Unlocking PSP Podcast

En este episodio de Unlocking PSP en Español, exploramos el Dominio 1, Tarea 1 del programa Physical Security Professional (PSP®): el desarrollo de un Plan de Evaluación de Seguridad Física.La evaluación de la seguridad física es el punto de partida para diseñar estrategias de protección efectivas en una organización. En esta sesión analizamos cómo los profesionales de seguridad identifican activos críticos, evalúan amenazas y vulnerabilidades y determinan el nivel de exposición al riesgo.También revisamos los principales modelos de evaluación utilizados en la práctica profesional, incluyendo los enfoques Afuera–Adentro e Interior–Exterior, las evaluaciones específicas del sitio y las evaluaciones funcionales por disciplina.Además, discutimos las diferencias entre los métodos cualitativos y cuantitativos de análisis de riesgos y cómo un enfoque combinado permite tomar decisiones más informadas en el diseño de sistemas de seguridad.Este episodio está dirigido a profesionales de seguridad, consultores e integradores que desean comprender los fundamentos del Risk Assessment en el programa PSP® y fortalecer su capacidad para analizar y proteger los activos de una organización.🔐 Unlocking PSP es una iniciativa educativa independiente diseñada para ayudar a profesionales de seguridad a comprender los principios de la certificación PSP® de ASIS International y aplicarlos en el mundo real.

🎧 Security Is Not a Cost — It’s a Risk InvestmentIn this episode of Unlocking PSP, we explore a fundamental shift in how organizations should think about security. Too often, security programs are viewed simply as expenses on a budget sheet. But effective security is not a cost—it is an investment in risk reduction and organizational resilience.We discuss how security professionals can translate threats, vulnerabilities, and potential losses into a strategic conversation with leadership. By understanding concepts such as risk exposure, loss prevention, and return on security investment (ROSI), security leaders can demonstrate the real value that well-designed security programs bring to an organization.This episode explains how aligning security decisions with business risk allows organizations to move beyond reactive spending and toward strategic protection of assets, people, and operations.If you are preparing for the ASIS PSP® certification or working in physical security design, this discussion will help you frame security not as a cost center but as a risk-management investment that protects the organization’s future.🔓 Learn more about the Unlocking PSP Study Group atHiNelsonTorres.com

🔄 Domain 3 - Task 5: Monitor and Evaluate Program Throughout the System Life CycleObjective: Ensure long-term system performance through proactive maintenance and evaluation. Key Concepts:Preventative and corrective maintenanceWarranty and service agreementsSystem upgrades and replacementsProgram evaluation and reportingMaintenance of systems and hardware (e.g., preventative, corrective, upgrades, calibration, service agreements)Warranty types (e.g., manufacturer, installation, replacement parts, extended)Ongoing system training (e.g., system upgrades, manufacturer’s certification)System evaluation and replacement process

👥 Domain 3 - Task 4: Develop Requirements for Personnel Supporting the Security ProgramObjective: Define the roles, responsibilities, and expectations of security staff. Key Concepts:Security personnel management (contract vs. proprietary)Training, onboarding, and performance managementUniforms, equipment, and post ordersSecurity awareness for non-security staffRoles, responsibilities, and limitations of security personnel (including proprietary [in-house] and contract security staff)Human resource management (e.g., establishing KPIs, performance review, improvement processes, recruiting, onboarding, progressive discipline)Security personnel professional development (e.g., training, certification)General, post, and special ordersSecurity personnel's uniforms and equipmentSecurity awareness training and education for non-security personnel

🔧 Domain 3 - Task 3: Manage Implementation of Goods and ServicesObjective: Oversee the installation, configuration, and integration of security systems. Key Concepts:Installation and inspection methodsSystem integration proceduresPunch lists and final acceptanceEnd-user training requirementsInstallation and inspection techniquesSystems integrationsCommissioningInstallation problem resolution (e.g., punch lists)Systems configuration management (e.g., as-built drawings)Final acceptance testing criteria (e.g., system acceptance testing, factory acceptance testing)End-user training requirements

