IPSRM™
Frequently Asked Questions
Everything you need to know about purchasing, using, and deploying IPSRM™. If your question is not answered here, use the Contact page and we will respond within two working days.
Please note: IPSRM™ is currently undergoing a controlled editorial and publication refinement process ahead of broader release. During this period, direct self-service purchasing has been temporarily paused while the methodology suite, supporting documentation and practitioner ecosystem are aligned to final publication standard.
Enquiries and expressions of interest remain welcome.
Licensing and Use
Can I use IPSRM™ in my own client work?
Yes. Both the Practitioner Licence and the Professional Licence grant the right to deploy IPSRM™ in professional practice and to describe your assessments as IPSRM™-based in proposals, engagement letters, and client-facing outputs.
The Practitioner Licence covers the complete methodology and the licence and professional conduct framework — everything you need to conduct structured, evidenced assessments commercially. The Professional Licence adds the full commercial and legal infrastructure: engagement terms, clause bank, scoping framework, proposal language, and supplementary client-facing instruments. Most independent consultants deploying IPSRM™ commercially will benefit from the Professional Licence.
Can I white-label the reports and templates?
Yes — IPSRM™ must be acknowledged. The Executive Report Template and client-facing documents are designed to be completed on your own letterhead, so the report your client receives carries your professional branding as the delivering consultant. The methodology itself — IPSRM™ — must be identified as the governing framework within the report. You cannot present IPSRM™ as your own proprietary methodology or remove the trademark from the framework. The distinction is between your professional brand, which is yours, and the methodology brand, which is ours. Both are present; neither is concealed.
Do I have to reference IPSRM™ in my reports?
Yes, but proportionately. The Branding and Attribution Guidance (P09), included in both licences, sets out exactly what is required. In practice it amounts to a brief methodology statement within the report — identifying IPSRM™ as the governing assessment methodology and version. It is not a prominent disclosure; it is a professional attribution, comparable to referencing the standard or framework underpinning any other professional assessment.
Is there an organisational licence?
Yes. For security consultancies, in-house security teams, and organisations deploying IPSRM™ across multiple practitioners, organisational licences are available by arrangement. An organisational licence covers multiple named practitioners under a single agreement, with terms structured to reflect the scale and nature of the deployment. Pricing is discussed directly. Contact stephen@ipsrm.org to discuss.
Does IPSRM™ support Martyn's Law compliance?
Martyn's Law — the Terrorism (Protection of Premises) Act 2025 — requires Enhanced tier premises to conduct a terrorism protection assessment and produce a documented security plan. IPSRM™ provides the structured assessment methodology within which that requirement can be met rigorously and documented in a governance-ready format.
Domain 1 of the Six-Domain Architecture — Strategic Threat Context — establishes the credible threat profile that Martyn's Law requires Enhanced tier venues to address. The remaining five domains evaluate the physical and operational controls against that threat context. The Executive Report provides the documented output.
IPSRM™ is a broad physical security assessment methodology, not a Martyn's Law-specific compliance tool. Practitioners using IPSRM™ with Enhanced tier venues should ensure their Domain 1 assessment specifically addresses the terrorism threat drivers relevant to that venue. Used in this way, IPSRM™ provides the structured evidential foundation that Martyn's Law compliance requires.
The Products
What is the difference between the Practitioner Licence and the Professional Licence?
Both licences grant the right to deploy the full IPSRM™ methodology commercially and to carry a named professional status — Licensed IPSRM™ Practitioner or Licensed IPSRM™ Professional respectively. Both include the complete assessment methodology, the Risk Engine Workbook, and the licence and professional conduct documents. Both include a personalised IPSRM™ Licence Certificate on purchase.
The Professional Licence adds the full commercial and legal practice infrastructure: model engagement terms, clause bank, risk disclosure guidance, engagement scoping framework, proposal positioning language, version and update policy, multi-site framework, and findings presentation framework. It also includes three supplementary client-facing instruments — the Client Briefing Template, Methodology Summary, and Remediation Tracking & Reassessment Template — and the Ardmore Logistics Ltd Worked Example. The full contents of each licence are set out on The IPSRM™ Licence page.
Which licence is right for me?
The Practitioner Licence suits practitioners who want the complete IPSRM™ methodology and instruments for structured assessment work, and who already have their own commercial and contractual infrastructure in place.
The Professional Licence is the recommended option for independent consultants deploying IPSRM™ commercially from the outset. It provides the full practice toolkit — not just the assessment framework — and includes the Worked Example for pre-deployment familiarisation.
If you want to evaluate the methodology before committing to a licence, the Worked Example at £45 provides a complete picture of IPSRM™ in practice across all six domains.
Do I get editable templates?
Yes. Working instruments are provided as editable Microsoft Word files — the Assessment Workbook, Executive Report Template, Engagement Scoping Framework, Client Briefing Template (Professional Licence), and Remediation Tracking & Reassessment Template (Professional Licence). The Risk Engine is provided as a Microsoft Excel workbook. Reference and methodology documents are provided as PDFs. All files are delivered digitally via Gumroad immediately on purchase.
Is the Worked Example included in the licence?
