TPN Assessment Process
What is TPN Assessment?
A Trusted Partner Network (TPN) Assessment is a cybersecurity audit where your ISMS implementation (i.e. management system, physical security, and digital security) and corresponding content handling workflows are benchmarked for conformance with the MPA Content Security Best Practices Common Guidelines by an Accredited TPN Assessor. The assessment process is designed to deliver a comprehensive report to MPA, CDSA, and ACE member studio content owners including Walt Disney Studios, Netflix, Sony Pictures, Paramount Pictures, Warner Brothers and Universal Pictures detailing your ISMS implementation, approach to risk and business continuity management, control implementation and treatment and to detail areas of non-conformance for remediation in the future. The need to comply with the MPA Content Security Best Practices Common Guidelines is voluntary. The TPN Assessment Process is not an accreditation program.
MPA Best Practices: Common Guidelines
The Motion Picture Association (MPA) Content Security Best Practices Common Guidelines (CSBP-CG) is an Information Security Management System (ISMS) framework derived from ISO/IEC 27002-2013 and NIST 800-53. The MPA Content Security Best Practices Common Guidelines is industry specific and designed to be of use by any organisation that is engaged in the Media and Entertainment Industry. The framework can be used standalone or in conjunction with other ISMS or risk management regime such as the ISO/IEC 27000 family, ITIL and COBIT.
TPN Assessment Process
Once you are ready for your TPN Assessment, please see below the start the assessment process, assessment process and re-assessment process. We can also assist you with getting prepared for a scheduled TPN Assessment so contact us for a free 30 minute consultation. TPN Assessments can take up 90-days to complete.
Start the Assessment Process
05. Send Quote and Agreement to the TPN
Once you have signed the Security Assessment Agreement we will send both documents to the TPN for processing. This can occur prior to you completing the TPN Assessment Initial and Extended Questionnaires in the next step.
06. Complete TPN Assessment Initial and Extended Questionnaires
Once your TPN Vendor Assessment Request in Step 2 has been fulfilled, you will need to complete the initial and extended questionnaires via the TPN Vendor Portal.
07. Choose Your TPN Accredited Assessor
Once you have completed the questionnaires you can choose the TPN Assessor via the TPN Vendor Portal. Please choose your Assessor. Your assessor should match the assessor that was specified on the Security Assessment Agreement.
08. Receive Executed Security Assessment Agreement and Invoice from the TPN
You will receive a copy of the fully executed Security Assessment Agreement and an invoice directly from the TPN. This can take around 2-5 business days.
09. Pay the TPN for the Assessment
Once you have received the invoice, you will need to pay the TPN for the assessment. You can wire transfer the funds or use an International money transfer service. You do not pay Groundwire Security. Once payment is received by the TPN, your assessment will be ungated and released to your Assessor.
The TPN Assessment
10. Schedule the Kickoff Meeting and Assessment
Once Agreement is signed and payment is received by TPN, your assessor will schedule a kickoff meeting and the onsite assessment date or remote assessment date. Your assessor will also submit a materials request to you.
11. Materials Request Preparation and Assessment
Prepare your assessment materials as directed by your assessor. Your assessor will then visit your facility to complete and onsite assessment or complete the remote assessment interviews with your via your preferred video conferencing method (e.g. Teams, Zoom).
12. Assessment and Draft Report Submission to the TPN
Once your assessor has completed the onsite or remote assessment, they will write a draft assessment report. Your assessor will submit the draft assessment report to the TPN. This typically takes 10 business days but may take longer if additional information is requested.
13. Draft Report Release and Review
The draft report will be released to you for review via the TPN Vendor Portal. You will work with your assessor to ensure the report is accurate and correct any inaccuracies or invalid remediation items as necessary.
14. Final Report Submission
Once you approve the draft report, your assessor will submit the report to the TPN for final quality assurance.
15. Final Quality Assurance and Publishing
The TPN's Audit Team in California will then review, quality assure and publish your report. The quality assurance process can take up to 10 business days.
16. Assessment Process Completion
Once the report is published, you will receive your assessment certificate, feedback questionnaire, and TPN logos. Please refer to the style guide in relation to TPN logo use. Your report will be made available to all MPA, CDSA, and ACE member studio content security teams.
17. Remediation Items
You will then get to work resolving remediation items. Submit remediation items evidence for review by the TPN Audit Team in California via the TPN Vendor Portal. Once you have completed / closed off all remediation items you will be required to complete the quarterly check-in.
Your assessment is valid for 12-months from the date the report was published. You will then need to be re-assessed. To commence the re-assessment process, go to Step 02 of the Preparing for Assessment Process above.
The TPN has extended the validity of 2021 assessments by 3 months (90-days) as follows:
Assessments that commenced in 2021
Assessments that completed in 2021 from March onward.
Please contact the TPN directly to re-confirm your assessment expiry date, confirm your extended expiry date, and have your program participation certificate re-issued with the new validity date.