Skip Navigation LinksASIS International / Membership / Library (IRC) / Security Glossary

Security Glossary - A

​This glossary has been created to assist security professionals in defining security terms commonly used by the profession and the industry, worldwide. It is a developing list that will be maintained, and where appropriate, modified, and changed over time. Terms borrowed from related fields, such as engineering, investigations, safety, etc. will be included when deemed necessary for the security professional. Security terms are compiled from all ASIS Standards and Guidelines "definitions" or "terminology" sections.

It is not our goal to publish this glossary in print since it is intended to be a current online reference (here, on the ASIS website) to serve the security professional on an ongoing basis.


The definition's source is cited in brackets [ ] following the definition. View the key to all cited reference sources.

A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z

acceptable documentation

​Original, or certified copies of original, records providing evidence of a fact or an event that have been deemed authoritative, acceptable, and reciprocal by law, tradition, or practice by a governmental or industrial body or company.  Such authoritative documentation may be in physical or electronic form.​ 
[ASIS GDL PBSS-2015]​ 

acceptable downtime

​Maximum elapsed time between a disruption and restoration of needed operational capacity or capability.
[ASIS SPC.1-2009]

access control

The control of persons, vehicles, and materials through the implementation of security measures for a protected area.
[ASIS GDL FPSM-2009]  [ANSI/ASIS PAP.1-2012]


​Third-party attestation related to a conformity assessment body conveying formal demonstration of its competence to carry out specific conformity assessment tasks.
[ANSI/ASIS PSC.2-2012]

accreditation body

​Authoritative body that performs accreditation.
Note: The authority of an accreditation body is generally derived from government.
[ANSI/ASIS PSC.2-2012]


​A lawsuit brought in court.
[ANSI/ASIS INV.1-2015]


​A matter which may be subject to legal or administrative action or intervention.
[ANSI/ASIS INV.1-2015]


​Process or set of processes undertaken by an organization (or on its behalf) that produces or supports one or more products or services. Note: Examples of such processes include accounting, call center, information services, manufacturing, distribution, and other services.
[ASIS/BSI BCM.01-2010]


​The legal authority permitting the entry of evidence into a legal proceeding.
[ANSI/ASIS INV.1-2015]


​Evidence which may be formally considered in a legal proceeding.
[ANSI/ASIS INV.1-2015]


The simple admission to the commission of an offense, work rule or policy violation, or violation of the law. Differs from a confession in that it may or may not contain all of the elements of the offense or crime in question.
​[ANSI/ASIS INV.1-2015]

adverse action

​In the context of background checks for employment, adverse action as stated in the [Fair Credit Reporting Act] FCRA, is “a denial of employment or any other decision for employment purposes that adversely affects any current or prospective employee.” Adverse action is more than the denial of a job to an applicant or volunteer. It can also be the denial of a promotion or a change in job duties, location, hours, or title; anything that is considered unfavorable by the employee, applicant, or volunteer.

adverse action notice

​This notice—which can be delivered orally, in writing, or electronically—is required in order to inform the consumer (job applicant, employee, or volunteer) that adverse action has been taken. The notice is required when the adverse action is, in whole or in part, a result of the consumer report provided by a consumer reporting agency.  A letter or other notice informing the job applicant he or she has been denied employment is necessary when using the services of a consumer reporting agency and the employer is making an adverse employment decision on the basis of the consumer report provided by the consumer reporting agency. The notice must include:

  • The name, address, and phone number of the Consumer Reporting Agency (CRA) that supplied the report;
  • A statement that the CRA that supplied the report did not make the decision to take the adverse action and cannot give specific reasons for it; and
  • A notice of the individual's right to dispute the accuracy or completeness of any information the agency furnished, and his or her right to an additional free consumer report from the agency upon request within 60 days.

The Adverse Action Notice must be preceded by a ‘Pre-Adverse Action Notice.’ 


​Fiduciary relationship between two parties in which one (Agent) is under the control of (is obligated to) the other (Principal).
Note 1:  The agent is authorized by the principal to perform certain acts, for and on behalf of the principal.
Note 2:  The Principal is the person from whom an agent's authority derives.
[ANSI/ASIS INV.1-2015]

alarm system

A combination of sensors, controls, and annunciators (devices that announce an alarm via sound, light, or other means) arranged to detect and report an intrusion or other emergency.
[ASIS GDL FPSM-2009]  [ANSI/ASIS PAP.1-2012]

alternate worksite

A work location, other than the primary location, to be used when the primary location is not accessible.     
[ASIS GDL BC 01 2005]

antivirus software

​programs to detect and remove computer viruses.
[ASIS GDL TASR 042008]


​An application to a higher court to correct or modify a judgment rendered by a lower court.
[ANSI/ASIS INV.1-2015]


A private security officer who is equipped with or has access to a  weapon (firearm), such as a pistol or rifle, from which a shot can be discharged.

armored car company

A company which, for itself or under contract with another, transports currency, securities, valuables, jewelry, food stamps, or any other item that requires secured and insured delivery from one place to another with armed personnel.

armored car personnel

An armed employee of an armored car company who is engaged exclusively by that company and is liable for the safe transportation, care, and custody of valuables.


