The ISP® Certification requirements include “at least two years’ experience in industrial security” and “Candidates must be working in security at least part time as part of their job description (a minimum of 10% of hours worked). What is the purpose of these requirements?
The ISP® Certification is intended to recognize a journeyman security professional. Book
knowledge alone is not enough. Certification candidates must have “seasoning” as well. We
recognize that many security professionals have other duties as well, which is why we only
require a minimum of 10% of the work effort be in industrial security.
I had two years of loss protection (anti-shoplifting) for a retail chain before recently getting my first job for a government contractor. Does the anti-shoplifting time – after all, it’s really part
of physical security – count?
No. Both years must come from providing security to government classified information.
I haven’t worked in industrial security for two years yet, but I had similar duties within the military (active, reserve, guard). Does that count?
Maybe. The ISP® Certification Subcommittee will review your resume and advise you of the
results.
I’m not sure if my experience counts. Can I get an “advisory” evaluation of it?
Yes. Send your resume to NCMS National Headquarters (kyle@mmco1.com) and request it be
evaluated by the ISP® Certification Co-Chairs. We will review it, make a recommendation to
the ISP® Chair, and NCMS HQ will advise you of the results of the review.
Must the resume be one page or less? Any tips on preparing it?
NCMS does have a resume template for submission of experience. Longer resumes are acceptable; in many cases they are strongly encouraged. Your resume is where you demonstrate that you have two years’ industrial security experience. It should include enough details so that a reader can appreciate what you did. For example, if you are/were a part time security person for some of that time, clearly state what percentage of your time (at least 10%) was in industrial security. If you were in the military (active duty, reserves, or guard), explain the tasks you performed in enough detail so they can be evaluated.
Any tips on filling out the ISP® exam application?
Yes. Fill it out completely, answering all questions. Sign it. Include the supervisor’s letter of
recommendation, your resume, your signed CCOI, and your payment.
Any tips for preparing a draft letter of recommendation to give my boss to sign?
Some supervisors submit one-page letters; others write for several pages about how outstanding
the candidate is. One-paragraph letters are fine as long as the writer covers these points: (1)
identifies himself/herself as the candidate’s supervisor; (2) verifies the applicant’s claim of two
years of industrial security experience as claimed in the resume/application; (3) verifies the
candidate is of good character (no undisclosed arrests, drug abuse, etc.); and (4) recommends the applicant for ISP® certification.
I haven’t worked for my supervisor for two years because either I’m new or he/she is. Must I wait until we have that long of a relationship?
No. Your supervisor can review your application or your personnel file to verify your
experience.
I work for a non-possessing facility. Although my employees and I have security clearances, we
access all our classified information/documents at our government or prime contractor facility.
Does this experience count?
Yes.
I used to work in security but am currently unemployed (or employed in non-security duties). The ISP® certification would help me get a security job. Can I test now?
Yes, you can, as long as you have two years’ cumulative industrial security experience that
qualifies. If you have any questions about whether your experience counts, see question #4
above.
I don’t have two years of experience in security yet. Can I test now?
No. You can start preparing for the exam any time you want. However, you cannot take the test
until you have the required two years of experience.
Must the ISP® application form be received at NCMS Headquarters 30 days before I take the exam? I’d like to test sooner than that.
Yes. Thirty days is the minimum. If your application is incomplete in some way (not signed,
information missing, payment not included), the 30-day processing time will not begin until the
deficiencies are remedied.
Several of us have been studying together. Can we test together?
Yes, but each candidate must make his or her own appointment with a Prometric test center, and
requests are subject to availability at the center.
I’ve seen you announce the names of people who pass the ISP® exam. Do you publicize the names of people who fail? After all, I don’t want my embarrassment at failing to be public.
No. We only announce the names of people who pass the exam.
Do people who take the exam a second time usually pass?
It depends on whether they have honestly assessed their reasons they failed in the first place and remedied these shortcomings.
Has anyone ever passed on the third (or subsequent) test?
Yes. We have ISP®s that passed on the second and third test attempt.
What are the mechanics if you set a time and place to test and cannot make it because of
illness? Work? Other reasons.
If you will still test during your original approval window (one year from original approval) and
the information on your application is still current, work out a new date/time with your testing
facility, and notify NCMS Headquarters (kyle@mmco1.com). If something on the application
has changed, send an amended package to NCMS HQ along with your rescheduled test plan.
What if I’m outside the 1-year window but didn’t take the test?
Send a new application to NCMS Headquarters (kyle@mmco1.com) and explain your plans. The
money you paid originally will be applied to your fee at that time. Assuming the test fee and your
membership status haven’t changed, there will be no additional fee.
What if I didn’t pass the exam on my first attempt?
If you fail, you can retest after a waiting period of thirty days, with a maximum number of
attempts limited to four times within a 12-month period. Two possibilities apply: If you are still
within the 1-year window following original approval, you can submit an application to retest,
and you do not need to upload your collateral material. If you are outside the 1-year window, you
must submit updated collateral materials with your application to retest.
What other professional security certifications are out there? Why should I choose the ISP® rather than one of them?
The certification you choose should most closely match the needs of your company and your
firm’s customers. The ISP® is a unique certification for contractor and government security
professionals who work within the U.S. National Industrial Security Program (NISP). The ISP®
awards professional certification and recognition to qualified candidates who demonstrate the
knowledge, skills, and abilities their profession demands, and is primarily based on the National
Industrial Security Program Operating Manual (NISPOM).
Here is how the ISP® compares to the most prominent other security certifications:
ISP® (Industrial Security Professional). Developed by NCMS to meet the specific needs of
contractor personnel who perform Industrial Security for the US government as specified by the
National Industrial Security Program (NISP) and other government security-related requirement
documents. All government agencies that deal with classified information must follow the NISP:
DOD, DOE, NRC, CIA, DNI, etc.
SPēD (Security Professional Education Development). The SPēD Certification Program is part
of the Department of Defense’s (DoD) initiative to professionalize the government security
workforce. SPēD has five levels: SFPC (Security Fundamentals Professional Certification),
SAPPC (Security Asset Protection Professional), SPIPC (Security Program Integration &
Professional Certification), SEPC (Security Enterprise Professional Certification), and Physical
Security. Additionally, there are other SPēD Certifications for Special Access Programs (SAP)
and Personnel Security Investigations Adjudications. SPēD is also open to employees of DoD
contractors. It is not based on the NISP Operating Manual like the ISP® is.
CISSP (Certified Information Systems Security Professional). This certification targets
information systems/information technology professionals with two years of full-time experience
in at least two of the 10 domains that are part of the “common body of knowledge.” These
include the Operations Security, Business Continuity and Disaster Recovery, Legal, Regulations,
Investigations, and Physical Security. Typically, it appeals to Information Systems Security
Managers (ISSMs), Officers (ISSOs) and security generalists.
CPP (Certified Protection Professional). The CPP targets professionals who can effectively
manage complex security issues for corporations, governments, and public and private
institutions. This certification tests an individual’s skills in eight broad subjects – security
principles & practices, business principles & practices, legal aspects, personnel security, physical
security, information security, crisis management, and investigations.
What about having more than one certification? Is that allowed?
Of course! If you believe that more than one certification fits your needs, pursue multiple ones.
Go for it!