What is the Trusted Partner Network (TPN), and Why Is TPN Compliance Important?

In the media and entertainment world, protecting intellectual property is crucial. The Trusted Partner Network (TPN) certification plays an essential role in this endeavor. It establishes a comprehensive security standard for the safe handling of sensitive content. This guide offers insights into TPN and its significance in content protection for anyone from content creators to studio executives.

What is Trusted Partner Network (TPN)?

The Trusted Partner Network (TPN), in alliance with the Motion Picture Association (MPA), has developed a multifaceted framework to ensure the security of content throughout its lifecycle. This framework is built on several key factors, including MPA best practices, content owners, service providers, and TPN accredited assessors, each playing a critical role in upholding the integrity and security of media content.

MPA Best Practices

At the heart of TPN’s framework are the MPA Content Security Program Best Practices. Administered by TPN, these guidelines serve as a comprehensive foundation for the secure management and protection of content. Essential for maintaining security across various platforms, these practices cover everything from cloud storage and on-site facilities to remote work environments and software applications. TPN utilizes these best practices as a foundation for developing their comprehensive TPN assessment questionnaire, ensuring a thorough evaluation of compliance and security measures.

Content Owners

Content owners are pivotal within the TPN ecosystem. Organizations that produce, manage, license, or distribute content carry the primary responsibility for its security throughout its entire lifecycle, including before its official release. The unique risk profiles of content owners can vary widely, depending on the scale of the enterprise and the nature of the content handled. This variance necessitates tailored security approaches to adequately protect their intellectual property and assets.

Service Providers

Service providers, encompassing a broad spectrum of entities in the content creation and distribution chain, are integral to TPN’s operation. From film studios and television networks to cloud storage providers and IT security firms, these providers are required to adhere to the standardized Content Security Best Practices. Their TPN compliance demonstrates a commitment to safeguarding client content against unauthorized access, usage, disclosure, and other security threats.

TPN Accredited Assessor

A critical component of the TPN certification process is the role of the TPN Accredited Assessor. These assessors conduct detailed audits of service providers, evaluating their security measures and protocols against TPN and MPA standards. The TPN assessment process is thorough and ensures that service providers meet the highest levels of content security, aligning them with the overarching objectives of the Trusted Partner Network and MPA Best Practices.

What is a Trusted Partner Network (TPN) Certification?

A Trusted Partner Network (TPN) certification represents a rigorous and comprehensive cybersecurity audit framework, a collaborative creation of the Motion Picture Association (MPA) and the Content Delivery and Security Association (CDSA).

This certification is specifically tailored to meet the unique security challenges inherent in the dynamic TV and film industry. Its primary focus is on the safeguarding of intellectual property throughout its entire content lifecycle, from the initial stages of creation right through to distribution.

The essence of TPN certification lies in its establishment of industry-specific security standards and best practices. This certification empowers studios, post-production houses, vendors, and various service providers to manage, audit, and protect their content effectively and securely. The role of TPN certification is pivotal in the realm of content security. It serves as a stronghold against piracy, standardizes cybersecurity measures across the industry, mitigates potential risks, and enhances consumer trust. By assuring the secure handling of media content, TPN certification significantly reduces the risks associated with unauthorized access, data leaks, and content piracy.

In the context of the Trusted Partner Network, MPA Content Security Best Practices are critical. They establish a unified benchmark of minimum-security preparedness essential for the Media and Entertainment industry. Managed and periodically updated by the TPN program, which is under the ownership of the MPA, these best practices are refined with inputs from various industry stakeholders, including content owners, service providers, and TPN accredited assessors.

How Did the Trusted Partner Network Come Into Existence?

The Trusted Partner Network (TPN) emerged as a strategic response to the evolving challenges in the media and entertainment industry. This sector, particularly in the realm of content creation for movies, television shows, and short films, has increasingly relied on a diverse ecosystem of third-party vendors. These vendors, each with their own levels of security measures, introduced a heightened risk of leaks and breaches, posing significant threats to the industry’s most valuable asset: its content.

Recognizing the need for a standardized approach to cybersecurity, TPN certification was developed to elevate security awareness and capabilities within the industry. This initiative was spearheaded by the Motion Picture Association (MPA), reflecting their commitment to protecting intellectual property and the integrity of content distribution channels.

Establishing a Universal Security Benchmark

TPN sets a universal benchmark for minimum security preparedness, applicable to all vendors and their teams, irrespective of their geographical location or level of expertise. This approach has been instrumental in creating a global catalog of “trusted partner” vendors. Such a catalog offers content organizations access to a valuable dataset, showcasing the TPN status of vendors, thereby ensuring that they engage with partners who adhere to the highest standards of content security.

The Importance of TPN Certification

In the film and television industry, the security and control of intellectual property are paramount. TPN certification plays a crucial role in maintaining this security, ensuring control over intended release dates, and significantly reducing the risk of data breaches and leaks. It also mitigates the impact of cyber-attacks on these organizations.

