOS • Profitability ratios aid in quantifying an organization’s ability to generate income beyond covering expenses. • The larger the margin of net income, the more profitable an organization is. • Gross Profit Margin = (Revenue – Cost of Goods Sold – General and Administrative Costs)/ Revenue • Operating Margin = EBITA/ Revenue • Net Profit Margin = Net Income/ Revenue • Return on Assets (ROA) = Net Income/ Total Assets • Return on Equity (ROE) = Net Income/ Shareholder Equity

2. 3. 1 PROFITABILITY RATIOS (continued) • Earnings per Share (EPS) = Net Income/ Total Shares • Price to Earnings (P/E) = Price per Share/ EPS 2. 3. 2 Risk Ratios • Financial risk analysis deals with current or projected numbers that are derived directly from an organization’s financial decisions. • Focuses on whether a company will have the ability to cover expenses and operating costs in the short and long term. • Current Ratio = Current Assets/ Current Liabilities • Quick Ratio = (Cash + Securities + Accounts Receivable)/ Current Liabilities

2. 3. 2 Risk Ratios (continued) • Debt to Equity Ratio = Total Liabilities/ Shareholder Equity

Task 2. 1. 3 Develop and manage budgets and financial controls to achieve fiscal responsibility explaining Return on Investment (ROI) analysis. 2. 5. 1 RETURN ON INVESTMENT ASIS POA: Sec Mgmt (Kindle Locations 1657 -1659) pages 110 -111 • Return on investment (ROI) an effective way to compare the desirability of different ways of spending & future budget money. • ROI formula ROI = Initial Investment + Interest -1 Initial Investment • (read the examples used in Chap 1 for radio purchase)

5. 3. 1 RETURN ON INVESTMENT, POA: Security Management, page 109, (Kindle Locations 3298 -3299) • Return on investment (ROI) is a standard profitability ratio that measures how much net income the business earns for each dollar invested by its owners. • Also called return on equity • ROI is used to gauge management’s overall effectiveness in generating profits. • International, ASIS. POA: Security Management; Legal Issues; Security Officer Operations; and Crisis Management. ASIS International. Kindle Edition. • ROI can be measured in time saved, improved efficiency, reduced manpower, reduced losses, lower liability or insurance payments, or greater customer satisfaction.

• It all translates into an improved bottom line over time. • The expectation is that security measures should not merely be efficient but should provide a positive return on investment. • Many organizations do not make ROI calculations when judging security spending; they merely adopt a budget based on historical experience or future estimates. • Difficult to calculate when having to measure: o Time savings o Improved efficiency o Reduction in manpower o Reduced loss o Lower liability/insurance

• ROI = AL + R CSP AL = Avoided Loss R = Recoveries made CSP = Cost of Security Program

Task 2. 1. 1 Develop and manage budgets and financial controls to achieve fiscal responsibility explaining the lifecycle for budget planning purposes. 2. 5 BUDGETS, POA Sec Mgmt (Kindle Locations 16311632)pges 27; 29; 30 • Types of budget development processes: o Top-down (upper management dictates without bottom input) o Bottom-up (developed by unit) • Zero-based budgeting, a process wherein funds are placed in a budget only to the extent that planned expenditures are justified in detail. • Dept Budgets typically annual

• • Used to compare past expenditures or forecast Developed with cross-functional cooperation Aligned with organization’s financial strategy Budgetary Limitations for training: o Outsourcing; purchasing off-self training; Grant funding; sharing instructional materials & professional organizations

CERTIFIED PROTECTION PROFESSIONAL (CPP) Certification Examination Review Task 02/02 Develop, implement, and manage policies, procedures, plans, and directives to achieve organizational objectives October 2017 Dennis Shepp, CPP

CERTIFIED PROTECTION PROFESSIONAL (CPP) Certification Examination Review Knowledge of: 02/02/01 Principles and techniques of policy/procedures development 02/02/02 Communication strategies, methods, and techniques 02/02/03 Training strategies, methods, and techniques 02/02/04 Cross-functional collaboration 02/02/05 Relevant laws and regulations October 2017 Dennis Shepp, CPP

Task 2. 2. 1 Develop, implement, and manage policies, procedures, plans, and directives to achieve organizational objectives describing the principles and techniques of policy/procedures development. 10. 4. 2 POLICIES AND PROCEDURES, POA (Kindle Location 6991) • Policies establish rules, while procedures explain how to follow those rules. 1. 3. 1 HUMAN RESOURCES MANAGEMENT, POA (Kindle Locations 1288 -1289) • HR department must establish policies and procedures to outline how business will be conducted at the organization. • Policies cover items that the organization monitors and expects employees to conform to.

• Some policies are driven by government regulation. • Procedures deal with specific items. • 8 -step process illustrates one methodology: o Step 1 Identify organizational issues that impact organizational policy. o Step 2 Identify the information in need of protection and the protection required. o Step 3 Identify the various classes of policy users. o Step 4 Draft policies based on Steps 1– 3. o Step 5 Review draft policies with management, users, and legal counsel, and then finalize. o Step 6 Train all personnel in the organization’s policies. o Step 7 Enforce the policies. o Step 8 Review and modify policies, as appropriate but at least annually.

• Examine and apply regulations which impact policies. • Involve stakeholders (managers, supervisors, employees). 11. 8. 9 EMPLOYEE EDUCATION AND TRAINING, POA: Security Management, page 334 • Training employees at all levels (substance abuse) but applicable to all programs.

Task 2. 2. 2 Develop, implement, and manage policies, procedures, plans, and directives to achieve organizational objectives describing communication strategies, methods, and techniques. 1. 2 ORGANIZATIONAL STRATEGY, 1. 2. 2 Communicating the Strategy, POA Sec mgmt • Policies: Establishes the rules (longer term) • Procedures: How to follow the rules (shorter term – changes more often) • Organizational strategy: serves as foundation for developing business processes to support overall business structure • Developing strategy: guides the company into future

• Policies & procedures (strategy) communicated through vision, mission and objectives • Need to consider all employees • Policies/procedures must be inclusive • Metrics – KPIs – tied to organizational strategy • Any metrics must be SMART 1. 2. 2 COMMUNICATING THE STRATEGY, POA: Security Management, (Kindle Locations 1220 -1221). • Once a strategic direction is understood, it is essential to capture that direction and communicate it effectively within and outside the organization. • The following topics can help communicate the organizational strategy:

• The vision of an organization is a specific description of where the business will be in the long-term. • The vision statement conveys a general understanding of the business, its culture, and its future goals. • The mission of the business specifies its types of products or services, level of quality, and other tangible aspects of the business and its plans. • While the vision states objectives and business goals, the mission communicates business functionality and operational methods. • Objectives This statement includes the specific organizational objectives so that all involved parties can understand what needs to be done.

• The objectives should highlight specific goals that the organization wants units to achieve in terms of relevant metrics. • The objectives must be SMART (Specific, Measurable, Attainable, Relevant, and Time-bound). 4. 9 TRAINING STRATEGIES, POA: Security Officer Operations, • A number of strategies make training programs more cost-effective: • off-duty training; tuition reimbursement; recognition programs; integrated training; videos; selling security services; supervisory training; internships; previous experience; officer selection; job rotation; and professional memberships.

4. 9. 1 Off-Duty Training 4. 9. 2 Tuition Reimbursement 4. 9. 3 Recognition Programs 4. 9. 4 Integrated Training 4. 9. 5 Video Collaborations 4. 9. 6 Selling Security Services 4. 9. 7 Supervisory Training 4. 9. 8 Internships 4. 9. 9 Formal and Informal Training Efforts 4. 9. 10 Government and Private Studies 4. 9. 11 Training and Guidelines Standards

Task 2. 2. 3 Develop, implement, and manage policies, procedures, plans, and directives to achieve organizational objectives describing training strategies, methods, and techniques. 10. 3. 1 TECHNIQUES, MATERIALS, AND RESOURCES, ASIS. POA: Security Management (Kindle Locations 6889 -6890). page 297) • Written materials • AV Materials (audio-visual) • Formal briefings • Integration into line operations • Inside/outside experts.

