top of page
9d3347_5f5df953b1934257b8b76d3503203caemv2.png

TPN Assessment

The Trusted Partner Network (TPN) is an industry-wide cybersecurity initiative, securing movie, film, TV, broadcast, and game content. TPN assessments audit service providers' cybersecurity measures for compliance with MPA Content Security Best Practices, facilitating business success and trust. Join TPN to simplify bidding processes and assure clients of your security commitment.

Wisely TPN

TPN: An Introduction

The Trusted Partner Network (TPN) is a global, industry-wide movie, film, television, broadcast, and game cybersecurity content protection initiative. The TPN helps service providers prevent leaks, breaches, and hacks of their customers’ movies and television shows prior to their intended release date and seeks to raise security awareness, preparedness and capabilities within the industry. The TPN is owned and operated by the Motion Picture Association.

MPA Content Security Best Practices

The MPA Content Security Best Practices (MPA CSBP) is an Information Security Management System (ISMS) control framework derived from and mapped to AICPA TSC 2017, CSA CCM v4.03, ISO/IEC 27001:2022, ISO/IEC 27002:2022, and NIST 800-53 Rev. 5. MPA CSBP is industry-specific and is designed to be of use by any organisation that is engaged in the Media and Entertainment (M&E) industry supply chain. The framework can be used standalone or blended with other ISMS or risk management regimes including ISO/IEC 27001:2022, NIST CSF 1.1, ITIL v4, and COBIT 2019.

What is a TPN Assessment?

TPN Assessment is a cybersecurity supply chain audit aimed at service providers (a.k.a. vendors) where your business' ISMS implementation, risk management philosophy, physical security, digital security, cloud security, software development practices, and secure content handling workflows are benchmarked for conformance with the MPA CSBP. The assessment process is designed to deliver a comprehensive risk and control treatment report to MPACDSA, and ACE member studio content owners including Walt Disney Studios, Sony Pictures, Netflix, Paramount Pictures, Warner Brothers Entertainment, and Universal Pictures detailing your ISMS implementation, approach to risk and business continuity management, framework control implementation, control treatment, and to identify areas of non-conformance for remediation. The need to comply with the MPA CSBP is strictly voluntary. TPN Assessments are voluntary. TPN is not an accreditation program. TPN Assessments are managed via the TPN+ Portal.

How does a TPN Assessment help my business get work?

The completion of TPN Blue Shield and TPN Gold Shield Assessments will make it dramatically easier for your business to bid successfully for work on projects as one of the key barriers to entry has been removed. Specifically, you have demonstrated that you have a working cybersecurity compliance program in place and have had that program independently audited.

If your business intends to bid or work on any movie, film, TV, broadcast, or game projects that are offered by an MPA, CDSA or ACE member studio then you will generally be required to undertake a cybersecurity assessment. Cybersecurity assessments are often conducted directly by the studios themselves. This might be sufficient for your business compliance needs if you only intend to work for one or two studios directly.

 

Alternatively, your business can join the TPN and complete a cybersecurity assessment independent of the studio's content security programs. The advantage of this is that TPN Assessments are recognised industry-wide, by all content owners and other service providers participating in the M&E supply chain. Once you have joined the TPN, you can commit to undertaking a TPN Blue Shield self-attestation assessment. Once that is complete you can then commit to completing a TPN Gold Shield assessment which is conducted by an independent third-party TPN Assessor.

The completion of Blue Shield and optionally Gold Shield assessments shows that your business has a demonstrable cybersecurity posture and is committed to secure content handling workflows that meet M&E industry best practices. This in turn provides a level of confidence to your clients and content owners that not only are you likely to deliver exemplary work, but their content is safe and unlikely to be leaked, lost, or stolen.

formkit_arrowright.png
formkit_arrowright.png

So how do I get assessed?!

Group 53.png

Join the TPN

Group 54.png

Pay the annual membership fee

formkit_arrowright.png
Group 58.png

Complete the Gold Shield Assessment

formkit_arrowright.png
Group 17.png

Contact a TPN Assessor and get a quote for your Gold Shield Assessment

Group 16.png

Complete the Blue Shield Assessment

formkit_arrowright.png
Abstract Sphere

Have questions? Ready for TPN Gold Shield Assessment?

How can we help?

Assessment
Preparation

We can help you prepare for assessment to ensure your business meets ISO 27001 or MPA Content Security Best Practices with our Readiness and Gap Analysis.

Policy


Templates

Get access to Cybersecurity Policy templates to get you started whether you are a start-up facility or need to refresh your current policies for your audit / assessment.

TPN Gold
Assessment

Onsite TPN Gold Shield Assessment and ISO/IEC 27001 assessment where we audit your facility or organisation by one of our Accredited Assessors.

Assessment
Remediations

We work with you to rectify any shortcomings observed in your cybersecurity posture as a result of your TPN Assessment or ISO/IEC 27001 audit.

How are we different and Why choose us

Our Assessors are industry veterans who have worked on multiple shows and have the screen credits to prove it. Having done many assessments we understand the complexity of cybersecurity, risks involved in operating a facility and handling vendor content. We can work with you to navigate through the TPN assessment and audit process and requirements to bring you a more seamless, stress free, easy and cost effective result.

