TPN Services & FAQ's
What is a TPN Assessment
The Trusted Partner Network (TPN) is a new, global, industry-wide film and television content protection initiative. The TPN helps companies prevent leaks, breaches, and hacks of their customers’ movies and television shows prior to their intended release.
The Motion Picture Association (MPA) Content Security Best Practices Common Guidelines (CSBP-CG) is an Information Security Management System (ISMS) framework derived from ISO/IEC 27002-2013 and NIST 800-53. The CSBP-CG is industry specific and designed to be of use by any organisation that is engaged in the Media and Entertainment Industry. The framework can be used standalone or in conjunction with other ISMS or risk management regime such as the ISO/IEC 27000 family, ITIL and COBIT.
A Trusted Partner Network (TPN) Assessment is a cybersecurity audit where your ISMS implementation (i.e. management system, physical security and digital security) and corresponding content handling workflows are bench-marked for conformance with the CSBP-CG by an Accredited TPN Assessor. The assessment process is designed to deliver a comprehensive report to MPA, CDSA and ACE member studio content owners detailing your ISMS implementation, approach to risk and business continuity management, control implementation and treatment and to detail areas of non-conformance for remediation in the future. The need to comply with the CSBP-CG is voluntary. The TPN Assessment Process is not an accreditation program.
Who needs a TPN Assessment and how does it help your organisation
Any organization that is intending to bid on projects that are offered by an MPA, CDSA or ACE member studios will require a TPN Assessment. Establishing the ISMS in the organization demonstrates the business' commitment to cybersecurity and to secure content handling workflows. The TPN establishes a single benchmark of minimum security preparedness for all vendors and their teams, wherever they work, and whatever their specialty. By creating a single, global directory of “trusted partner” vendors, content companies will have access to a centralized database to learn their TPN status.
Why choose us
Our auditors are industry veterans who have worked on multiple shows and have the screen credits to prove it. We intimately understand the cybersecurity risks involved in operating a facility and handling vendor content. We can work with you to implement an ISMS that is designed to reduce the exposure of your business to cybersecurity breach and content theft or loss.
Our TPN Services
We offer the following Trusted Partner Network (TPN) assessments / audits and consulting services. We can also assist you in implementing the MPA Content Security Best Practices based on your facility type and content handling requirements.
PREPARATION & ENGINEERING
Pre-Assessment preparation and engineering to ensure your facility meets or exceeds MPA Content Security Best Practices prior to commencing a TPN Assessment.
GOVERNANCE & CYBERSECURITY
We work with you to develop Governance Policies and Procedures that are required to be developed and delivered as part of the TPN Assessment process.
Trusted Partner Network FAQs
Why was the TPN built?
Content is now created by a growing ecosystem of third-party vendors, who collaborate with varying degrees of security. This has escalated the security threat to the entertainment industry’s most prized asset, it’s content. The TPN program seeks to raise security awareness, preparedness, and capabilities within our industry.
How will the TPN address escalating content security threats?
The TPN establishes a single benchmark of minimum security preparedness for all vendors and their teams, wherever they work, and whatever their specialty. By creating a single, global directory of “trusted partner” vendors, content companies will have access to a centralized database to learn their TPN status.
Are there any precedents for such a program?
Other industry-wide security initiatives are well-established in finance, IT, payment processing, and healthcare. They have raised the levels of effectiveness and efficiency of their overall industry security.
Who is behind this venture?
The TPN is a joint venture between two major entertainment industry associations, the Motion Picture Association (MPA) and the Content Delivery & Security Association (CDSA), the worldwide leaders in third-party entertainment industry assessments.
What happens to the current MPA and CDSA content protection programs?
Both associations will cease their individual security assessment programs and focus exclusively on managing and developing the TPN initiative. The MPA will continue to maintain and update its content security best practices.
What happens to the MPA and CDSA?
Both associations will continue to independently conduct all non-security assessment-related association activities separate from this new joint venture.
Will content owners still be conducting their own assessments?
The TPN is expected to greatly reduce the number of content owner-initiated and funded assessments. Content owner assessments will continue on an “as-needed” basis.
What are the benefits for vendors in the TPN program?
The TPN program will provide a number of benefits to vendors, including:
Reduce the number of assessments conducted at each facility annually.
Reduce the number of different controls used by various content owners.
Create competitive, market-driven assessment pricing.
Accelerate assessment report turn-around.
Offer controls that are specific to the needs and workflows of specific vendor types.
Assist in identifying vulnerabilities and communicate remediation through the TPN Platform.
Allow vendors to promote their security preparedness.
What are the benefits for content owners in the TPN program?
The TPN program will provide a number of benefits to content owners, including:
Create a single, central global directory of “trusted partner” vendors.
Expand the community of approved, media & entertainment-focused content security assessors.
Elevate the security standards and responsiveness of the vendor community.
Assist in identifying vulnerabilities and communicate remediation to the vendor community through the TPN Platform.
Increase the number of third-party vendor facilities that are assessed annually.
What vendors should join the TPN?
Joining the TPN is voluntary; however, every vendor – large and small – that believes that security is a core business principle of their organization should join the TPN.
Who are the TPN assessors?
Individual assessors (not audit firms) will undergo a strict review and approval process as to their expertise in securing pre-release, entertainment content. Vendors will hire a Qualified Assessor from the TPN database and will schedule their assessment and manage the process via the secure online platform.
Who pays for the TPN assessment?
Assessment fees are underwritten by the vendor. Assessment reports are shared within the TPN platform and can also be shared with customers outside the TPN at the vendor’s discretion. Content owners may also opt to pay for individual TPN assessments.
How much does a TPN assessment cost?
The cost of an assessment is negotiated, on a case-by-case basis, between the TPN Qualified Assessor and the vendor making the assessment request. The TPN has no control over the pricing models of individual assessors and/or their firms.
How frequent are the TPN assessments?
Due to the dynamic nature of the content security landscape, and the ongoing development and refinement of security controls, TPN assessments renew annually.
How does a vendor get their information published in the TPN directory?
Once enrolled in the TPN Platform, the vendor(s) will have their company information, along with any authorized supporting assessment materials, published in the TPN vendor directory.
Can I “fail” a TPN assessment?
The TPN assessment does not provide a “pass/fail” grade, certification, or rating. It provides an assessment of a facility’s security preparedness for conformance with the MPA content security best practices. If an assessment indicates non-conformance with a control or practice, any necessary remediation may be conducted by a separate but similarly approved TPN assessor. The vendor may also provide evidence of their own remediation to the TPN. The TPN also has a formal review and submission process for any assessment disputes. Assessors will be regularly measured and evaluated through the TPN Qualified Assessor Program.