Research programme

The State of CPTED in NSW

Most CPTED in NSW meets the planning requirement. This research examines whether it prevents crime.

Codee Ludbey · Publication forthcoming

In brief: Core42 coded 100 consultant-produced CPTED reports submitted to NSW development assessment. Structural quality is high; analytical quality is not. Risk language substitutes for risk methodology, context is described but rarely used, and community engagement is claimed more often than conducted. Measured against ISO 22341:2021, the governance system is structurally indifferent to the quality of analysis it receives.

CPTED reporting is required under NSW development assessment for most residential, commercial, and mixed-use projects. But compliance with the requirement and quality of the analysis are not the same thing.

This research examines 100 consultant-produced CPTED reports submitted to the NSW planning system. What risk methodology was applied — or wasn't. Where contextual analysis stopped short of informing design. Whether community engagement was real or rhetorical. And what that means for the credibility of CPTED as a planning tool.

Why we did this research

CPTED's theoretical foundations are strong. The evidence base for environmental crime prevention is well-established. What the literature hasn't examined is how CPTED is actually operationalised in contemporary practice — the reports produced by consultants, assessed by planning authorities, and used to justify design decisions across thousands of NSW developments.

We conducted this research because no systematic empirical analysis of consultant-produced CPTED reporting in NSW existed, and the gap matters. When CPTED reporting is relied upon as assurance that crime risk has been considered, the quality of that assurance determines whether CPTED functions as a genuine safeguard or a compliance artefact.

We examined 100 reports to answer a specific question:

To what extent do consultant-produced CPTED reports submitted in NSW development assessment reflect genuine risk-based analysis — or do they function primarily as procedural compliance documents?

The question was not whether practitioners are competent. It was whether the system they operate within is set up to produce good analysis.

What we did

Core42 coded 100 CPTED reports sourced from the NSW State Design Review/Safer by Design (SDD/A) repository — a publicly accessible government platform hosting CPTED assessments submitted in support of development applications across NSW.

A structured coding framework was applied to each report, assessing:

  • CPTED theory integration — first generation (physical/spatial), second generation (social), and tokenistic application
  • Risk methodology — threat identification, crime statistics, likelihood-consequence frameworks, risk registers, and prioritisation
  • Context and user analysis — land use, demographic, and economic context; user profiles; activity mapping; and direct community engagement
  • Recommendations and traceability — whether recommendations were linked to analysis, linked to identified risks, and supported by evaluation plans
  • Report quality and governance — structure, use of diagrams, boilerplate content, and evidence of multi-stakeholder collaboration

Statistical analysis compared outcomes across risk dimensions, CPTED generations, and consultancy type — planning firms versus security consultancies.

What we found

The research identified four consistent patterns across 100 reports. Each one points to the gap between what CPTED claims to do and what the reporting system is structured to deliver.

Risk language substitutes for risk methodology

Risk terminology appeared in the majority of reports. Crime statistics, threat identification, and trend data were common. What was far less common was the formal analytical machinery that turns crime data into design decisions — likelihood-consequence frameworks, risk registers, and prioritised responses.

Context is described. It's rarely used.

Almost all reports included some form of site context analysis. Fewer than half explicitly linked those observations to identified risks or design responses.

Community rhetorically present. Methodologically absent.

User-centred language was common across the dataset. The methods required to support that language were not. Second-generation CPTED principles — the social dimension of crime prevention — appeared frequently, but substantive integration was the exception rather than the rule.

The system produces consistent output. Not consistently good analysis.

Structural quality across reports was high. Process quality — multi-stakeholder input, evaluation planning, adaptive review — was not. Both of the dominant consultancy types showed analytical gaps, for different reasons.

What it means for planning and practice

The NSW planning system is out of date

The governance framework that embeds CPTED into development assessment was designed for a different era of practice. It requires a report. It does not require a good one. There are no minimum standards for risk methodology, no mandatory stakeholder engagement, no post-occupancy accountability. The result is a system that produces consistent procedural output while remaining structurally indifferent to analytical quality. CPTED is required — what it requires of practitioners is not.

It accepts poor quality as evidence of risk management

When a CPTED report is accepted as evidence that crime risk has been considered, the quality of that analysis determines whether it constitutes genuine assurance or procedural cover. The findings suggest the latter is common. Reports are structurally professional and theoretically framed. What they frequently lack is the formal risk reasoning — likelihood-consequence analysis, prioritised responses, auditable decision logic — that would make them defensible under scrutiny. Planners and approving authorities are accepting documentation as analysis.

Practitioners need to be qualified to the current international standard

ISO 22341 — the international standard for CPTED — sets a clear framework for what structured crime prevention analysis looks like. The current NSW accreditation pathway does not align with it. Completion of the NSW Police or Local Government Safer by Design course remains the primary qualification route, but that course was not designed to develop the risk management competency that ISO 22341 requires. The findings reflect that gap directly: risk methodology is the dimension where NSW practice falls furthest short.

Publication

Full findings, statistical results, and recommendations are being prepared for peer-reviewed publication. Register your interest and we'll send the paper when it's available.

Register interest Read: What Good CPTED Looks Like →

Frequently asked questions

What is the quality of CPTED practice in NSW?

Core42's analysis of 100 consultant-produced CPTED reports submitted to the NSW planning system found that risk language routinely substitutes for risk methodology. Crime statistics and threat identification appear widely across reports, but formal likelihood-consequence frameworks, risk registers, and prioritised design responses are uncommon. Context is described but rarely used — fewer than half of reports explicitly linked site observations to identified risks or design responses.

Does NSW CPTED practice meet ISO 22341?

NSW CPTED practice does not align with ISO 22341, the international standard for CPTED. The current NSW accreditation pathway — completion of the NSW Police or Local Government Safer by Design course — was not designed to develop the risk management competency ISO 22341 requires. The planning system sets no minimum standards for risk methodology, mandatory stakeholder engagement, or post-occupancy accountability, resulting in a system structurally indifferent to analytical quality.

What is the difference between CPTED compliance and CPTED quality?

Structural quality across NSW CPTED reports is high — they are professionally formatted, theoretically framed, and meet procedural requirements. Process quality is not: multi-stakeholder input, formal risk analysis with linked recommendations, and evaluation planning are the exception rather than the rule. NSW planning authorities are frequently accepting documentation as analysis, producing compliance artefacts rather than genuine evidence of crime risk management.

Need CPTED advice for a current project?

Discuss how research-led CPTED assessment, aligned with ISO 22341, can support your development with a principal consultant.

Place-Based Safety services Speak to a Principal

Related guide: What Good CPTED Looks Like — the commissioner's guide to ISO 22341-aligned CPTED assessment.