A threat assessment and a vulnerability analysis are parts of the:

In the PSP methodology, the preliminary design phase includes both threat assessments and vulnerability analyses.

Threat assessment identifies potential adversaries, hazards, and scenarios that could negatively impact the facility or operations.

Vulnerability analysis examines weaknesses in systems, processes, and physical infrastructure that could be exploited by threats.

These analyses inform the design of security measures by determining risk exposure and guiding the selection of protective layers. While operating security reviews and security systems architecture focus on implementation and operational evaluation, the preliminary design phase is where risks are systematically identified and addressed in the system concept and specifications, consistent with ASIS PSP guidance.