TPN encompasses a suite of cybersecurity best practices and guidelines, as outlined by the MPA. These practices are structured around the development and implementation of an effective Information Security Management System (ISMS), drawing from industry-leading frameworks such as NIST and ISO. Organizations undergo a comprehensive TPN assessment, where their ISMS effectiveness is evaluated against these established frameworks.

By committing to TPN certification, organizations within the film and television industry can assure the security of their intellectual property. The ongoing compliance with TPN standards not only enhances their cybersecurity infrastructure but also fortifies their risk management protocols. This proactive approach significantly lowers the likelihood of experiencing security breaches or leaks.

Benefits of TPN Certification: Enhancing Security and Trust in Media and Entertainment

The Trusted Partner Network (TPN) certification represents a significant advancement in content security and risk management within the media and entertainment industry. This comprehensive certification process, including TPN assessment and adherence to TPN compliance standards, offers a range of benefits for studios, post-production houses, vendors, and the broader industry.

Establishing Trust through Robust Security

TPN certification is instrumental in building trust between vendors and their clients. Achieving TPN certification signifies a vendor’s commitment to stringent security measures, crucial in an industry where protecting intellectual property and sensitive content is vital. This heightened level of trust strengthens client-vendor relationships, fostering confidence and reliability.

Enhancing Cybersecurity Measures

A key benefit of TPN certification is the reinforcement of an organization’s defenses against cyber attacks. Aligning with MPA Best Practices and successfully passing rigorous TPN audits, certified entities significantly enhance their cybersecurity capabilities, effectively mitigating potential risks and threats.

Recognition as a Trusted Partner

Being TPN certified includes inclusion in a prestigious centralized directory of Trusted Partner vendors. This listing is a valuable resource for those seeking secure and reliable service providers and marks a vendor as a credible and reliable choice in the industry. It also provides a competitive edge, distinguishing certified providers from their competitors.

Raising Security Standards Across the Industry

TPN certification drives the overall elevation of security standards within the vendor community. It establishes a high benchmark for cybersecurity practices, motivating all players in the industry to excel in content protection. This collective effort results in a more secure and resilient industry, well-equipped to address the challenges of digital content security.

Broadening Project Opportunities

Obtaining TPN certification can open doors to more projects involving third-party vendors. With an increasing emphasis on security in studios and among content owners, there’s a growing preference for working with TPN-certified vendors. This trend not only creates more opportunities for certified vendors but also encourages others in the industry to seek TPN certification, thereby expanding the network of trusted partners.

The TPN Audit Process

The audit process for obtaining Trusted Partner Network (TPN) certification is a comprehensive and detailed procedure designed to evaluate an organization’s adherence to the stringent security standards required in the media and entertainment industry. This process is essential for ensuring the secure handling and protection of sensitive content.

Steps Involved in the TPN Audit

The Trusted Partner Network (TPN) audit process is a rigorous assessment that Service Providers must undergo to demonstrate their TPN compliance with MPA Best Practices. The TPN audit process is designed to ensure that Service Providers are adequately protecting their clients’ content and includes the following steps:

1. Self-assessment: The Service Provider completes a self-assessment questionnaire to assess their TPN compliance with the MPA Content Security Best Practices.
2. Initial Assessment and Documentation Review: The TPN Accredited Assessor conducts interviews with Service Provider personnel to get a better understanding of the Service Provider’s security posture.
3. On-site or Virtual Audit: Depending on the service proivders location and other factors, an on-site or virtual TPN audit is conducted. This involves a detailed inspection of physical and digital security measures, including data management, access controls, and incident response protocols.
4. Audit report: The TPN auditor prepares an TPN audit report that identifies any security vulnerabilities or TPN compliance gaps. The audit report will also include recommendations for how the Service Provider can address any security vulnerabilities or TPN compliance gaps.
5. Implementation of recommendations: The Service Provider implements the TPN auditor’s recommendations to address any security vulnerabilities or TPN compliance gaps.
6. Re-audit: The Service Provider is re-audited by the TPN auditor to verify that the recommendations have been implemented and that the Service Provider is now compliant with the TPN best practices.
7. Final Certification: Once compliance with all TPN standards is verified, the organization is awarded TPN certification. This certification is subject to periodic re-assessment to ensure ongoing TPN compliance.

MPA Best Practices Assessed During the TPN Audit

The TPN audit rigorously evaluates a Service Provider’s TPN compliance with the MPA Content Security Best Practices, which are categorized into Core Best Practices and Additional Best Practices. The Core Best Practices are mandatory for TPN compliance with the MPA Content Security Program, while the Additional Best Practices are strongly recommended for further enhancing the organization’s security posture.

The Core MPA Best Practices assessed in the TPN audit include:

• Physical Security: Implementing measures to prevent unauthorized access, theft, and damage to content.
• Information Security: Safeguarding the confidentiality, integrity, and availability of content across all formats, including data at rest, in process, and in transit. This involves encryption, access controls, and regular security audits.
• Technical Security: Protecting content from unauthorized access, use, disclosure, modification, or destruction through robust network security measures such as firewalls, intrusion detection systems, and regular security patching.
• Personnel Security: Ensuring that personnel handling sensitive content are reliable and adequately trained, with appropriate access controls.
• Incident Response: Establishing effective procedures for detecting, responding to, and recovering from security incidents.