Task 2. 2. 4 Develop, implement, and manage policies, procedures, plans, and directives to achieve organizational objectives describing crossfunctional collaboration. 6. 4. 1 ESTABLISHING A MODEL PREVENTION PROGRAM, POA Security Management (Kindle Locations 4124 -4126) • Strong collaboration among staff and key stakeholders. • Such collaboration requires a clear delineation of roles and responsibilities between security, human resources, legal, communications (both internal and external), facilities management, and affected line managers (cross-functional). • Prevention: designed to teach management and employees about the nature, types, and most vulnerable areas of losses in the organization.

6. 4. 1 ESTABLISHING A MODEL PREVENTION PROGRAM, POA Security Management (Kindle Locations 4124 -4126) • Strong collaboration among staff and key stakeholders. • Such collaboration requires a clear delineation of roles and responsibilities between security, human resources, legal, communications (both internal and external), facilities management, and affected line managers (cross-functional). • Prevention: designed to teach management and employees about the nature, types, and most vulnerable areas of losses in the organization. • Incident reporting: Employees should be encouraged to report theft & fraud even without a monetary reward.

4. 4 MANAGEMENT OF ASSETS PROTECTION, POA, (Kindle Locations 2738 -2739) • Depends on the proper balance of three managerial dimensions: technical expertise, management ability, and the ability to deal with people.

CERTIFIED PROTECTION PROFESSIONAL (CPP) Certification Examination Review Task 02/02 Develop, implement, and manage policies, procedures, plans, and directives to achieve organizational objectives with knowledge of: 02/02/05 Relevant laws and regulations • Copyrights (POA: Information Security section 1. 5. 1) • Trademarks, Trade Dress & Service Marks (POA: Information Security; section 1. 5. 2) • Patents (POA: Information Security; section 1. 5. 3) October 2017 Dennis Shepp, CPP

CERTIFIED PROTECTION PROFESSIONAL (CPP) Certification Examination Review 02/02/05 Relevant laws and regulations (continued) • Trade Secrets (POA: Information Security; section 1. 5. 4) • Nondisclosure Agreements (NDA’s) (POA: Information Security; section 1. 5. 6) • International Issues (intellectual property protection) (POA: Information Security section 1. 5. 5) October 2017 Dennis Shepp, CPP

CERTIFIED PROTECTION PROFESSIONAL (CPP) Certification Examination Review 02/02/05 Relevant laws and regulations (continued) • Information Security Systems (ISS) considerations: o Payment Card Industry Data Security Standard (US) o Health Care and Insurance Portability and Accountability Act (US) o Gramm-Leach-Bliley Act (US) o Children’s Online Privacy Protection Act (US) o Sarbanes-Oxley Act (US) o Red Flag Rules (US) o FTC enforcement actions (US) o EU Data Protection POA: Information Security 3. 4 Emerging, Legal, Regulatory and Contractual Landscape Regarding ISS (Kindle Locations 14091 -14095). October 2017 Dennis Shepp, CPP

CERTIFIED PROTECTION PROFESSIONAL (CPP) Certification Examination Review 02/02/05 Relevant laws and regulations (continued) • Protection officer licensing and training o Governed by local government jurisdictions POA: Information Security 3. 4 Emerging, Legal, Regulatory and Contractual Landscape Regarding ISS (Kindle Locations 14091 -14095). October 2017 Dennis Shepp, CPP

CERTIFIED PROTECTION PROFESSIONAL (CPP) Certification Examination Review Task 02/03 Develop procedures/ techniques to measure and improve organizational productivity October 2017 Dennis Shepp, CPP

CERTIFIED PROTECTION PROFESSIONAL (CPP) Certification Examination Review Knowledge of: 02/03/01 Techniques for quantifying productivity/metrics/key performance indicators (KPI) 02/03/02 Data analysis techniques and costbenefit analysis 02/03/03 Improvement techniques (for example, pilot programs, education and training) October 2017 Dennis Shepp, CPP

Task 2. 3. 1 Develop procedures/ techniques to measure and improve organizational productivity explaining techniques for quantifying productivity/metrics/key performance indicators (KPI). (ORM. 1 -2017 Standard Page 33) • Performance evaluation • Evaluate plans, procedures and capabilities • Periodic assessments ; performance evaluations; testing; post incident reports; exercises • Implement and maintain metrics • Plan-Do-Check-Act (PDCA) Cycle used during the process • > 1 million organizations in 161 countries overseen by ISO

Plan-Do-Check-Act (PDCA)

Task 2. 3. 2 Develop procedures/ techniques to measure and improve organizational productivity explaining data analysis techniques and cost-benefit analysis. 5. 3. 1 RETURN ON INVESTMENT, ASIS. POA: Security Management; (Kindle Location 3314). page 107 - 116 • Manage organization to do more with less – costeffectiveness • Money expended has highest return • ROI formulas for program effectiveness • ROI = AL + R • CSP • Cost avoidance – using asset protection resources – involve stakeholders • WAECUP, STEP, SWOT strategies help measure benefits

1. 6 LOSS IMPACT, POA, Physical Security, (Kindle Locations 1176 -1183) • Cost-of-Loss Formula • Taking the worst-case position and analyzing each security vulnerability in light of the probable maximum loss for a single occurrence of the risk event, one can use the following equation: K = (Cp + Ct + Cr + Ci) - (I - a) K = criticality, total cost of loss Cp = cost of permanent replacement Ct = cost of temporary substitute Cr = total related costs Ci = lost income cost I = available insurance orindemnity a = available insurance

5. 6 DATA ANALYSIS AND DISPLAY, POA: Security Management, page 229, (Kindle Locations 3473 -3475) • The key is to ensure that the software aggregates the data for analysis. • Analysis of aggregate data should lead the security manager to discover trends, successes, failures, costs, losses, savings, recoveries, what works, and what does not work, along with a host of other information.

Task 2. 3. 3 Develop procedures/ techniques to measure and improve organizational productivity explaining improvement techniques (for example, pilot programs, education and training). 10. 3. 3 MEASURING THE PROGRAM, POA, Security Management, (Kindle Locations 6948 -6951) • Measuring effectiveness of programs - through the use of metrics. • Company losses before & after the security awareness program was implemented • # of persons briefed & number of briefings conducted in specific periods • Topics covered, projected or actual briefing completion date and method of delivery

• Cost of briefing per employee 1. 3. 1 Performance Measurement and Training (Kindle Location 1332) • Metrics for evaluating employees should align closely with the organizational strategy. • Employees should be measured on both how well they do their current jobs and how well they contribute to the growth of the company as a whole. • Measuring: o work quality o Performance on time o performance within budget o meeting of other requirements of the position

• Employee’s overall performance: o extra sales, extra hours, and work on several projects o work on tasks outside the position requirements o contribution toward improvements in the business process o Leadership • Encourage and support employee certification • Seek new technology – embrace changes • Benchmarking with other organizations • Auditing the program (internal/external) – seek improvement • Training – essential component - investment

CERTIFIED PROTECTION PROFESSIONAL (CPP) Certification Examination Review Task 02/04 Develop, implement, and manage security staffing processes and personnel development programs in order to achieve organizational objectives October 2017 Dennis Shepp, CPP

CERTIFIED PROTECTION PROFESSIONAL (CPP) Certification Examination Review Knowledge of: 02/04/01 Interview techniques for staffing 02/04/02 Candidate selection and evaluation techniques 02/04/03 Job analysis processes 02/04/04 Pre-employment background screening 02/04/05 Principles of performance evaluations, 360 reviews, and coaching October 2017 Dennis Shepp, CPP

CERTIFIED PROTECTION PROFESSIONAL (CPP) Certification Examination Review Knowledge of (continued): 02/04/06 Interpersonal and feedback techniques 02/04/07 Training strategies, methodologies, and resources 02/04/08 Retention strategies and methodologies 02/04/09 Talent management and succession planning October 2017 Dennis Shepp, CPP

Task 2. 4. 1 Develop, implement, and manage security staffing processes and personnel development programs in order to achieve organizational objectives describing the interview techniques for staffing. NOTE: REVIEW PREEMPLOYMENT SCREENING GUIDELINE ASIS Pre-employment and Background Screening Guideline (2009). Paragraph 8 – page 24/25 • Helps employers understand implement the fundamental concepts, methodologies, and legal issues associated with the pre-employment background screening of job applicants. • Interviews – first chance to come face-to-face • Important to be “Active Listeners” • Convey critical information to applicant – encourages honesty

• Allow applicant to share information – not on application • Employer has first chance to assess candidate in person – best way to evaluate. 1. 3. 1 Human Resource Management, POA, Security Management, (Kindle Locations 1247 -1249) • Difficult to assess a candidate based solely on a résumé and a single interview. • Review applications/resumes and invite only the most viable candidates for an interview. • interviewers provide a thorough overview of the company and the benefits of working for that company.

