TPN GENERAL FAQs
What is the Trusted Partner Network?
The Trusted Partner Network (TPN) is a new, global, industry-wide film and television content protection initiative. The TPN helps companies prevent leaks, breaches, and hacks of their customers’ movies and television shows prior to their intended release.
Why was the TPN built?
Content is now created by a growing ecosystem of third-party vendors, who collaborate with varying degrees of security. This has escalated the security threat to the entertainment industry’s most prized asset, it’s content. The TPN program seeks to raise security awareness, preparedness, and capabilities within our industry.
How will the TPN address escalating content security threats?
The TPN establishes a single benchmark of minimum security preparedness for all vendors and their teams, wherever they work, and whatever their specialty. By creating a single, global directory of “trusted partner” vendors, content companies will have access to a centralized database to learn their TPN status.
Are there any precedents for such a program?
Other industry-wide security initiatives are well-established in finance, IT, payment processing, and healthcare. They have raised the levels of effectiveness and efficiency of their overall industry security.
Who is behind this new venture?
The TPN is a joint venture between two major entertainment industry associations, the Motion Picture Association (MPA) and the Content Delivery & Security Association (CDSA), the worldwide leaders in third-party entertainment industry assessments.
What happens to the current MPA and CDSA content protection programs?
Both associations have ceased their individual security assessment programs and focus exclusively on managing and developing the TPN initiative. The MPA will continue to maintain and update their content security best practices. CLICK HERE to view the content security best practices hosted on the MPA website.
What happens to the MPA and CDSA?
Both associations will continue to independently conduct all non-security assessment related association activities separate from this new joint venture.
Will content owners still be conducting their own assessments?
The TPN is expected to greatly reduce the number of content owner-initiated and funded assessments. Content owner assessments will continue on an “as-needed” basis.
What are the benefits for vendors in the TPN program?
The TPN program provides a number of benefits to vendors, including:
- Reduce the number of assessments conducted at each facility annually.
- Reduce the number of different controls used by various content owners.
- Create competitive, market-driven assessment pricing.
- Accelerate assessment report turn-around.
- Offer controls that are specific to the needs and workflows of specific vendor types.
- Assist in identifying vulnerabilities and communicate remediation through the TPN Platform.
- Allow vendors to promote their security preparedness.
What are the benefits for content owners in the TPN program?
The TPN program provides a number of benefits to content owners, including:
- Create a single, central global directory of “trusted partner” vendors.
- Expand the community of approved, media & entertainment focused content security assessors.
- Elevate the security standards and responsiveness of the vendor community.
- Assist in identifying vulnerabilities and communicate remediation to the vendor community through the TPN Platform.
- Increase the number of third-party vendor facilities that are assessed annually.
What vendors should join the TPN?
Joining the TPN is voluntary; however, every vendor – large and small – that believes that security is a core business principle of their organization should join the TPN.
Who are the TPN assessors?
Individual assessors (not audit firms) will undergo a strict review and approval process as to their expertise in securing pre-release, entertainment content. Vendors will hire a Qualified Assessor from the TPN database and will schedule their assessment and manage the process via the secure online platform.
Who pays for the TPN assessment?
Assessment fees are underwritten by the vendor. Assessment reports are shared within the TPN platform and can also be shared with customers outside the TPN at the vendor’s discretion. Content owners may also opt to pay for individual TPN assessments.
How much does a TPN assessment cost?
The cost of an assessment is negotiated, on a case-by-case basis, between the TPN Qualified Assessor and the vendor making the assessment request. The TPN has no control of the pricing models of individual assessors and/or their firms.
How frequent are the TPN assessments?
Due to the dynamic nature of the content security landscape, and the ongoing development and refinement of security controls, TPN assessments renew annually.
How does a vendor get their information published in the TPN directory?
Once enrolled in the TPN Platform, the vendor(s) will have their company information, along with any authorized supporting assessment materials, published in the TPN vendor roster.
Can I “fail” a TPN assessment?
The TPN assessment does not provide a “pass/fail” grade, certification, or rating. It provides an assessment of a facility’s security preparedness for conformance with the MPA content security best practices. If an assessment indicates non-conformance with a control or practice, any necessary remediation may be conducted by a separate but similarly approved TPN assessor. The vendor may also provide evidence of their own remediation to the TPN. The TPN also has a formal review and submission process for any assessment disputes. Assessors will be regularly measured and evaluated through the TPN Qualified Assessor Program.
Does the TPN serve any other function?
The TPN Platform will undergo ongoing development, and intends to add training courseware, security resources, and real-time security alerts.
When does this all happen?
The first class of TPN Qualified Assessors will be recruited and tested in March 2018, with Beta-testing of key vendors beginning in April 2018. Full roll-out of the TPN program is scheduled for June 2018.
Where can I find out more?
Contact your current MPA and/or CDSA security representative for more information