Assessment Preparation/Gap Analysis

Have you been requested a Cybersecurity (TPN or ISO/IEC 27001) assessment by any of the studio content owners including Disney, Netflix, Warner Brothers, Sony, Paramount, Bad Robot, Amazon, HBO and Marvel and not sure how to be prepared? We can assist you with assessment preparation, readiness and gap analysis, security policies and engineering services to ensure your facility meets the MPA Content Security Best Practices prior to commencing an assessment.

TPN Gold Shield Assessment

We work with you to rectify any shortcomings observed in your cybersecurity posture as a result of your TPN Gold Assessment or ISO/IEC 27001 Audit.

Assessment Remediation

We work with you to rectify any engineering or policy shortcomings observed in your cybersecurity posture as a result of your Assessment.

Abstract Sphere

Service Regions

Australia | New Zealand | UK | USA | Canada | Japan

India | Philippines | Malaysia | Singapore

Thailand | Vietnam | New Caledonia | Vanuatu | Fiji

Why work with us?

Our Assessors are industry veterans who have worked on multiple shows and have the screen credits to prove it. Having done many assessments we understand the complexity of cybersecurity, risks involved in operating a facility and handling vendor content. We can work with you to navigate through the TPN assessment and audit process and requirements to bring you a more seamless, stress free, easy and cost effective result.

Cybersecurity Services

Consulting, Advise & Training

Don't know where to begin? We are here to help you proactively protect your business against advanced cybersecurity threats. We can advise you on how to go about securing your enterprise, audit your existing networks and systems and work with you to develop security awareness and incident response training programmes.

Governance, Risk & Compliance

Do you have a corporate wide strategic plan to meet your cybersecurity objectives? Are you aware of cyber risks within your organisation? Do you need to meet necessary security compliance in order to operate legally or obtain cyber insurances? We can help you implement and maintain a cybersecurity framework that will form the cornerstone of you corporate cyber governance.

Cyber Architecture & Engineering

We are continually on the lookout for the newest technologies and best-of-breed tools in order to architect and build secure networks and systems. We can architect and design solutions to meet your needs incorporating solutions to cover CIS-20ASD's Essential Eight and OWASP Top 10:  Network Inventory, Asset Discovery, Application White-listing, Continuous Vulnerability Assessment & Remediation, EndPoint Protection, Backup and DR, Centralised Logging & SIEM, Secure WiFi, Secure VPN + 2FA, Mobile Device Management, Secure Programming

TPN & ISO/IEC 27001 Assessment, Readiness & Gap Analysis

The Trusted Partner Network is a global film and television content protection initiative established as a joint venture between the MPA and CDSA. We offer TPN auditing and consulting services, including AssessmentPreparation, Pre-Assessment Engineering. Onsite Assessment, Post-Assessment Remediation, Post-Assessment Engineering. We can also assist you in implementing the MPA Content Security Best Practices based on your facility type and content handling methods.