• The interviewer should examine the candidate’s objective capabilities and subjective fit with the team the candidate would work with. • This latter measure is sometimes the more important one.

Task 2. 4. 2 Develop, implement, and manage security staffing processes and personnel development programs in order to achieve organizational objectives describing the Interpersonal and feedback techniques. ANSI/ASIS ORM. 1 -2007, A. 9. 4. 2 Communicating Complaint and Grievance Procedures; page 70.

ANSI/ASIS ORM. 1 -2007, A. 9. 4. 2 Communicating Complaint and Grievance Procedures; page 70.

Task 2. 4. 3 Develop, implement, and manage security staffing processes and personnel development programs in order to achieve organizational objectives describing the job analysis processes. 3. 1 VIGILANT PERFORMANCE, POA: Security Officer Operations, (Kindle Locations 17218 -17222). • Job analysis - systematic collection and recording of information about the purpose of a job, its major duties, the conditions under which it is performed, required contacts with others, and the knowledge, skills, and abilities needed to perform the job effectively. • A detailed job analysis should be prepared for each position. • There needs to be a fit between the security officer, the position, and company expectations.

NOTE: REVIEW PREEMPLOYMENT SCREENING GUIDELINE 1. 3. 1 HUMAN RESOURCE MANAGEMENT, POA, (Kindle Locations 1248 -1257). • Important for an organization to understand how to conduct an effective job requirements analysis, thorough candidate profiles, and effective interviews and evaluations. • Staffing decisions should be measured against a detailed job requirements analysis. • The analysis should be made not only by the manager responsible for hiring but also by other team members and organizational leaders. • Staffing decisions should be measured against a detailed job requirements analysis.

• The analysis should be made not only by the manager responsible for hiring but also by other team members and organizational leaders. • The job requirements analysis addresses both direct and indirect requirements. • The direct requirements are those that the candidate must meet to understand function in the position. • The indirect requirements are skills that will increase the candidate’s likelihood of success. • Systematic – collection of information, concerning positions and jobs the organization has. • Outlines required competencies, qualifications, experience, skills (communication, leadership, interpersonal) needed for suitability for the position.

3. 1 VIGILANT PERFROMANCE, POA: Security Officers Operations, (Kindle Locations 17198 -17202). • Definitions: o Dictionary: keen attention to detect danger; wariness o physiology: the global responsiveness of the nervous system to external (sensory) and internal (muscles, tendons, and joints) stimuli o psychology: unspecified function of the central nervous system that enables an individual to respond effectively to the infrequent and uncertain occurrence of specific, often low-order intensity stimuli in a monotonous environment

• Job performance and stress – impacts on vigilant performance – work area design; human engineering of equipment; human acuity; human detection and attention capabilities; job analysis; training; workplace environment; quality control; morale; management support to staff.

Task 2. 4. 4 Develop, implement, and manage security staffing processes and personnel development programs in order to achieve organizational objectives describing the pre-employment background screening. CHAPTER 4: BACKGROUND INVESTIGATIONS AND PREEMPLOYMENT SCREENING, POA: Investigations, (Kindle Locations 18969 -18972) page 163 – 171 • From a legal perspective, preemployment investigations provide organizations mitigation from negligent hiring and discrimination. • A bad hiring decision imposes many costs - if a poorly chosen employee steals from the company, losses will include the value of the property or service stolen; the cost of the investigation; and the cost of recruiting, hiring, and training a replacement employee.

• Not all positions in an organization require the same level of screening. • Certain positions often merit an enhanced level of scrutiny - an organization must carefully review its position descriptions and select the appropriate level of screening. 4. 4. 5 SEVEN EASY STEPS TO A COMPREHENSIVE PREEMPLOYMENT SCREENING POLICY • The following steps can help in developing a legal, effective, and fair pre-employment screening policy: o Create clearly written , well defined job descriptions for all positions. o Assess the risk of each job classification in terms of reasonable (or foreseeable) potential for problems.

4. 4. 5 SEVEN EASY STEPS TO A COMPREHENSIVE PREEMPLOYMENT SCREENING POLICY • The following steps can help in developing a legal, effective, and fair pre-employment screening policy: o Create clearly written , well defined job descriptions for all positions. o Assess the risk of each job classification in terms of reasonable (or foreseeable) potential for problems. o Based on the preceding risk assessment, determine the scope of pre-employment screening for each job classification. o Work with human resources and legal personnel to develop an appropriate hiring packet. o Establish criteria for evaluating information. o Communicate the policy and its purpose to the workforce

o Periodically review the policy compliance. NOTE: REVIEW PREEMPLOYMENT SCREENING GUIDELINE • Factors that effect the screening program: • Build effective screening policy – criteria for collecting information o Outline the types of screening methods • Who conducts investigations? o HR o Security Dept o External contractors NOTE: REVIEW PREEMPLOYMENT SCREENING GUIDELINE • HR manages process – most visible staffing

• HR manages process – most visible staffing • Job analysis – indirect (leadership, communication skills) and direct (qualifications, job skills) requirements • Screening process (background investigations: reference checks, police checks, financial checks, verify credentials) • Personal profiling testing, drug testing, • then interview – examine the candidate’s capabilities – competencies – can they perform the requirements of job.

Task 2. 4. 5 Develop, implement, and manage security staffing processes and personnel development programs in order to achieve organizational objectives describing the principles of performance evaluations, 360 reviews, and coaching. 2. 6. 1 EVALUATIONS, POA Security Officer Operations, (Kindle Location 17096). • Evaluate the personal behaviors on the job and task performance • Two-way communications – informal every 6 mons and annually formally • If required to improve – training • 360 Review – employee provides feedback to supervisor, a process that is top-down, horizontal and vertical.

• SMART KPIs (Specific-Measurable-Achievable-Relevant. Time bound) • Regular assessment and recording of officer performance by supervisors after every post visit. • The assessment must include: o personal appearance and condition of the officer o physical condition of the post o availability and condition of all required personnel and post equipment, including the post orders o quality of officer response to training questions or situations o quality of officer response to actual situations arising at post during the visit.

• At regular intervals, the security manager can review performance and ratings to determine whether additional training or counseling is needed. • Performance evaluations should be used to ensure that staff and supervisors receive regular feedback on both positive and negative performance. • Coaching and leadership go hand in hand. • Coaching is “the process of giving motivational feedback to maintain and improve performance”. • The process should maximize the employee’s potential to the benefit of both the employee and employer.

3. 6. 5 ANALYZING JOB PERFORMANCE, POA: Security Officer Operations, • Performance appraisals are an essential part of any job. • Common criteria for a performance appraisal are task performance, overall behavior on the job, and positive and negative traits that relate to the officer’s performance. • Recommended an individual formal performance appraisal be conducted once per year, with an informal review at the six month mark. • Ensures the employee knows exactly how he or she is perceived in the eyes of management.

Task 2. 4. 8 Develop, implement, and manage security staffing processes and personnel development programs in order to achieve organizational objectives describing retention strategies and methodologies. 4. 3. 5 REDUCED TURNOVER Security Officer Operations pges 47 -49, 70; Investigations page 179) • Avoiding turnover can be achieved by well documented training programs • Reduced turnover can be achieved through training and positive employee motivation (award programs, etc) • Applying motivational theories to reduce turnover • Training cited as a high factor toward retaining employees • Poor screening program can lead to higher turnovers • Turnover calculator:

• Employee retention begins with open lines of communication designed to ensure that realistic expectations are in place for new and existing employees. • Proper orientation to the employee’s work environment followed by training about the organization’s products, services, culture, and expectations. • Turnover calculator: o Cost associated with replacing an employee (costly) Free calculator available on Internet 4. 2. 2 RETENTION AND TRANSFER, POA: Security Officer Operations; (Kindle Locations 17662 -17665). • Knowledge retention, or the amount of learning that remains with the learner over a period of time, requires reiteration.

