So, you’re a content owner who wants to work with a new M&E vendor. But before you do, it’s imperative to ensure their cybersecurity posture and data protection capabilities are up to snuff.
That often means undergoing complex and time-consuming cybersecurity assessments to assess cyber risk for every potential partner—a real pain for both vendors and content owners that can also be a significant drag on time-to-market.
But that’s not the case if your vendor has already been assessed by the Motion Picture Association (MPA)’s Trusted Partner Network (TPN). That’s because TPN reduces the cybersecurity risk assessment burden on vendors and content owners via a standardized, global program that gives real-time visibility into a vendor’s security posture.
Let’s look at exactly what is the TPN program and its cybersecurity framework, its security testing, how it keeps content in the media and entertainment (M&E) industry safe, and how working with a member of TPN’s vendor roster can lower risk while saving content owners time and money.
Table of Contents
Secure Cloud File Transfer
MASV is ISO 27001 and SOC 2 compliant, and a TPN Gold Shield vendor.
What is the Trusted Partner Network (TPN)?
The TPN is a global content security initiative designed to keep content secure and help content owner cybersecurity risk management in an environment awash in bad actors and potential cyber threats. It includes more than 1,000 partners in 60-plus countries, and helps vendors and content owners keep intellectual property (IP) secure by:
- Establishing and maintaining industry security standards and best practices to reduce the risk of unauthorized access, use, or piracy.
- Helping vendors identify and mitigate security vulnerabilities and cyber risk, along with ways to improve their security posture both on-premises and in the cloud, through an application cyber security assessment and network security assessment.
- Providing content owners visibility into the security posture of industry vendors through an easy-to-access, global directory of trusted partner vendors and their TPN status.
The TPN is owned and managed by the MPA, a heavyweight group of content studios including Walt Disney Studios, Netflix, Paramount, Amazon MGM Studios, Sony Pictures, Warner Bros., and Universal Pictures.
The organization recently re-launched its offering based on updated MPA Content Security Best Practices (CSBP), which addresses the industry’s rapid shift to cloud- and hybrid-based applications, supply chains, and workflows.
The TPN doesn’t provide pass/fail grades, certifications, or security ratings. Instead, it’s a cybersecurity assessment tool that provides content owners with vital information on a vendor’s adherence to MPA CSBP.
💡 Note: The MPA CSBP is a security control framework for M&E mapped against other major security frameworks, such as AICPA TSC 2017, CSA CCM v4.03, ISO/IEC 27001:2022, ISO/IEC 27002:2022, and NIST 800-53 Rev. 5. The most recent version of MPA CSBP, 5.2, was released in August 2023.
The relaunch also included a new TPN+ online platform that allows content owners to quickly search and verify the security posture of any service provider on the organization’s vendor roster.
How to Protect Against Content Piracy
Protect your IP from digital content piracy via tools like watermarking, active verification, and content protection systems.
What’s the TPN’s Role?
The TPN was launched in 2018 to “really reduce the number of security assessments that the vendor community had to go through for each of the studios,” explained TPN President Terri Davies last year.
“So some brilliant minds got together, and they pulled together this concept called TPN that basically leveraged the MPA best practices and built a questionnaire on top of it, which is, in essence, the TPN program.”
Since then, TPN’s cyber risk assessment services have become a go-to source of truth for studios looking for qualified vendors (with the added bonus that vendors come pre-assessed by TPN, reducing administrative burden on both sides).
This source of truth is driven by the organization’s “one industry, one baseline” mantra, TPN+ online platform—only accessible to members, and only searchable by content owners—and methodology tweaks aimed at addressing “assessment fatigue” among both service providers and content owners.
💡 Note: Service providers can qualify for either TPN Blue Shield or Gold Shield status. While both are assessed against the MPA CSBP, Blue Shield status is self-reported while Gold Shield is based on an accredited third-party cyber risk assessment. Content owners can view a detailed security report generated by official TPN assessors of Gold Shield status members via the TPN+ platform. MASV attained TPN Gold Shield status in early 2024.
TPN now takes other security credentials, cybersecurity assessments, or certifications into account in its platform, for example. “So if a vendor, especially an application vendor, has done SOC 2, for example, we now accept SOC 2 in the TPN+ platform,” Davies says. “And the content owners can see that… If they’ve done an ISO cert, we accept that, and we (added) built-in filtering based on the ISO cert to pre-populate answers in the TPN questionnaire as well.”
For vendors, being on the TPN vendor roster is now essentially a prerequisite for doing business with any major studio.
The relaunch also included a new TPN+ online platform that allows content owners to quickly search and verify the security posture of any service provider on the organization’s vendor roster.
The Benefits of Working With a TPN-Assessed Vendor
Working with TPN-assessed vendors has several benefits for content owners in the M&E space who need to protect sensitive information. For starters, adhering to TPN standards helps vendors prevent data breaches, leaks, and content piracy of their customers’ valuable IP.
And because TPN is an arm of the Motion Picture Association, content owners can be assured that a TPN cybersecurity risk assessment is performed with critical knowledge of the M&E industry’s unique content security requirements.
But the benefits of working with TPN-assessed M&E vendors goes even further than that. Doing business with members of the TPN vendor roster assures content owners of:
- Reduced security risk assessment burden: Vendors and content owners can dramatically reduce the number of security assessments needed when bidding on or hiring vendors for new work. There’s no need to re-vet a particular vendor, and run through lengthy security questionnaires over again to gauge cybersecurity preparedness, when they’re already on the TPN roster of companies.
- Improved transparency and visibility: Vendors can log in to TPN’s centralized database to quickly check the security status of potential service providers, including the ability to view detailed service provider security reports. The TPN+ platform allows service providers to improve their overall visibility among content owners, while saving the latter time when looking at vendors.
- Near-real time critical security alerts: TPN distributes critical security alerts to service providers, content owners, and assessors when security threats are detected. This includes reminders to adhere to MPA best practices (such as multi-factor authentication (MFA) and the use of secure remote access connections).
- Better decision-making: A TPN vulnerability assessment provides a rich repository of timely information around a vendor’s cybersecurity posture and cybersecurity awareness, across websites and applications, to help content owners make better and more informed cyber risk management decisions.
- Ongoing vendor improvements: While qualifying for TPN’s service provider roster through a successful TPN audit indicates a high level of cybersecurity maturity, it doesn’t mean a company is 100% perfect. That’s why almost all vendors are given by TPN a list of remediations each vendor must commit to addressing. Vendors only receive a Gold Shield once all remediation items have been addressed. Content owners can use TPN+ to view service provider remediation lists, their status, and their level of cybersecurity readiness.
- Global security standardization: TPN provides a global network security posture standard for M&E vendors across the world, based on an authoritative list of best practices, from one of the most esteemed associations in the industry.
MASV: Large File Transfer and Management From a TPN Gold Shield Member
MASV secure file transfer was built with security in mind from Day One and adheres to MPA best practices. MASV officially joined TPN’s vendor roster in 2021, embarking on our own TPN cybersecurity assessment and attaining TPN Gold Shield status in early 2024.
MASV’s robust security posture includes MFA, SSO, and other access management tools to ensure privileged access; encrypted file transfer on the secure AWS network; and data integrity checks such as checksum verification and vulnerability scanning on all our dependencies.
We invite content owners to log into TPN+ to view MASV’s cloud security assessment. Sign up for MASV’s free tier to test our security posture for yourself, or contact us for custom enterprise pricing.
Enhanced Cybersecurity Readiness
All MASV transfers are encrypted in flight and at rest, and you can set custom passwords, download limits, and file expiry dates.