Physical Security Surveys, Gap Analysis & PPS Design
Key Takeaways
- A physical security survey combines document review, checklist-based inspection, onsite verification, and stakeholder interviews, since no single technique alone catches informal operational workarounds.
- Gap analysis compares the protection level an asset should have, based on its risk ranking, against the protection it actually has today, expressed as a specific missing or underperforming control.
- The Physical Protection System (PPS) sequences five functions: deter, detect, delay, respond, and assess.
- "Detection before delay" means delay measures only protect an asset if detection has already occurred, because delay alone cannot slow an adversary who was never noticed.
- Building plans must be verified against as-built conditions during a survey, since renovations routinely outpace drawing updates.
The Physical Security Survey
A physical security survey -- also called a security assessment or vulnerability survey -- is the CPP candidate's core diagnostic tool: a systematic, documented examination of a facility's assets, existing countermeasures, and exposure to loss. The survey answers three questions: what needs protecting, what protects it today, and where the gap lies between the two. A competent survey blends four complementary techniques, because relying on any single one produces a paper-accurate but operationally blind result.
Survey Techniques
- Document review -- incident reports, prior audit findings, insurance loss runs, post orders, alarm and access logs, and existing policies are reviewed before anyone walks the site. These records reveal patterns -- recurring loss locations, chronic false alarms, unresolved prior findings -- that a single site visit will miss.
- Checklist-based survey -- a structured instrument, often built from ASIS or facility-specific standards, walks the surveyor through every protection layer (perimeter, exterior, building envelope, interior, and critical assets) so nothing is skipped by memory alone.
- Onsite physical inspection -- the surveyor physically tests what the paperwork claims: tries doors that "should" be locked, times response to a propped-door alarm, checks camera fields of view against posted assignment sheets, and walks the perimeter at night as well as day.
- Stakeholder interviews -- facilities staff, security officers, tenants, and department heads are interviewed because they know the informal workarounds (propped fire doors, shared badges, disabled sensors) that no document, checklist, or drawing captures.
Building Plans and Site Documentation
Before or during the survey, the practitioner obtains current building plans, floor drawings, site plans, and utility and mechanical schematics. These identify sightlines, chokepoints, adjacent occupancies, fire-egress paths that double as unmonitored exits, and buried utility runs that could be used to bypass perimeter detection. Plans must be verified against as-built conditions -- renovations routinely outpace drawing updates, and any discrepancy between the drawing and the physical site is itself a survey finding worth documenting.
From Survey to Risk Assessment and Gap Analysis
The survey's raw findings feed the risk assessment: each identified vulnerability is paired with the threats that could exploit it and the criticality of the asset exposed, producing a prioritized list of exposures (see Chapter 1 for the underlying quantitative/qualitative risk-assessment methodology). Gap analysis is the narrower, PPS-specific step that follows: for each critical asset, the practitioner compares the protection level the asset should have -- based on its risk ranking -- against the protection it actually has today. The gap is the delta between those two states, expressed as a specific missing or underperforming control rather than a vague "needs more security." A well-written gap finding names the layer affected (perimeter, access control, detection, response), the specific deficiency, and the risk the gap leaves open.
Fundamentals of Security System Design
Gap-analysis findings are the direct input to designing or redesigning the Physical Protection System (PPS) -- the integrated combination of people, procedures, and equipment that protects an asset. Sound PPS design follows defense-in-depth: protection is layered so that no single failure exposes the asset, and each layer buys time or information for the layer behind it. The design is organized around five sequential PPS functions:
| PPS Function | Purpose | Example Measures |
|---|---|---|
| Deter | Discourage an attempt before it starts | Visible fencing, lighting, signage, patrols |
| Detect | Sense that an intrusion is occurring or has occurred | Sensors, CCTV, security officers, alarms |
| Delay | Slow the adversary's progress toward the asset | Barriers, locks, hardened doors, mantraps |
| Respond | Interrupt or neutralize the adversary in time | Officer dispatch, law enforcement, lockdown procedures |
| Assess | Verify whether a detected event is a real threat | Video verification, officer dispatch to confirm an alarm |
The Deter-Detect-Delay-Respond-Assess Model and "Detection Before Delay"
This five-function model is the organizing theory behind nearly every physical-security design decision tested on the CPP exam. The critical design rule -- and a favorite exam distinction -- is detection before delay: delay measures only protect an asset if detection has already occurred, because delay alone merely slows an adversary who was never noticed in the first place. A vault door rated for thirty minutes of forced-entry resistance provides no real protection if no one knows an attack is underway; the response force needs the full delay time available to arrive, and that clock only starts once detection -- and assessment confirming the event is genuine, not a nuisance alarm -- has occurred. Consequently, PPS designers push detection as far out (early) in the sequence as possible, ideally at the perimeter, so the delay layers behind it have the maximum time to work and the response force has the maximum time to react before the adversary reaches the target. A PPS with strong delay but weak or absent detection is a common, and commonly tested, design failure.
Applying the Framework
On the exam, a physical-security scenario question typically describes a facility with a specific control already in place and asks the candidate to identify the missing function, the survey technique that would have caught a described gap, or the correct sequence of the PPS model. The consistent principle across all of these variations is that protection is a system of functions working in sequence, not a collection of independent devices.
A facility installs a vault door rated to resist forced entry for 30 minutes, but the vault has no intrusion sensor, so break-ins are discovered only the next morning. Which physical security design principle has been violated?
During a physical security survey, which technique is most likely to reveal that staff routinely prop open a fire-rated delivery door -- a practice documented nowhere?