• Having the student perform the task while listening to the instructor promotes the highest retention of information. • Continuous learning aids in both retention and the transfer or application to the job of the knowledge, skills, and abilities obtained in training. Transfer concerns the relevance of the learning to the job environment, thereby ensuring that what is learned in the classroom is put to use.

Task 2. 4. 9 Develop, implement, and manage security staffing processes and personnel development programs in order to achieve organizational objectives describing talent management and succession planning. 1. 3. 1 HUMAN RESOURCE MANAGEMENT, POA: Security Management, (Kindle Locations 1242 -1243). • HR can find and keep high-level talent for the company and leverage that talent to maximum effectiveness. • A good HR department can find and keep high-level talent for the company and leverage that talent to maximum effectiveness.

ANSI/ASIS ORM. 1 -2007 page 24

CERTIFIED PROTECTION PROFESSIONAL (CPP) Certification Examination Review Task 02/05 Monitor and ensure a sound ethical climate in accordance with regulatory requirements and the organization’s directives and standards to support and promote proper business practices October 2017 Dennis Shepp, CPP

CERTIFIED PROTECTION PROFESSIONAL (CPP) Certification Examination Review Knowledge of: 02/05/01 Good governance standards 02/05/02 Guidelines for individual and corporate behavior 02/05/03 Generally accepted ethical principles 02/05/04 Confidential information protection techniques and methods 02/05/05 Legal and regulatory compliance October 2017 Dennis Shepp, CPP

Task 2. 5. 1 Monitor and ensure a sound ethical climate in accordance with regulatory requirements and the organization’s directives and standards to support and promote proper business practices and good governance standards. CHAPTER 3 STANDARDS IN SECURITY, POA Security Management, page 33, 44 -45 • Organize committees to review and audit compliance to standards • Adopting ISO, ANSI/ASIS standards • Benefits – benchmarks, forcing organization to systematically identify risks and solutions, encourage more participants, provide tools, study standards toward enhancing orgs performance, protecting orgs reputation and brand, and helping the org coordinating its programs

Task 2. 5. 2 Monitor and ensure a sound ethical climate in accordance with regulatory requirements and the organization’s directives and standards to support and promote proper business practices describing guidelines for individual and corporate behavior. • ANSI/ASIS ORM. 1 -2007 Organizational Resilience • ANSI/ASIS CSO. 1 -2013 Chief Security Officer • ASIS GDL PBS-2009 (Pre-employment and Background Screening Guideline) • ASIS/SHRM WVPI. 1 -2011 Workplace Violence and Intervention Standard • ASIS GDL FPSM-2009 Facilities Physical Security Guideline • ASIS GDL BC. 01 2005 Business Continuity Guideline • ASIS General Risk Assessment Guideline (2003)

Task 2. 5. 3 Monitor and ensure a sound ethical climate in accordance with regulatory requirements and the organization’s directives and standards to support and promote proper business practices describing generally accepted ethical principles. CHAPTER 1 ETHICS IN THE SECURITY PROFESSION POA: Legal Issues (Kindle Locations 8915 -8916) • Business ethics rests on five core, foundational values: honesty, responsibility, respect, fairness, and compassion • Ethics is a discipline or system of moral principles governing human action and interactions. • One can ask three questions as a test for ethical conduct o Is it legal? o Is it balanced?

Ethics (continued): o How will it make me feel about myself? • Ethics as a discipline is divided into several types. o Descriptive ethics attempts to explain or describe ethical events. o Analytical ethics attempts to examine ethical concepts o Applied ethics— the type most relevant to business— is active. • Not descriptive or prescriptive • Applies ethical concepts in specific business situations. • This form of ethics makes specific judgments about right and wrong and prescribe types of behavior as ethical in the context of the activity.

• It makes claims about what should be done and what may not be done. • Business ethics is the field of ethics that examines moral controversies relating to business practices in any economic system. • It looks at various business activities and asks whether they are right or wrong.

Task 2. 5. 4 Monitor and ensure a sound ethical climate in accordance with regulatory requirements and the organization’s directives and standards to support and promote proper business practices describing confidential information protection techniques and methods. 1. 4. 1 BASIC PROTECTION PRACTISES, POA: Information Security, (Kindle Locations 12151 -12152) Pges 12, 13, 25, 90 • Classifying and marking protected information o Confidential o Restricted o Limited o Non-public

• Example, many businesses divide information in three categories: approved for external release (unrestricted access), internal (limited to employees and contractors), and confidential (limited by a specific need to know). • Using NDAs (Non-Disclosure Agreements) o Sample NDA on Pages 44 -47 • Policies and procedures concerning the handling of documents and records. • Equipment to manage sensitive information (shredders, signs, safes, containers)

• Information security countermeasures: o Detection o Recovery o Compliance 1. 4. 2 PHYSICAL SECURITY, POA: Legal Issues (Kindle Locations 12158 -12161) • IAP professionals should coordinate closely with physical security staff to harmonize protective efforts in several categories. • Layered Protection (Defense in Depth)

CERTIFIED PROTECTION PROFESSIONAL (CPP) Certification Examination Review Task 02/05 Monitor and ensure a sound ethical climate in accordance with regulatory requirements and the organization’s directives and standards to support and promote proper business practices With knowledge of: 02/05/05 Legal and regulatory compliance October 2017 Dennis Shepp, CPP

CERTIFIED PROTECTION PROFESSIONAL (CPP) Certification Examination Review Task 02/06 Provide advice and assistance to management and others in developing performance requirements and contractual terms for security vendors/suppliers October 2017 Dennis Shepp, CPP

CERTIFIED PROTECTION PROFESSIONAL (CPP) Certification Examination Review Knowledge of: 02/06/01 Key concepts in the preparation of requests for proposals and bid reviews/evaluations 02/06/02 Service Level Agreements (SLA) definition, measurement and reporting 02/06/03 Contract law, indemnification, and liability insurance principles 02/06/04 Monitoring processes to ensure that organizational needs and contractual requirements are being met October 2017 Dennis Shepp, CPP

Task 2. 6. 1 Provide advice and assistance to management and others in developing performance requirements and contractual terms for security vendors/suppliers explaining key concepts in the preparation of requests for proposals and bid reviews/evaluations. 12. 6. 2 SPECIFICATIONS, POA Physical Security, (Kindle Locations 7391 -7397). • Systems specifications match & complement the systems design in sufficient detail to achieve the following: o Final implementation reflects what was intended. o Systems specifications contain actual performance instructions and criteria for constructing systems included in the design.

o Included in the specification should be functional testing. o Drawings and plans are virtually useless unless there associated specifications detailing construction and systems performance criteria. o Drawings and plans show what is to be constructed o All the bidders get the same complete understanding of the requirements. • A security system specification should include the following: o Instructions to bidders with a list of all documents included in the contract documents o List of project references o Functional description of the complete systems design. o List of design drawings o List of description of products and services

o List of applicable codes and standards o Support services o Technical descriptions o General site conditions 12. 6. 3 Drawings • Drawings are the cornerstone of any construction project. • A picture or diagram of design intent is less likely to be misinterpreted by contractors. 12. 8 Procurement Phase • Sole source, request for proposal (RFP), and invitation for bid (IFB), with some variations

CHAPTER 5 SELECTING AND ADMINISTERING THE SECURITY SERVICES CONTRACT POA: Security Officers Operations, 5. 1. 1 RFP o Evaluate the security needs o Define scope of work o Define objectives o Timelines (POA Security Officer Ops Chapter 5, pge 108; Physical Security pge 348) • Bid Evaluation o Strict submission deadline o Proposal content o Propose submission on time – usually restrictions o Technical and commercial proposals (quality of proposal)

Task 2. 6. 2 Provide advice and assistance to management and others in developing performance requirements and contractual terms for security vendors/suppliers explaining Service Level Agreements (SLA) definition, measurement and reporting. (POA: Physical Security (Kindle Locations 8091 -8093). ASIS International. Kindle Edition) • What’s prime responsibility? What is the warranty? • 12. 12 MAINTENANCE, EVALUATION, AND REPLACEMENT. POA: Physical Security (Kindle Location 8091) Kindle Edition. • When contracting for maintenance services, the customer and the contractor should do the following: o Agree on the basis of the contract document. o Document in detail the components of the systems that are to be maintained.

