TPN Assessment Process

The Motion Picture Association (MPA) Content Security Best Practices Common Guidelines (CSBP-CG) is an Information Security Management System (ISMS) framework derived from ISO/IEC 27002-2013 and NIST 800-53. The CSBP-CG is industry specific and designed to be of use by any organisation that is engaged in the Media and Entertainment Industry. The framework can be used standalone or in conjunction with other ISMS or risk management regime such as the ISO/IEC 27000 family, ITIL and COBIT.

A Trusted Partner Network (TPN) Assessment is a cybersecurity audit where your ISMS implementation (i.e. management system, physical security and digital security) and corresponding content handling workflows are benchmarked for conformance with the CSBP-CG by an Accredited TPN Assessor. The assessment process is designed to deliver a comprehensive report to MPA, CDSA and ACE member studio content owners detailing your ISMS implementation, approach to risk and business continuity management, control implementation and treatment and to detail areas of non-conformance for remediation in the future. The need to comply with the CSBP-CG is voluntary. The TPN Assessment Process is not an accreditation program. The steps below outline the pre-assessment process, assessment process and re-assessment process. If you have any questions or concerns regarding the assessment process then please contact us.

Preparing for Assessment

1. Understand the TPN Assessment Process

Please familiarise yourself with the TPN Assessment Process, the MPA Content Security Best Practices and this assessment process.

2. Request TPN Vendor Assessment or TPN Vendor Re-Assessment

In order to get assessed or re-assessed, you MUST complete the TPN's Vendor Assessment Request Form.

3. Get a Quote For Your Assessment

Please complete our Pre-Assessment Questionnaire. Once that's done we will send you a quote to assess your facility.

4. Review & Sign the Security Assessment Agreement

Once you have received, reviewed and approved our quote we will send you the Security Assessment Agreement to review and sign.

5. Send Quote and Agreement to the TPN

Once you have signed the Security Assessment Agreement we will send both documents to the TPN for processing. This can occur prior to you completing the TPN Assessment Initial and Extended Questionnaires in the next step.

6. Complete TPN Assessment Initial and Extended Questionnaires

Once your TPN Vendor Assessment Request in Step 2 has been fulfilled, you will need to complete the initial and extended questionnaires via the TPN Vendor Portal.

7. Choose Your TPN Accredited Assessor

Once you have completed the questionnaires you can choose the TPN Assessor via the TPN Vendor Portal. Please choose your Assessor. Your assessor should match the assessor that was specified on the Security Assessment Agreement.

8. Receive Executed Security Assessment Agreement and Invoice from the TPN

You will receive a copy of the fully executed Security Assessment Agreement and an invoice directly from the TPN. This can take around 2-5 business days.

9. Pay the TPN for the Assessment

Once you have received the invoice, you will need to pay the TPN for the assessment. You can wire transfer the funds or use an international money transfer service. You do not pay Groundwire Security. Once payment is received by the TPN, your assessment will be ungated and released to your Assessor.

Assessment Process

1. Schedule the Assessment

Once Agreement is signed and payment is received by TPN, your assessor will schedule a kickoff meeting and the onsite assessment date or remote assessment date. Your assessor will also submit a materials request to you.

2. Materials Request Preparation and Assessment

Prepare your assessment materials as directed by your assessor. Your assessor will then visit your facility to complete and onsite assessment or complete the remote assessment interviews with your via your preferred video conferencing method (e.g. Teams, Zoom).

3. Draft Report Submission to the TPN

Once your assessor has completed the onsite or remote assessment, they will write a draft assessment report. Your assessor will submit the draft assessment report to the TPN. This typically takes 10 business days but may take longer if additional information is requested.

4. Draft Report Release and Review

The draft report will be released to you for review via the TPN Vendor Portal. You will work with your assessor to ensure the report is accurate and correct any inaccuracies or invalid remediation items as necessary.

5. Final Report Submission

Once you approve the draft report, your assessor will submit the report to the TPN for final quality assurance.

6. Final Quality Assurance and Publishing

The TPN's Audit Team in California will then review, quality assure and publish your report. The quality assurance process can take up to 10 business days.

7. Assessment Process Completion

Once the report is published, you will receive your assessment certificate, feedback questionnaire and TPN logos. Please refer to the style guide in relation to TPN logo use. Your report will be made available to all MPA and CDSA member studio content owners including Disney, Warner Brothers, Sony, Paramount, Bad Robot, Amazon, HBO and Marvel.

8. Remediation Items

You will then get to work resolving remediation items. Submit remediation items evidence for review by the TPN Audit Team in California via the TPN Vendor Portal. Once you have completed / closed off all remediation items you will be required to complete the quarterly check-in.

Re-Assessment Process

1. Re-Assessment

Your assessment is normally valid for 12-months from the date the report was published. You will then need to be re-assessed. To commence the re-assessment process, go to Step 2 of the Preparing for Assessment Process above.

The TPN has extended the validity of assessments in 2021 by 3 months (90-days). This applies to:

Assessments due for renewal in 2021
Assessments currently in progress in 2021
Assessments that have completed in 2021.

The TPN will add the extension at the 12-month anniversary date of your assessment. Please contact the TPN directly to re-confirm your assessment expiry date, confirm your extended expiry date, and have your program participation certificate re-issued with the new validity date.