🛒 Domain 3 - Task 2: Develop a Procurement Plan for Goods and ServicesObjective: Establish structured procurement processes for security projects. Key Concepts:Vendor evaluation and due diligenceContract requirementsProcurement best practicesProject management considerationsVendor evaluation and selection (e.g., interviews, due diligence, reference checks)Project management functions and processesProcurement process

📝 Domain 3 - Task 1: Outline Criteria for Pre-Bid MeetingObjective: Prepare and plan for vendor engagement and bidding processes.Key Concepts:Bid package types (RFP, RFQ, IFB)Pre-bid meeting requirementsCriteria for bid evaluationEthics in procurementBid process (e.g., site visits, RFI, substitution requests, pre-bid meeting)Bid package types (e.g., RFP, RFQ, IFB, sole source)Bid package components (e.g., project timelines, costs, personnel, documentation, scope of work)Criteria for evaluation of bids (e.g., cost, experience, scheduling, certification, resources)Technical compliance criteriaEthics in contracting

🗂️ Domain 2 - Task 3: Design Physical Security Systems and Project DocumentationObjective: Translate concepts into technical designs and actionable plans. Key Concepts:Project design phases: conceptual, schematic, and constructionEngineering documents, drawings, and specificationsSystems integration: software, hardware, human capitalScheduling, cost estimates, and value engineeringDesign phases (e.g., pre-design, schematic development, construction, documentation)Design elements (e.g., calculations, drawings, specifications, review, technical data)Construction specification standards (e.g., Construction Specifications Institute, Owner’s equipment standards, American Institute of Architects (AIA) MasterSpec)Systems integrationProject management conceptsScheduling (e.g., Gantt charts, PERT charts, milestones, objectives)Cost estimation and cost-benefit analysis of design options (e.g., value engineering)

🛠️ Domain 2 - Task 2: Identify and Implement Appropriate Physical Security Countermeasures (Part 2)Objective: Choose the right mix of security layers for risk-based protection. Key Concepts:Structural measures (locks, barriers, lighting)Electronic systems (access control, CCTV, intrusion detection)CPTED principles and visitor managementScreening procedures, data storage, and network infrastructure Principles of data storage and management (e.g., cloud, on-premises, redundancy, retention, user permissions, personally identifiable information, regulatory requirements)Principles of network infrastructure and physical network security (e.g., token ring, LAN/WAN, VPN, DHCP vs. static, TCP/IP)Security audio communications (e.g., radio, telephone, intercom, IP audio)Systems monitoring and display (e.g., control centers/consoles, central monitoring station)Primary and backup power sources (e.g., grid, battery, UPS, generators, alternative/renewable)Signal and data transmission methods (e.g., copper, fiber, wireless)Visitor and vendor management policies

🛠️ Domain 2 - Task 2: Determine Appropriate Physical Security Countermeasures (Part 1)Objective: Choose the right mix of security layers for risk-based protection. Key Concepts:Structural measures (locks, barriers, lighting)Electronic systems (access control, CCTV, intrusion detection)CPTED principles and visitor managementScreening procedures, data storage, and network infrastructure Structural security measures (e.g., barriers, lighting, locks, blast mitigation, ballistic protection)Crime prevention through environmental design (CPTED)Electronic security systems (e.g., access control, video surveillance, intrusion detection)Security staffing (e.g., officers, technicians, management, administration)Personnel, package, and vehicle screeningEmergency notification systems (e.g., mass notifications, public address, two-way intercom)

🧩 Domain 2 - Task 1: Operational, Functional, and Performance Requirements (Part 2)Objective: Set the foundation for security system design and performance. Key Concepts:Regulations, codes, and standards (e.g., NFPA, CPTED)Performance, operational, and functional requirementsIntegration of risk analysis resultsSuccess metrics and fault toleranceOperational requirements (e.g., policies, procedures, staffing)Functional requirements (e.g., system capabilities, features, fault tolerance)Performance requirements (e.g., technical capability, systems design capacities)Success metrics