• Organizations’ increasing reliance on physical protection systems, coupled with the increasing scale and complexity of these systems, requires careful consideration of maintenance requirements. (POA: Physical Security (Kindle Locations 8091 -8093). ASIS International. Kindle Edition) • When contracting for maintenance services, the customer and the contractor should do the following: o Agree on the basis of the contract document. o Document in detail the components of the systems that are to be maintained. o Set out the service levels for each component or subsystem.

o Define roles and responsibilities of the parties to the agreement. o Agree on pricing and payments. o Set out how the agreement will be managed and administered. • The customer and the contractor will jointly need to develop a support plan and the appropriate service level and response times for each component. Components whose failure has a high impact on the system require a higher level of support. • The customer should consider and specify service levels that are realistic, measurable, and in accord with the organization’s specific business needs, particularly if travel is involved.

• The costs for guaranteed response times of less than four hours can escalate rapidly due to the staff hours, travel, and equipment required. o Define roles and responsibilities of the parties to the agreement. o Agree on pricing and payments. o Set out how the agreement will be managed and administered. • The customer and the contractor will jointly need to develop a support plan and the appropriate service level and response times for each component. • Components whose failure has a high impact on the system require a higher level of support.

• The customer should consider and specify service levels that are realistic, measurable, and in accord with the organization’s specific business needs, particularly if travel is involved. • The costs for guaranteed response times of less than four hours can escalate rapidly due to the staff hours, travel, and equipment required. . • Service levels and costs depend on the location of the system in relation to the supplier and on the ability to diagnose and fix problems remotely.

• Using a remedial maintenance provider based in another city may significantly extend response times. Requiring support outside normal business hours also affects service levels and costs. • The major goal of system maintenance agreements is to ensure that the security system operates at its optimum capability with minimum downtime. • Roles and responsibilities of all of the parties providing services must be clearly defined, documented, and agreed upon with the system maintenance supplier. • Costs usually based on a scale of of fees (POA: Physical Security (Kindle Locations 8155 -8158). ASIS International. Kindle Edition. )

Task 2. 6. 3 Provide advice and assistance to management and others in developing performance requirements and contractual terms for security vendors/suppliers explaining contract law, indemnification, and liability insurance principles. POA LEGAL ISSUES 4. 2. 1 CONTRACT LAW • A contract may be defined as “an agreement between two or more persons that creates an obligation to do or not do a particular thing”. • Contracts may be express or implied, written or oral. • They may involve a single act or omission or multiple acts or omissions. • They may exist between natural persons, corporations, and partnerships, or between any of those parties and the government.

• Express contract is one whose terms and conditions have been stated in words. If a vendor promises to sell and deliver a specific model of camera at a price of $ 500 on a certain date to a buyer, and the buyer promises to buy the camera and take delivery on that date, there is an express contract between the buyer and seller. • An implied contract is one whose terms and conditions have not been stated in words but are added or supplied on theory that the parties really intended such terms and conditions. • A contract may be implied in law or implied in fact. • A contract implied in law imposes an obligation on the part of one who has obtained a benefit at the expense of another to do some act or refrain from doing something. • A contract implied in fact is based on the involved parties’ conduct, even if formal words of agreement are absent.

• It is best to avoid oral arrangements and rely on written documentation whenever possible. • Certain kinds of agreements (such as those not completed within one year or those touching on real property) will not be enforced unless in writing. • When an agreement has been reduced to writing, it generally may not be changed on the basis of oral statements. • The subject matter of a contract, oral or written, must be lawful or the alleged contract will not be enforced. • Warranties – statements by persons that state products or services rendered by them are as described when purchased. (The manufacturer or supplier, or both, agree that, for a stated period, the product will perform as described and that if, without fault by the buyer or user, it should fail to perform, it will be repaired at no cost to the buyer or user. )

POA: Legal Issues Chapter 4. 2. 1 CONTRACT LAW, Limitations of Liability (Kindle Locations 11104 -11105). • To protect against liability, insurance, security product and service vendors usually rely on specific language in the contract, service agreement, or purchase memorandum to limit their liability. • Agency – whether the actions of one persone representa another person or organization (Security Officer acting on behalf of client) • Principal/Agent Relationships: o Express agreement – employer tells agent to perform tasks or duties. o Vicarious liability - liability for the acts of another without personal fault of the one liable. o Contract between a security firm and the client company would include an indemnity or hold- harmless provision by which the security firm agrees to indemnify the company or hold it harmless from any damages arising from the security firm’s performance of its contracted tasks.

Task 2. 6. 4 Provide advice and assistance to management and others in developing performance requirements and contractual terms for security vendors/suppliers explaining monitoring processes to ensure that organizational needs and contractual requirements are being met. POA: Security Officer Operations, Chapter 5. 5 Administration of the Operating Agreement, (page 124, 125 -140) • Regularly scheduled meetings • Team inspections, client and vendors • Procedural audits – 3 rd parties – ensure compliance to agreement • Examine invoices 12. 11 TESTING AND WARRANTY ISSUES, POA: Physical Security,

12. 11 TESTING AND WARRANTY ISSUES, POA: Physical Security, (Kindle Locations 7944 -7948) • Performance testing is designed to determine whether equipment is functional, has adequate sensitivity, and will meet its design and performance objectives. • Four types of tests: o pre-delivery or factory acceptance tests o site acceptance tests o reliability or availability tests o after-acceptance tests 12. 11. 5 WARRANTY ISSUES • The contractor should be required to repair, correct, or replace any defect for a period of 12 months from the date of issue of the certificate of practical completion.

• The common time for the contractor to report to the job site to address a warranty issue is within four hours of the problem report. • Moreover, the contractor should hold a sufficient stock of spares to allow speedy repair or replacement of equipment. • Waiting for manufacturers to replace or repair equipment is not acceptable. • Will the PPS supplier provide the warranty service, or will a third party do so? • Are the service levels of the warranty service consistent with the system maintenance service levels? • If items under warranty fail, what will happen?

CERTIFIED PROTECTION PROFESSIONAL (CPP) Certification Examination Review PRACTICE EXAM QUESTIONS October 2017 Dennis Shepp, CPP

CERTIFIED PROTECTION PROFESSIONAL (CPP) Certification Examination Review When developing a performance measure for evaluating an employee, which of the following BEST describes how they should be measured: a. How well they do their current jobs and how well they contribute to the growth of the company. b. How well they perform their current jobs and how well they get along with fellow employees. c. How they perform compared to other employees. d. How well they have supported their supervisors and organizational management. October 2017 Dennis Shepp, CPP

CERTIFIED PROTECTION PROFESSIONAL (CPP) Certification Examination Review When developing a performance measure for evaluating an employee, which of the following BEST describes how they should be measured: a. How well they do their current jobs and how well they contribute to the growth of the company. b. How well they perform their current jobs and how well they get along with fellow employees. c. How they perform compared to other employees. d. How well they have supported their supervisors and organizational management. POA: Security Management; (Kindle Locations 1334 -1335). ASIS International. Kindle Edition. October 2017 Dennis Shepp, CPP

CERTIFIED PROTECTION PROFESSIONAL (CPP) Certification Examination Review After employees, which of the following is the second most valuable resource, which supports the organizational strategy? a. Company facilities b. Manufactured products c. Corporate knowledge d. Company brand October 2017 Dennis Shepp, CPP

CERTIFIED PROTECTION PROFESSIONAL (CPP) Certification Examination Review After employees, which of the following is the second most valuable resource, which supports the organizational strategy? a. Company facilities b. Manufactured products c. Corporate knowledge d. Company brand POA: Security Management; (Kindle Locations 1351 -1352). ASIS International. Kindle Edition. October 2017 Dennis Shepp, CPP

CERTIFIED PROTECTION PROFESSIONAL (CPP) Certification Examination Review Three financial reports or statements have become accepted as standard and they make it possible to paint a clear picture of a company’s current and prospective financial health. They are: a. The income statement, profit and loss and cash flow statements b. The income statement, balance sheet, and cash flow statements c. The balance sheet, profit ratio and cash flow statements d. The income sheet, profit ratio and cash flow statements October 2017 Dennis Shepp, CPP

CERTIFIED PROTECTION PROFESSIONAL (CPP) Certification Examination Review Three financial reports or statements have become accepted as standard and they make it possible to paint a clear picture of a company’s current and prospective financial health. They are: a. The income statement, profit and loss and cash flow statements b. The income statement, balance sheet, and cash flow statements c. The balance sheet, profit ratio and cash flow statements d. The income sheet, profit ratio and cash flow statements POA: Security Management; (Kindle Locations 1419 -1421). ASIS International. Kindle Edition. October 2017 Dennis Shepp, CPP

