CPP Exam Prerequisites: Education and Experience Requirements

Who Qualifies: The Two Prerequisite Pathways

The Certified Protection Professional (CPP) is administered by ASIS International, and before you sit down at a Prometric testing center, ASIS requires documented proof that you have both the education and the hands-on security management experience to back up the credential. There is no shortcut around this step. Unlike some professional certifications that rely purely on examination performance, the CPP is explicitly designed for working security managers-and the eligibility requirements enforce that standard rigorously.

ASIS recognizes two distinct pathways to CPP eligibility. Understanding which one applies to you is the very first decision you need to make before spending a dollar on study materials or exam fees.

Both pathways lead to exactly the same credential with exactly the same weight in the security industry. The difference is simply the trade-off between formal education and accumulated field experience that ASIS uses to establish baseline professional competence.

What "Responsible Charge" Actually Means

Of all the prerequisite language in the CPP application, "responsible charge" trips up more candidates than any other term. It is not simply security employment. It is not performing security officer duties, writing incident reports, or monitoring access control as a line-level technician. Responsible charge means you had supervisory, managerial, or administrative authority over a security function, program, or team.

Concrete Examples of Qualifying Responsible Charge

• Managing a team of security officers, including scheduling, training, and performance evaluation
• Directing the physical security program for a facility, department, or enterprise
• Overseeing an investigations unit or loss prevention department
• Administering a corporate security budget or vendor contract
• Holding a security director, security manager, or head of physical security title with documented authority

What Does Not Qualify as Responsible Charge

• Working as a security officer, guard, or patrol officer without supervisory duties
• Performing access control or CCTV monitoring as a primary function without managing others
• IT security or cybersecurity roles unless they include direct physical security program oversight
• Law enforcement work that is not directly tied to a private or corporate security function

The 3-year responsible charge requirement applies identically under both Pathway A and Pathway B. There is no pathway that waives it. If your current role does not yet meet this threshold, your practical action is straightforward: pursue a supervisory or management position in security before submitting your application.

Breaking Down the Education Requirements

ASIS is intentionally broad about the education component. For Pathway A, the bachelor's degree does not need to be in security management, criminal justice, or any related field. A degree in business administration, engineering, psychology, or any accredited discipline satisfies the requirement. What matters is the degree level, not the major.

For Pathway B, a high school diploma or its recognized equivalent (such as a GED in the United States) is sufficient. ASIS does not require transcripts that meet any particular GPA threshold-only proof that the degree or diploma was awarded by a recognized institution.

International candidates should note that ASIS reviews educational credentials from outside the United States on a case-by-case basis. If your degree was awarded by a foreign institution, ASIS may require a credential evaluation from an approved service to confirm it is equivalent to a U.S. bachelor's degree for Pathway A purposes.

What Security Experience ASIS Will Count

The security experience requirement is broader than many candidates initially assume, but it is also more specific than a simple count of years in any security-adjacent job. ASIS defines qualifying experience as work that involves the protection of people, property, or information-the core mission areas of professional security management.

Sectors Where Experience Typically Qualifies

• Corporate and enterprise security
• Healthcare security management
• Government and critical infrastructure protection
• Retail loss prevention at a managerial level
• Event and venue security management
• Contract security company management
• Private investigations (management roles)
• Higher education campus security administration

Part-time security work can count toward your experience total, but ASIS prorates it. If you worked part-time at 20 hours per week in a qualifying security role, that period counts as half-time toward your total years. Full-time is generally defined as 32 or more hours per week.

Concurrent experience-holding two qualifying security roles simultaneously-is counted only once per time period, not doubled. ASIS counts the calendar time, not the sum of hours across multiple positions.

The Application and Verification Process

Once you have confirmed your eligibility under one of the two pathways, you submit your application through the ASIS International website. The application requires you to document each period of qualifying experience with employer name, your job title, dates of employment, a description of your duties, and a supervisor or HR contact who can verify the information.

ASIS conducts verification before approving your application. This is not a rubber stamp. Applications that contain vague or unsupported experience claims are returned or denied. Providing detailed, accurate documentation up front-even for experience from many years ago-is essential.