🧩 Domain 2 - Task 1: Establish Security Program Performance Requirements (Part 1)Objective: Set the foundation for security system design and performance. Key Concepts:Regulations, codes, and standards (e.g., NFPA, CPTED)Performance, operational, and functional requirementsIntegration of risk analysis resultsSuccess metrics and fault toleranceDesign constraints (e.g., regulations, budget, materials, system compatibilityIncorporation of risk analysis results in designRelevant security terminologyKey security design concepts (e.g., CPTED, defense-in-depth, 4 Ds)Applicable codes, standards, and guidelines

🧩 Domain 1 - Task 5: Perform a Risk Analysis to Develop Countermeasures (Part 2)Objective: Translate findings into actionable risk mitigation strategies. Key Concepts:Qualitative and quantitative risk analysisCost-benefit evaluationsRegulatory and legal considerationsLoss event profile analyses (e.g., consequences)Appropriate countermeasures related to specific risksCost-benefit analysis (e.g., return on investment (ROI), total cost of ownership)Legal and regulatory considerations related to various countermeasures/security applications (e.g., video surveillance, privacy issues, personally identifiable information, life safety)

🧩 Domain 1 - Task 5: Perform a Risk Analysis to Develop Countermeasures (Part 1)Objective: Translate findings into actionable risk mitigation strategies. Key Concepts:Qualitative and quantitative risk analysisCost-benefit evaluationsRegulatory and legal considerationsRisk analysis strategies and methodsRisk management principlesAnalysis and interpretation of collected dataThreat/hazard and vulnerability identification

🕳️ Domain 1 - Task 4: Conduct an Assessment to Identify and Quantify VulnerabilitiesObjective: Discover the gaps in current protection measures. Key Concepts:Security surveys and interviewsEvaluation of existing controlsEnvironmental and architectural vulnerabilitiesRelevant data and methods for collection (e.g., security survey, interviews, incident reports, crime statistics, personnel issues,issues experienced by other similar organizations)Effectiveness of current security technologies/equipment, personnel, and proceduresInterpretation of building plans, drawings, and schematicsApplicable standards/regulations/codes and where to find themEnvironmental factors and conditions (e.g., facility location, architectural barriers, lighting, entrances) that impact physical security

⚠️ Domain 1 - Task 3: Assess the Nature of the Threats and Hazards Objective: Learn to evaluate internal and external threat vectors. Key Concepts:Threat types: natural, criminal, cyber, socio-politicalLikelihood and severity metricsEnvironmental and regional risk influencers The nature, types, severity, and likelihood of threats and hazards (e.g., natural disasters, cyber, criminal events, terrorism, socio-political, cultural)Operating environment (e.g., geography, socioeconomic environment, criminal activity, existing security countermeasures, security risk level)The potential impact of external organizations (e.g., competitors, organizations in immediate proximity) on the facility's security programOther internal and external factors (e.g., legal, loss of reputation, economic, supply chain) and their impact on the facility's security program

🛡️Domain 1 - Task 2: Identify Assets to Determine Their Value, Criticality, and Loss Impact Objective: Understand what you're protecting—and why it matters. Key Concepts:Asset classification (tangible vs. intangible)Asset valuation methodsImpact analysis for loss scenariosDefinitions and terminology related to assets, value, loss impact, and criticalityThe nature and types of assets (tangible and intangible)How to determine the value for various types of assets and business operations

🔍 Domain 1 - Task 1: Develop a Physical Security Assessment PlanObjective: Learn how to plan assessments to identify and protect key assets. Key Concepts:Site-specific risk modelsFunctional vs. threat-based approachesAssessment resources and stakeholdersKey area or critical asset identificationRisk assessment models and considerations (e.g., inside-outward, outside-inward, site-specific risk assessment, functional approach)Qualitative and quantitative assessment methodsTypes of resources & guidelines needed for the assessment (e.g., stakeholders, budget, equipment, policies, standards)