The Worked Example is included in the Professional Licence. It is also available as a standalone product at £45 for practitioners who want to evaluate the methodology before purchasing a licence, or who hold the Practitioner Licence and want to supplement it.
If you purchase the Worked Example standalone and subsequently purchase the Professional Licence, use code WE-TO-PRO at checkout to deduct £45 from the Professional Licence price — so you are never paying for it twice.
Will I receive updates?
Yes. Licence holders are entitled to updates within the same major version of the suite — currently v1.5. Where minor updates are issued — corrections, clarifications, and refinements that do not alter methodology substance — licence holders will be notified and provided with access to revised documents. The Version and Update Policy (P10), included in the Professional Licence, sets out the full terms. Major version releases may be subject to separate pricing.
Does IPSRM™ cover cyber security or supply chain risk?
IPSRM™ is a physical security assessment methodology. The calibration architecture it uses — systematic domain-based evidence collection, explicit risk scoring, governance-ready output — has potential application in adjacent areas. That work is at a conceptual stage. For now, IPSRM™ is focused on physical security assessment, where the methodology gap it addresses is most acute.
Can the Assessment Workbook and Risk Engine be used on a mobile device or digitised onto an inspection platform?
The Assessment Workbook is a structured professional record — a document that captures evidence, practitioner judgement, and calibrated findings across six defined domains. It is designed to be completed as a working instrument, not as a checklist. It functions as intended in Word format on a laptop or tablet and forms part of the engagement record delivered to the client.
The Risk Engine is already a digital instrument. The Excel workbook performs the RI × RL calibration, tier determination, and risk prioritisation automatically. No additional platform is required.
IPSRM™ is a methodology, not a data collection workflow. Migrating the workbooks to a third-party inspection platform would introduce a platform dependency, add per-user cost, and risk framing a professional assessment process as a checklist exercise. That is not what IPSRM™ produces and not what its outputs are designed to support.
Practitioners who prefer to complete the Assessment Workbook on a tablet can do so in Word without modification. The document is structured for sequential completion and works well in that format.
Suitability
Is this suitable for beginners?
IPSRM™ is a practitioner-level methodology. It assumes familiarity with physical security assessment practice and is designed to structure and elevate existing professional competence rather than replace it. It is not a training programme or an introduction to physical security.
If you are early in your security career, the Worked Example — available as a standalone product at £45 — provides a detailed completed assessment that illustrates how the methodology is applied in practice, and may be a useful starting point before purchasing a licence.
Is IPSRM™ suitable for in-house security teams as well as independent consultants?
Yes. IPSRM™ was designed for use across three distinct practitioner contexts: independent security consultants seeking a rigorous, structured methodology to underpin their practice; in-house security leaders who need to produce structured, evidenced assessment outputs for boards and audit committees; and governance and assurance professionals who commission or oversee physical security assessment work. Both licence tiers serve all three contexts. For in-house teams or security functions deploying IPSRM™ across multiple practitioners, an organisational licence may be more appropriate — see the licensing question above.
What jurisdictions does IPSRM™ cover?
IPSRM™ is jurisdiction-neutral in its methodology and domain architecture. The six assessment domains and the risk calibration framework apply consistently across operating environments and legal jurisdictions. Where specific compliance obligations are relevant — licensing requirements for security personnel, regulatory frameworks, or statutory duties — the methodology requires practitioners to assess against the applicable framework for the jurisdiction in which they are operating. IPSRM™ provides the structural architecture; the practitioner provides the jurisdictional knowledge.
Accreditation and Endorsement
Is IPSRM™ accredited or endorsed by a professional body?
IPSRM™ is an independent practitioner methodology. It is not currently accredited or endorsed by a professional body, standards organisation, or regulatory authority. It was developed from long-term professional practice and is offered as a rigorous, structured alternative to the absence of any mandated assessment methodology in the physical security discipline.
The methodology is designed to be complementary to existing professional standards and guidelines rather than to replace them. Practitioners who hold professional qualifications — including ASIS certifications, membership of the Association of Security Consultants, or equivalent credentials — will find that IPSRM™ provides the operational architecture that those frameworks do not prescribe.
If you are aware of a professional body or standards organisation that would be interested in reviewing IPSRM™ with a view to endorsement or accreditation, we would welcome an introduction via the Contact page.
Support and Refunds
How do I get support or ask questions after purchase?
Questions about the methodology, its application, or any of the suite documents can be directed via the Contact page. We aim to respond within two working days. For questions about your Gumroad purchase — including download issues or technical difficulties — Gumroad's own support function is the fastest route to resolution.
IPSRM™ does not currently offer one-to-one coaching, training, or supervised deployment. If there is sufficient interest from practitioners, structured support options may be developed in a future release.
What is the refund policy?
IPSRM™ products are digital downloads delivered immediately on purchase. Because the full product is accessible at the point of download, we are unable to offer refunds as a matter of course. If you experience a technical problem with your purchase — files that are inaccessible, incomplete, or incorrect — please contact us via the Contact page and we will resolve it promptly.
We encourage prospective purchasers to read the product descriptions carefully and, if in doubt, to purchase the Worked Example at £45 before committing to a licence. The Worked Example provides a complete picture of the methodology in practice across all six domains.