TPN - Trusted Partner Networks
Frequently Asked Questions

  • How do I prepare for an assessment?
    There are a variety of ways to prepare for an assessment. Downloading a free copy of the MPA content security best practices is a great way to start. If you aren’t sure about how to implement controls or need other assistance, there are also TPN Assessors that may be able to help you with consultative work. Please remember that if you select a TPN assessor to aid in either preparation or remediation work, that assessor cannot be the same person providing your TPN assessment.
  • Do I have to have a TPN assessment to do business with a content creator?
    No. Joining the TPN is voluntary. Individual content creators can always decide who to do business with depending on the type of project and their own risk management strategies. The TPN program demonstrates to content holders that a vendor facility takes content security seriously and ensures its protection.
  • Does the TPN endorse or recommend vendors?
    The TPN does not endorse, recommend, or certify vendors. The TPN provides a unified, consistent framework of assessment recognised by the industry as the benchmark for content security. Upon completion of their TPN assessment, the vendor facility may display the TPN logo to show the world they participate in the TPN and strive for the highest levels of security for their client’s content.
  • Who pays for a TPN Assessment?
    Assessment fees are underwritten by the vendor. Assessment reports are shared within the TPN+ Platform and can also be shared with customers outside the TPN at the vendor’s discretion. Content owners may also opt to pay for individual TPN Gold Assessments.
  • Does the TPN endorse, evaluate, or recommend hardware or software solutions for security?
    At this time, the TPN does not evaluate or address specific hardware or software solutions at the product or service level. The TPN is focused on assessments of facilities and workflows that directly handle intellectual property and programming content of creators and title rights holders.
  • Who are the TPN Assessors?
    Individual assessors (not audit firms) undergo a strict review and approval process as to their expertise in securing pre-release, entertainment content. Vendors will hire an Accredited TPN Assessor from the TPN database and will schedule their assessment and manage the process via the secure online platform.
  • What are the benefits to service providers in the TPN program?
    The TPN program will provide a number of benefits to service providers, including: ​ Reduce the number of assessments conducted at each facility annually. Reduce the number of different controls used by various content owners. Create competitive, market-driven assessment pricing. Accelerate assessment report turn-around. Offer controls that are specific to the needs and workflows of specific vendor types. Assist in identifying vulnerabilities and communicate remediation through the TPN+ Platform. Allow vendors to promote their security preparedness.
  • What are the criteria (standards) the TPN Assessors review my facility against?
    The TPN assesses against a set of controls specific to your business operations and is directly based on the industry-recognized MPA Content Security Best Practices.
  • Who recognises the TPN logos and assessment?
    The major Hollywood motion picture studios and many others in the industry participated in the development of this program.
  • What types of facilities are assessed?
    Currently, the TPN is available to provide assessments of most production, post-production, and distribution operations throughout the entertainment supply chain. Your facility’s specific services will be determined and addressed during the TPN assessment process.
  • What vendors should join the TPN - Trusted Partner Network?
    Joining the TPN is voluntary; however, every vendor – large and small – that believes that security is a core business principle of their organization should join the TPN.
  • What do I get for my assessment fee?
    Your assessment fee gets your facility reviewed by a TPN Accredited Assessor of your choosing, a thorough assessment report with suggested remediations and improvements, and visibility in the vendor roster within the TPN+ Platform. Additionally, once your assessment has been completed through the TPN, the TPN will follow up on remediation items and update your facility data. The TPN also provides logos for display to acknowledge participation. TPN will work with you to keep your status current through annual assessments and will provide technology alerts regarding possible vulnerabilities within your own systems.
  • How much does a TPN assessment cost?
    The cost of an assessment is scoped on a case-by-case basis, by the TPN Accredited Assessor.
  • Who gets to see the TPN Assessment Report?
    A TPN+ Assessment Report will be visible to content owners that are a part of the TPN, as well as our internal quality assurance experts. No other vendors, competitors or otherwise, will be able to see your assessments or any information contained within. Additionally, if you funded your TPN facility assessment you may share your TPN+ Assessment Report with anyone you wish.
  • How does a vendor get their information published in the TPN directory?
    Once enrolled in the TPN+ Platform, the vendor(s) will have their company information, along with any authorised supporting assessment materials, published in the TPN Vendor Directory.
  • How do I get TPN assessed?
    Participating in the TPN is voluntary and very straightforward. Simply follow the steps to begin the process.
  • Is the TPN international, and if so, where does the TPN perform assessments?
    The TPN plans to serve the international community with assessors available to address facilities in most geographic regions of the world.
  • How are TPN Accredited Assessors qualified?
    TPN assessors go through a careful screening of their credentials and experience in the industry auditing information security and entertainment assets. There is also a technical test and vetting process for the assessor to gain accreditation.
  • How frequent are the TPN Assessments?
    Due to the dynamic nature of the content security landscape, and the ongoing development and refinement of security controls, TPN Blue Shield assessments renew annually. Gold Shield assessments renew every two years.
  • Does the TPN certify my facility and operations?
    Completing an annual TPN Assessment allows you to display the TPN Blue Shield or Gold Shield logo to indicate your facility or operation has been reviewed by a TPN Accredited Assesor. The logos are recognised by many content owners but it is not a “certification.” Individual business decisions will always be made by your customers based on their needs.
  • Can I “fail” a TPN Assessment?
    The TPN assessment does not provide a “pass/fail” grade, certification, or rating. It provides an assessment of a facility’s security preparedness for conformance with the MPA Content Security Best Practices. If an assessment indicates non-conformance with a control or practice, necessary remediation may need to be undertaken. The service provider may need to provide evidence of their remediation to the TPN or content owner. The TPN also has a formal review and submission process for any assessment disputes. Assessors are regularly measured and evaluated through the TPN Accredited Assessor Program.
  • Why should I consider a TPN assessment?
    The TPN has been developed to help the industry improve content security, avoid duplicative assessments, and provide content owners with a unified platform for recognizing levels of conformance to the MPA’s content security best practices.
  • Will content owners still be conducting their own assessments?
    The TPN is expected to greatly reduce the number of content owner-initiated and funded assessments. Content owner assessments will continue on an “as-needed” basis.
  • Does the TPN Assessment substitute for ISO or other standards bodies?
    The TPN Assessment is designed to be the benchmark for the film and television industry’s handling of content across all phases of the supply chain. It is based on the widely recognized MPA Content Security Best Practices. TPN+ Assessment is not a substitute for ISO or other standards bodies not specific to our industry.
  • If I have multiple facilities or locations how do I get assessed?
    Each facility is considered a separate operation for the purposes of an assessment. Please complete the general questions for the locations you wish to have evaluated on the TPN+ Platform and individual assessments can be arranged.
9d3347_5f5df953b1934257b8b76d3503203caemv2.png

Have questions about how Assessments & Audits work?

shutterstock_2206524703.jpg

GRC Policy Starter

MPA Content Security Best Practices aligned Security Manual
10 Policy Templates
ISMS Implementation Guide

bottom of page