CERTIFIED PROTECTION PROFESSIONAL (CPP) Certification Examination Review Which of the following BEST describes the document that tells how much money an organization generates (revenue), how much it spends (expenses), and the difference between those figures (net income)? a. Balance sheet b. Income statement c. Expense sheet d. Cash flow statement October 2017 Dennis Shepp, CPP

CERTIFIED PROTECTION PROFESSIONAL (CPP) Certification Examination Review Which of the following BEST describes the document that tells how much money an organization generates (revenue), how much it spends (expenses), and the difference between those figures (net income)? a. Balance sheet b. Income statement c. Expense sheet d. Cash flow statement POA: Security Management; (Kindle Locations 1428 -1429). ASIS International. Kindle Edition. October 2017 Dennis Shepp, CPP

CERTIFIED PROTECTION PROFESSIONAL (CPP) Certification Examination Review assets = liabilities + shareholder equity Which of the following BEST describes what the above formula is used to develop? a. Income statement b. Balance sheet c. Cash flow statement d. Return-on-assets ratio October 2017 Dennis Shepp, CPP

CERTIFIED PROTECTION PROFESSIONAL (CPP) Certification Examination Review assets = liabilities + shareholder equity Which of the following BEST describes what the above formula is used to develop? a. Income statement b. Balance sheet c. Cash flow statement d. Return-on-assets ratio POA: Security Management; (Kindle Location 1456). ASIS International. Kindle Edition. October 2017 Dennis Shepp, CPP

CERTIFIED PROTECTION PROFESSIONAL (CPP) Certification Examination Review The practice of borrowing capital to purchase assets that can increase revenue is called which of the following? a. Leveraging b. Averaging c. Loaning d. Banking October 2017 Dennis Shepp, CPP

CERTIFIED PROTECTION PROFESSIONAL (CPP) Certification Examination Review The practice of borrowing capital to purchase assets that can increase revenue is called which of the following? a. Leveraging b. Averaging c. Loaning d. Banking POA: Security Management; (Kindle Locations 1561 -1562). ASIS International. Kindle Edition. October 2017 Dennis Shepp, CPP

CERTIFIED PROTECTION PROFESSIONAL (CPP) Certification Examination Review This examines the company’s ability to cover shortterm obligations. It is derived from the following equation: Current Assets/ Current Liabilities This BEST describes which of the following? a. Quick Ratio b. Debt to Equity Ratio c. Current Ratio d. Return on Assets Ratio October 2017 Dennis Shepp, CPP

CERTIFIED PROTECTION PROFESSIONAL (CPP) Certification Examination Review This examines the company’s ability to cover shortterm obligations. It is derived from the following equation: Current Assets/ Current Liabilities This BEST describes which of the following? a. Quick Ratio b. Debt to Equity Ratio c. Current Ratio d. Return on Assets Ratio POA: Security Management; (Kindle Locations 1590 -1592). ASIS International. Kindle Edition. October 2017 Dennis Shepp, CPP

CERTIFIED PROTECTION PROFESSIONAL (CPP) Certification Examination Review Where frontline managers, who are involved in the day-today operations of their departments or divisions, are their organizations’ best resource for realistic budget information and would set their own budget, is a process referred to as: This is called? a. Top-down budgeting b. Bottom-up budgeting c. Combination budgeting d. Zero based budgeting October 2017 Dennis Shepp, CPP

CERTIFIED PROTECTION PROFESSIONAL (CPP) Certification Examination Review Where frontline managers, who are involved in the day-today operations of their departments or divisions, are their organizations’ best resource for realistic budget information and would set their own budget, is a process referred to as: This is called? a. Top-down budgeting b. Bottom-up budgeting c. Combination budgeting d. Zero based budgeting POA: Security Management (Kindle Locations 1639 -1640). ASIS International. Kindle Edition. October 2017 Dennis Shepp, CPP

CERTIFIED PROTECTION PROFESSIONAL (CPP) Certification Examination Review If your organization shows that a US$ 1, 500, 000 investment in R&D typically returns US$ 630, 000 in revenue within five years, what is the ROI? a. 25% b. 34% c. 42% d. 66% October 2017 Dennis Shepp, CPP

CERTIFIED PROTECTION PROFESSIONAL (CPP) Certification Examination Review If your organization shows that a US$ 1, 500, 000 investment in R&D typically returns US$ 630, 000 in revenue within five years, what is the ROI? ROI = [Investment Value at End of Period/ Investment Value Beginning of Period] – 1 a. 25% b. 34% c. 42% d. 66% POA: Security Management; Legal Issues; Security Officer Operations; and Crisis Management (Kindle Locations 1666 -1667). ASIS International. Kindle Edition. October 2017 Dennis Shepp, CPP

CERTIFIED PROTECTION PROFESSIONAL (CPP) Certification Examination Review If your organization shows that a US$ 1, 500, 000 investment in R&D typically returns US$ 630, 000 in revenue within five years, what is the ROI? ROI = [( $ 1, 500, 000 + $ 630, 000)/ $ 1, 500, 000] – 1 = 42% a. 25% b. 34% c. 42% d. 66% POA: Security Management; (Kindle Locations 1666 -1667). ASIS International. Kindle Edition. October 2017 Dennis Shepp, CPP

CERTIFIED PROTECTION PROFESSIONAL (CPP) Certification Examination Review If your organization has two options: Option 1: A US$ 1, 500, 000 investment in R&D typically returns US$ 630, 000 in revenue within five years. Option 2: Reduce debt instead by making a US$ 2, 000 investment in debt reduction that would save the company US$ 772, 000 in interest payments over five years. Notwithstanding other issues, what is the BEST option based on ROI? a. Option 1 b. Option 2 c. Either option 1 or 2 d. Neither option 1 or 2 October 2017 Dennis Shepp, CPP

CERTIFIED PROTECTION PROFESSIONAL (CPP) Certification Examination Review If your organization has two options: Option 1: A US$ 1, 500, 000 investment in R&D typically returns US$ 630, 000 in revenue within five years. Option 2: Reduce debt instead by making a US$ 2, 000 investment in debt reduction that would save the company US$ 772, 000 in interest payments over five years. Notwithstanding other issues, what is the BEST option based on ROI? a. Option 1 = 42% ROI b. Option 2 = 39% ROI c. Either option 1 or 2 d. Neither option 1 or 2 October 2017 Dennis Shepp, CPP

CERTIFIED PROTECTION PROFESSIONAL (CPP) Certification Examination Review A _____ helps establish design requirements for devices, systems, and infrastructure to withstand threats. These specifications make it easier to design systems and sell equipment across borders. a. Standard b. Specification c. Assessment d. Analysis October 2017 Dennis Shepp, CPP

CERTIFIED PROTECTION PROFESSIONAL (CPP) Certification Examination Review A _____ helps establish design requirements for devices, systems, and infrastructure to withstand threats. These specifications make it easier to design systems and sell equipment across borders. a. Standard b. Specification c. Assessment d. Analysis POA: Security Management (Kindle Locations 1763 -1765). ASIS International. Kindle Edition. October 2017 Dennis Shepp, CPP

CERTIFIED PROTECTION PROFESSIONAL (CPP) Certification Examination Review This is a nongovernmental organization bringing together stakeholders from the public, private, and not-for-profit sectors. It serves as a central point where standards bodies from around the world— and the organizations that participate in them— can gather to develop standards jointly. It is called: a. ASIS International b. American National Standards Institute c. International Standards Organization d. National Fire Prevention Association October 2017 Dennis Shepp, CPP

CERTIFIED PROTECTION PROFESSIONAL (CPP) Certification Examination Review This is a nongovernmental organization bringing together stakeholders from the public, private, and not-for-profit sectors. It serves as a central point where standards bodies from around the world— and the organizations that participate in them— can gather to develop standards jointly. It is called: a. ASIS International b. American National Standards Institute c. International Standards Organization d. National Fire Prevention Association POA: Security Management; (Kindle Locations 1834 -1836). ASIS International. Kindle Edition. October 2017 Dennis Shepp, CPP