(1) The taking or keeping of a person in custody by legal authority, especially in response to a criminal charge; specifically, the apprehension of someone for the purpose of securing the administration of the law, especially if bringing that person before a court.

(2) The taking of a person into custody in a manner provided by law for the purpose of detention in order to answer a criminal charge or civil demand.
[ANSI/ASIS INV.1-2015] ​


​(1) Anything that has tangible or intangible value to the organization.
[ANSI/ASIS PAP.1-2012]

(2) Anything that has tangible or intangible value to the organization.
Note 1:  Tangible assets include human (in Standard ANSI/ASIS PSC.1-2012 considered the most valued), physical, and environmental assets.
Note 2: Intangible assets include information, brand, and reputation.
[ANSI/ASIS PSC.1-2012]

(3) Anything that has tangible or intangible value to the organization.
Note 1: Tangible assets include human, physical, and environmental assets.
Note 2: Intangible assets include information, intellectual property, brand, and reputation.


Any real or personal property, tangible or intangible, that a company or individual owns, that can be given or assigned a monetary value. Intangible property includes things such as goodwill, proprietary information, and related property. 
[ASIS GDL GLCO 01 012003]


​Issue of a statement, based on a decision following review, that fulfillment of specified requirements has been demonstrated.
Note: The resulting statement, referred to in International Standard ANSI/ASIS PSC.2-2012 as a statement of conformity, conveys the assurance that the specified requirements have been fulfilled. Such an assurance does not, of itself, afford contractual or other legal guarantees.
[ANSI/ASIS PSC.2-2012]

attorney work product

​Evidence which a party to a lawsuit does not have to reveal during the discovery process because it represents the thought process and strategy of the opposing attorney giving legal advice.
[ANSI/ASIS INV.1-2015]


(1) ​Systematic, independent, and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which the audit criteria are fulfilled.

  • Note 1:  Internal audits, sometimes called first party audits, are conducted by the organization itself, or on its behalf, for management review and other internal purposes (e.g., to confirm the effectiveness of the management system or to obtain information for improvement of the management system). Internal audits may form the basis for an organization’s self-declaration of conformity. In many cases, particularly in small organizations, independence can be demonstrated by the freedom from responsibility for the activity being audited or freedom from bias and conflict of interest.
  • ​Note 2:  External audits include second and third party audits. Second party audits are conducted by parties having an interest in the organization, such as customers, or by other persons on their behalf. Third party audits are conducted by independent auditing organizations, such as regulators or those providing registration or certification. 
[ANSI/ASIS PSC.1-2012]  [ANSI/ASIS PSC.2-2012]

(2) Systematic, independent, objective, and documented process for obtaining, examining, verifying, and evaluating information relative to a set of criteria.

audit conclusion

​Outcome of an audit after consideration of the audit objectives and all audit findings.
[ANSI/ASIS PSC.2-2012]

audit criteria

​Set of policies, procedures, or requirements used as a reference against which audit evidence is compared.
[ANSI/ASIS PSC.2-2012]

audit evidence

​Records, statements of fact, or other information which are relevant to the audit criteria and verifiable.
Note: Audit evidence can be qualitative or quantitative.
[ANSI/ASIS PSC.2-2012]

audit findings

​Results of the evaluation of the collected audit evidence against audit criteria.
Note 1: Audit findings indicate conformity or nonconformity.
Note 2: Audit findings can lead to the identification of opportunities for improvement or recording good practices.
Note 3: If the audit criteria are selected from legal or other requirements, the audit finding is termed compliance or non-compliance.
[ANSI/ASIS PSC.2-2012]


(1) - Person with competence to conduct an audit.
[ASIS SPC.1-2009]  [ANSI/ASIS PAP.1-2012]

(2) - Person with the personal attributes and competence to conduct an audit.
[ANSI/ASIS PSC.1-2012]​

authoritative source

​An entity recognized as having original jurisdiction and/or authority to state and/or certify certain facts.