After ASIS approves your application, you receive an Authorization to Test (ATT) that allows you to schedule your exam through Prometric. The ATT has an expiration window, so candidates should be prepared to schedule and sit for the exam within that period. Exam fees are paid during the scheduling process: $350 for ASIS members and $550 for non-members. If you are not currently an ASIS member, it is worth calculating whether the membership cost is offset by the $200 exam fee savings-particularly if you plan to pursue CPP renewal through ASIS-affiliated CPE activities.

For a full walkthrough of what happens after you earn the credential, including the renewal cycle, see our guide on CPP Renewal Requirements: CPE Credits and Recertification.

The Exam Itself: Format, Fees, and Testing Conditions

The CPP exam consists of 200 multiple-choice questions, of which 175 are scored and 25 are unscored pretest items distributed randomly throughout the exam. You will not know which questions are pretest and which are scored-treat every question as if it counts.

The exam is strictly closed-book. No reference materials, notes, formula sheets, or personal devices are permitted in the testing room. This is in-person only at Prometric testing centers; there is no remote or online proctoring option for the CPP. The time limit is 4 hours, which works out to roughly 1 minute and 12 seconds per question. Most candidates find time management to be a real factor, particularly in the Security Principles and Practices domain where scenario-based questions require careful analysis.

Passing scores are determined using the modified Angoff method and reported as scaled scores. ASIS does not publish the exact cut score. The exam is aligned with the ASIS CPP Reference Set, which is the authoritative source material for every domain on the exam.

Ready to see how the real question format feels? Start a free CPP practice test and benchmark your readiness before you schedule at Prometric.

The Four Domains You Must Master

The CPP exam is organized into four domains. These are not arbitrary categories-they reflect the actual competencies ASIS has determined define professional security management. Your exam performance will be entirely determined by how well you understand the content within each domain.

Aligning Your Study Plan to the Prerequisites You Bring

Your background under Pathway A versus Pathway B matters beyond just eligibility-it shapes where your knowledge gaps are likely to fall. Candidates who qualify under Pathway B typically have deep operational experience but may have less formal exposure to the business principles and legal frameworks tested in Domains 2 and 3. Pathway A candidates with newer careers may have strong theoretical knowledge but less intuition on the operational and investigative content in Domains 3 and 4.

Given the domain weights, a structured approach to the CPP should allocate study time proportionally. Domain 1 alone covers nearly half the scored questions, so it deserves the most calendar time regardless of your background.

Use our CPP practice test platform throughout this timeline to benchmark your progress domain by domain. Tracking your accuracy per domain is far more useful than tracking your overall score-it tells you exactly where to reallocate study time.

Who Hires CPP-Certified Professionals

The CPP is recognized across a wide range of industries wherever physical security management is a core organizational function. Employers in the following sectors actively seek CPP-certified candidates or include the credential as a preferred or required qualification:

• Corporate enterprise security: Fortune 500 companies, financial institutions, and technology firms with global security programs
• Critical infrastructure: Energy, utilities, transportation, and telecommunications companies with regulatory security mandates
• Healthcare systems: Hospital networks and integrated health systems with complex physical security and threat assessment requirements
• Government contractors: Defense and intelligence sector contractors where credentialed security professionals are required by contract terms
• Contract security firms: Large security management companies that credential their senior management staff to differentiate service offerings
• Higher education: University campus safety and security administration positions at the director level

The CPP signals to employers that a candidate has not only passed a rigorous examination but also met stringent real-world experience requirements. That combination-verified experience plus demonstrated knowledge-is what separates the CPP from certifications that require only a passing test score.

After You Pass: Keeping the Credential Active

Earning the CPP is a three-year credential. ASIS requires 9 Continuing Professional Education (CPE) credits per year, for a total of 27 CPE credits per renewal cycle. Failing to meet this requirement results in credential lapse, meaning the credential must be re-earned by examination.

CPE activities include attending ASIS conferences and seminars, completing approved online training, publishing security research, and participating in ASIS chapter events. ASIS tracks CPE submissions through your online member account.

For full details on acceptable CPE activities, reporting deadlines, and what happens if you fall short in a given year, see our dedicated article on CPP Renewal Requirements: CPE Credits and Recertification. Planning your CPE activity early in each certification year is far easier than scrambling to accumulate credits in the final months before your renewal deadline.

Also review the detailed breakdown in CPP Exam Prerequisites: Education and Experience Requirements if you are helping a colleague assess their own eligibility-the nuances of responsible charge and part-time experience proration are frequently misunderstood.

Frequently Asked Questions