CERTIFIED PROTECTION PROFESSIONAL (CPP) Certification Examination Review The following statement is part of the PDCA Cycle for management systems: “The process is to examine the planning analysis, devise a solution, prioritize next steps, and develop a detailed action plan. The goal is to develop a plan that will be used actively to engage the organization and address problems and their causes, then implement that plan. ” What part of the PDCA Cycle is this? a. Planning b. Do c. Check d. Act October 2017 Dennis Shepp, CPP

CERTIFIED PROTECTION PROFESSIONAL (CPP) Certification Examination Review The following statement is part of the PDCA Cycle for management systems: “The process is to examine the planning analysis, devise a solution, prioritize next steps, and develop a detailed action plan. The goal is to develop a plan that will be used actively to engage the organization and address problems and their causes, then implement that plan. ” What part of the PDCA Cycle is this? a. Plan b. Do c. Check d. Act POA: Security Management; (Kindle Locations 2025 -2028). ASIS International. Kindle Edition. October 2017 Dennis Shepp, CPP

CERTIFIED PROTECTION PROFESSIONAL (CPP) Certification Examination Review Which world renown standards address quality management and customer satisfaction while meeting regulatory requirements and constantly pursuing quality improvement? : a. ISO 9000 b. ISO 14000 c. ASIS Global Standards d. ASIS Global Guidelines October 2017 Dennis Shepp, CPP

CERTIFIED PROTECTION PROFESSIONAL (CPP) Certification Examination Review Which world renown standards address quality management and customer satisfaction while meeting regulatory requirements and constantly pursuing quality improvement? : a. ISO 9000 b. ISO 14000 c. ASIS Global Standards d. ASIS Global Guidelines POA: Security Management; (Kindle Location 2042). ASIS International. Kindle Edition. October 2017 Dennis Shepp, CPP

CERTIFIED PROTECTION PROFESSIONAL (CPP) Certification Examination Review This standard was developed by technical committees in Australia, the Netherlands, and the United States as a management system standard that provides a framework for a comprehensive approach to managing the risks of a disruptive incident by addressing reduction of both likelihood and consequences. This BEST describes: a. ISO 9001: 2008 Quality Management Systems Requirements. b. ISO 14001: 2004 Environmental Management Systems. c. ANSI/ ASIS. SPC. 1: Organizational Resilience: Security, Preparedness and Continuity Management Systems— Requirements with Guidance for Use. d. ANSI/ASIS: Business Continuity Management Systems Requirements with Guidance for Use. October 2017 Dennis Shepp, CPP

CERTIFIED PROTECTION PROFESSIONAL (CPP) Certification Examination Review This standard was developed by technical committees in Australia, the Netherlands, and the United States as a management system standard that provides a framework for a comprehensive approach to managing the risks of a disruptive incident by addressing reduction of both likelihood and consequences. This BEST describes: a. ISO 9001: 2008 Quality Management Systems Requirements. b. ISO 14001: 2004 Environmental Management Systems. c. ANSI/ ASIS. SPC. 1: Organizational Resilience: Security, Preparedness and Continuity Management Systems— Requirements with Guidance for Use. d. ANSI/ASIS: Business Continuity Management Systems Requirements with Guidance for Use. POA: Security Management; (Kindle Locations 1941 -1942). ASIS International. Kindle Edition. October 2017 Dennis Shepp, CPP

CERTIFIED PROTECTION PROFESSIONAL (CPP) Certification Examination Review “This type of ethics is most relevant to business, active and applies ethical concepts in specific business situations. This form of ethics makes specific judgments about right and wrong and prescribe types of behavior as ethical in the context of the activity. It makes claims about what should be done and what may not be done. “ This is BEST described as: a. Descriptive ethics b. Analytical ethics c. Applied ethics d. Prescriptive ethics POA: Security Management; Legal Issues; Security Officer Operations; and Crisis Management (Kindle Locations 8966 -8968). ASIS International. Kindle Edition. October 2017 Dennis Shepp, CPP

CERTIFIED PROTECTION PROFESSIONAL (CPP) Certification Examination Review “This type of ethics is most relevant to business, active and applies ethical concepts in specific business situations. This form of ethics makes specific judgments about right and wrong and prescribe types of behavior as ethical in the context of the activity. It makes claims about what should be done and what may not be done. “ This is BEST described as: a. Descriptive ethics b. Analytical ethics c. Applied ethics d. Prescriptive ethics POA: Security Management; (Kindle Locations 8966 -8968). ASIS International. Kindle Edition. October 2017 Dennis Shepp, CPP

CERTIFIED PROTECTION PROFESSIONAL (CPP) Certification Examination Review In most cultures this is closest thing to a universal guideline or Golden Rule: to treat others the way one would want to be treated. This guiding principle works for both individuals and organizations. This BEST describes which of the following? a. Business ethics b. Government regulations c. Corporate law d. Civil law October 2017 Dennis Shepp, CPP

CERTIFIED PROTECTION PROFESSIONAL (CPP) Certification Examination Review In most cultures this is closest thing to a universal guideline or Golden Rule: to treat others the way one would want to be treated. This guiding principle works for both individuals and organizations. This BEST describes which of the following? a. Business ethics b. Government regulations c. Corporate law d. Civil law POA: Security Management; (Kindle Locations 9056 -9058). October 2017 Dennis Shepp, CPP

CERTIFIED PROTECTION PROFESSIONAL (CPP) Certification Examination Review Which of the following is NOT considered a problem encountered by an organization with a culture of unethical behavior? a. Decrease in company sales and stock prices b. Decrease in productivity, both organizational and personal c. Increase in risk of scandal d. Increase in communication and trust October 2017 Dennis Shepp, CPP

CERTIFIED PROTECTION PROFESSIONAL (CPP) Certification Examination Review Which of the following is NOT considered a problem encountered by an organization with a culture of unethical behavior? a. Decrease in company sales and stock prices b. Decrease in productivity, both organizational and personal c. Increase in risk of scandal d. Increase in communication and trust POA: Security Management; (Kindle Locations 9039 -9040). ASIS International. Kindle Edition. October 2017 Dennis Shepp, CPP

CERTIFIED PROTECTION PROFESSIONAL (CPP) Certification Examination Review The organization should always follow these concepts in implementing its ethics code and program: a. Have a well written code of ethical conduct b. Establish a partnership with another company with an ethics code c. Ensure the organization’s Board of Directors have signed an ethics agreement d. Make the ethics policy and program flexible to account for errors October 2017 Dennis Shepp, CPP

CERTIFIED PROTECTION PROFESSIONAL (CPP) Certification Examination Review The organization should always follow these concepts in implementing its ethics code and program: a. Have a well written code of ethical conduct b. Establish a partnership with another company with an ethics code c. Ensure the organization’s Board of Directors have signed an ethics agreement d. Make the ethics policy and program flexible to account for errors POA: Security Management; (Kindle Locations 9144 -9145). ASIS International. Kindle Edition. October 2017 Dennis Shepp, CPP

CERTIFIED PROTECTION PROFESSIONAL (CPP) Certification Examination Review Ethics problems are not confined to the business world; they can be found in almost any field of endeavor. What are three factors that psychologists indicate commonly motivate individuals to commit unethical or dishonest acts? a. Determination, access and lack of ethics b. Desire, justification and lack of ethics c. Determination, justification and lack of ethics d. Desire, rationalization, and opportunity October 2017 Dennis Shepp, CPP

CERTIFIED PROTECTION PROFESSIONAL (CPP) Certification Examination Review Ethics problems are not confined to the business world; they can be found in almost any field of endeavor. What are three factors that psychologists indicate commonly motivate individuals to commit unethical or dishonest acts? a. Determination, access and lack of ethics b. Desire, justification and lack of ethics c. Determination, justification and lack of ethics d. Desire, rationalization, and opportunity POA: Security Management; (Kindle Locations 8941 -8943). ASIS International. Kindle Edition. October 2017 Dennis Shepp, CPP

CERTIFIED PROTECTION PROFESSIONAL (CPP) Certification Examination Review Which of the following would be considered one of the GREATEST legal liabilities an organization faces with security officers? a. Lack of honesty b. Poor reputation c. Issued a deadly weapon d. Safety training October 2017 Dennis Shepp, CPP