Requirements for achieving TPN certification

To achieve TPN certification, Service Providers must:

• Implement all required security controls as per MPA Best Practices.
• Prove the effectiveness of these security controls.
• Address any vulnerabilities or gaps identified during the TPN audit.
• Undergo regular re-audits to ensure sustained TPN compliance and maintain certification.

How Much Does the TPN Assessment Cost?

The cost of a TPN assessment can vary significantly, influenced by various factors, which makes it challenging to provide a fixed pricing structure. Organizations seeking TPN certification should consult with a TPN accredited assessor for a clearer understanding of the costs, tailored to their unique circumstances.

Key factors influencing the cost include:

• Size and Complexity of the Organization: Larger organizations with more complex operations may require a more in-depth TPN assessment, leading to higher costs.
• Location and Logistics: For an on-site TPN audit, the location of the organization can impact travel and accommodation expenses for the assessors.
• Scope of the Audit: The range of services and extent of the content handled by the service provider can affect the depth and breadth of the TPN audit process, influencing the overall cost.
• Follow-up Assessments: If the initial TPN audit identifies areas needing significant improvement, additional follow-up assessments may be required, adding to the total cost.

TPN Certification Use Cases

TPN (Trusted Partner Network) certification plays a pivotal role in the media and entertainment industry, offering a robust framework for content security. Below are some practical scenarios and real-world use cases that illustrate how organizations across various segments of the industry implement TPN certification to enhance their content security.

Film and Television Studios

For film and television studios, TPN certification is integral to their operation. By ensuring that their internal teams and external vendors comply with TPN standards, studios can safeguard unreleased movies and shows from leaks and piracy. This is especially crucial in the post-production phase, where raw footage and final cuts are highly vulnerable to security breaches.

Animation and Visual Effects (VFX) Companies

Animation and VFX companies handle a significant amount of sensitive data, often working on multiple high-profile projects simultaneously. TPN certification ensures that these companies have robust security protocols in place, protecting intellectual property and maintaining client confidentiality. This is particularly important when outsourcing elements of production or collaborating with international teams.

“We have seen a number of studios using the Ericom Web Isolation solution, including Jellyfish Pictures, and are pleased with the role the technology plays in satisfying key parts of their TPN security compliance requirements.” – Mathew Gilliat‑Smith, EVP

Music and Audio Production Houses

TPN certification is equally important in the music industry, particularly for studios involved in scoring and sound design for movies and TV shows. Ensuring that unreleased tracks and scores are securely managed is critical to prevent leaks that could impact a project’s market performance or artistic integrity.

Digital Marketing and Promotion Agencies

Agencies involved in the marketing and promotion of media content often have early access to sensitive materials like trailers, posters, and promotional clips. TPN certification ensures these agencies handle this content securely, preventing premature releases or leaks that could spoil marketing strategies or fan experiences.

Cloud Storage and IT Service Providers

Cloud storage providers and IT service providers play a crucial role in the content creation pipeline. These entities often store and manage large volumes of sensitive data. TPN certification for these providers ensures that they have stringent security measures in place, offering peace of mind to their clients in the media and entertainment industry.

Content Distribution Networks

Content distribution networks (CDNs), crucial for delivering content to global audiences, must ensure the highest security standards to prevent unauthorized access and distribution. TPN certification verifies that CDNs have the necessary infrastructure and protocols to protect the content they distribute.

Independent Filmmakers and Production Houses

Independent filmmakers and smaller production houses benefit from TPN certification by demonstrating their commitment to content security. This certification can be a differentiator when seeking partnerships or distribution deals, as it assures potential partners of their adherence to industry-standard security practices.

How Ericom Can Assist With TPN Compliance

Aligning with the MPA Content Security Best Practices, Version 5.2, studios are encouraged to adopt Remote Browser Isolation (RBI) to adhere to Technical Security Guidelines for Information Systems and Network Security. Ericom’s innovative ZTEdge Web Isolation solution is tailored to these recommendations, providing Service Providers with an effective means to comply with MPA best practices while enhancing their overall security framework.

Ericom’s Zero Trust Web Isolation and Ericom RBI’s Alignment with MPA Guidelines play a pivotal role in this process. Ericoms RBI renders website content in virtual browsers located in cloud-based containers, ensuring that only safe rendering information reaches users’ web browsers. This system not only provides a fully interactive user experience but also secures devices and networks from various web-borne threats, including sophisticated zero-day ransomware.

Ericom’s Web Isolation for TPN Programs adheres to MPA Content Security Program Best Practices for corporate email and web filtering and also ensures secure internet access, providing a seamless experience for artists and content creators in the entertainment industry. This includes defending against email and web-delivered cyberattacks, preventing content loss, and enabling the secure use of collaborative platforms like O365 and Teams.

Ericom’s solutions are comprehensively designed to meet the needs of TPN Content owners, Assessors, and service providers, ensuring conformity with MPA requirements and industry best practices. For more detailed information or to discuss specific needs, please contact Ericom here.