CERTIFIED PROTECTION PROFESSIONAL (CPP) Certification Examination Review Which of the following would be considered one of the GREATEST legal liabilities an organization faces with security officers? a. Lack of honesty b. Poor reputation c. Issued a deadly weapon d. Safety training POA: Security Management (Kindle Locations 16636 -16637). ASIS International. Kindle Edition. October 2017 Dennis Shepp, CPP

CERTIFIED PROTECTION PROFESSIONAL (CPP) Certification Examination Review “The absorptive and adaptive capacity of an organization in a complex and changing environment”, is a definition for business ____. a. Contingency b. Continuity c. Resilience d. Convergence October 2017 Dennis Shepp, CPP

CERTIFIED PROTECTION PROFESSIONAL (CPP) Certification Examination Review “The absorptive and adaptive capacity of an organization in a complex and changing environment”, is a definition for business ____. a. Contingency b. Continuity c. Resilience d. Convergence ASIS Int’l, ANSI ORM Security & Resilience in Organizations and Their Supply Chains (2017), page x October 2017 Dennis Shepp, CPP

CERTIFIED PROTECTION PROFESSIONAL (CPP) Certification Examination Review “Possible source of danger or conditions (physical or operational) that have a capacity to produce a particular type of adverse effect”, is the definition for a _______. a. Risk b. Threat c. Hazard d. Disaster October 2017 Dennis Shepp, CPP

CERTIFIED PROTECTION PROFESSIONAL (CPP) Certification Examination Review “Possible source of danger or conditions (physical or operational) that have a capacity to produce a particular type of adverse effect”, is the definition for a _______. a. Risk b. Threat c. Hazard d. Disaster ASIS Int’l, ANSI ORM Security & Resilience in Organizations and Their Supply Chains (2017), page 5 October 2017 Dennis Shepp, CPP

CERTIFIED PROTECTION PROFESSIONAL (CPP) Certification Examination Review The ASIS/ANSI ORM Security & Resilience in Organizations and Their Supply Chains (2017) outlines a risk assessment process. Which of the following describes the process? a. Asset identification; risk analysis; and risk evaluation. b. Asset identification; vulnerability assessment; threat assessment; and risk evaluation. c. Threat identification; vulnerability assessment; risk analysis; and risk evaluation. d. Threat identification; vulnerability assessment; risk assessment; and risk evaluation. October 2017 Dennis Shepp, CPP

CERTIFIED PROTECTION PROFESSIONAL (CPP) Certification Examination Review The ASIS/ANSI ORM Security & Resilience in Organizations and Their Supply Chains (2017) outlines a risk assessment process. Which of the following describes the process? a. Asset identification; risk analysis; and risk evaluation. b. Asset identification; vulnerability assessment; threat assessment; and risk evaluation. c. Threat identification; vulnerability assessment; risk analysis; and risk evaluation. d. Threat identification; vulnerability assessment; risk assessment; and risk evaluation. ASIS/ANSI ORM Security & Resilience in Organizations and Their Supply Chains (2017) page 18. October 2017 Dennis Shepp, CPP

CERTIFIED PROTECTION PROFESSIONAL (CPP) Certification Examination Review The _______ plan is set out in writing by a business unit’s top leadership, not focusing on day-to-day operations but providing direction that defines and supports long-term goals. a. Operational b. Strategic c. Tactical d. Financial October 2017 Dennis Shepp, CPP

CERTIFIED PROTECTION PROFESSIONAL (CPP) Certification Examination Review The _______ plan is set out in writing by a business unit’s top leadership, not focusing on day -to-day operations but providing direction that defines and supports long-term goals. a. Operational b. Strategic c. Tactical d. Financial POA: Security Management; (Kindle Locations 1192 -1194). ASIS International. Kindle Edition. October 2017 Dennis Shepp, CPP

CERTIFIED PROTECTION PROFESSIONAL (CPP) Certification Examination Review A SWOT is often used as an assessment tool for developing an organizational strategy, SWOT stands for which of the following: a. Strategy, Weaknesses, Opportunities, Threats b. Strategy, Weaknesses, Operations, Threats c. Strengths, Weaknesses, Opportunities, Threats d. Strengths, Weaknesses, Operations, Threats October 2017 Dennis Shepp, CPP

CERTIFIED PROTECTION PROFESSIONAL (CPP) Certification Examination Review A SWOT is often used as an assessment tool for developing an organizational strategy, SWOT stands for which of the following: a. Strategy, Weaknesses, Opportunities, Threats b. Strategy, Weaknesses, Operations, Threats c. Strengths, Weaknesses, Opportunities, Threats d. Strengths, Weaknesses, Operations, Threats POA: Security Management; (Kindle Locations 1208). ASIS International. Kindle Edition. October 2017 Dennis Shepp, CPP

CERTIFIED PROTECTION PROFESSIONAL (CPP) Certification Examination Review “A specific description of where the business will be in the long-term, that conveys a general understanding of the business, its culture, and its future goals. ” This concept is BEST referred to as: a. A Mission Statement b. A Vision Statement c. A Strategic Plan d. An Organizational Strategy October 2017 Dennis Shepp, CPP

CERTIFIED PROTECTION PROFESSIONAL (CPP) Certification Examination Review “A specific description of where the business will be in the long-term, that conveys a general understanding of the business, its culture, and its future goals. ” This concept is BEST referred to as: a. A Mission Statement b. A Vision Statement c. A Strategic Plan d. An Organizational Strategy POA: Security Management; (Kindle Locations 1223 -1224). ASIS International. Kindle Edition. October 2017 Dennis Shepp, CPP

CERTIFIED PROTECTION PROFESSIONAL (CPP) Certification Examination Review “This communicates business functionality and operational methods. It specifies a business’ types of products or services, level of quality, and other tangible aspects of the business and its plans. ” is BEST referred to as: a. A Mission Statement b. A Vision Statement c. A Strategic Plan d. An Organizational Strategy October 2017 Dennis Shepp, CPP

CERTIFIED PROTECTION PROFESSIONAL (CPP) Certification Examination Review “This communicates business functionality and operational methods. It specifies a business’ types of products or services, level of quality, and other tangible aspects of the business and its plans. ” is BEST referred to as: a. A Mission Statement b. A Vision Statement c. A Strategic Plan d. An Organizational Strategy POA: Security Management; (Kindle Locations 1225 -1226). ASIS International. Kindle Edition. October 2017 Dennis Shepp, CPP

CERTIFIED PROTECTION PROFESSIONAL (CPP) Certification Examination Review “This statement includes the specific details that all involved parties can understand what needs to be done, highlighting specific goals the organization wants units to achieve. ” This BEST describes: a. Mission Statements b. Vision Statements c. Strategic Plans d. Organizational Objectives October 2017 Dennis Shepp, CPP

CERTIFIED PROTECTION PROFESSIONAL (CPP) Certification Examination Review “This statement includes the specific details that all involved parties can understand what needs to be done, highlighting specific goals the organization wants units to achieve. ” This BEST describes: a. Mission Statements b. Vision Statements c. Strategic Plans d. Organizational Objectives POA: Security Management; (Kindle Locations 1225 -1226). ASIS International. Kindle Edition. October 2017 Dennis Shepp, CPP

CERTIFIED PROTECTION PROFESSIONAL (CPP) Certification Examination Review When designing objectives or goals, they must be SMART. This acronym stands for which of the following: a. Strategic; Measurable; Accountable; Relevant; Time-bound b. Strategic; Measurable; Accountable; Relevant; Time-bound c. Specific; Measurable; Accountable; Relevant; Time-bound d. Specific; Measurable; Attainable; Relevant; Timebound October 2017 Dennis Shepp, CPP

CERTIFIED PROTECTION PROFESSIONAL (CPP) Certification Examination Review When designing objectives or goals, they must be SMART. This acronym stands for which of the following: a. Strategic; Measurable; Accountable; Relevant; Timebound b. Strategic; Measurable; Accountable; Relevant; Timebound c. Specific; Measurable; Accountable; Relevant; Timebound d. Specific; Measurable; Attainable; Relevant; Timebound POA: Security Management; (Kindle Locations 1225 -1226). ASIS International. Kindle Edition. October 2017 Dennis Shepp, CPP

CERTIFIED PROTECTION PROFESSIONAL (CPP) Certification Examination Review 2 DOMAIN October 2017 BUSINESS PRINCIPLES AND PRACTICES (13%) October 2017 Dennis Shepp, CPP