LOS ANGELES — The Motion Picture Association’s Trusted Partner Network (www.ttpn.org) aims to raise vendor security awareness while also increasing security capabilities throughout the industry. The TPN maintains the MPA’s content security ‘best practices,’ which serve as a benchmark for those partners involved in creating film and television content.
First launched in 2018, The Trusted Partner Network initially focused on physical site assessments, evaluating studios through a series of questionnaires and on-site inspections that would earn vendors accreditation. Prior to the COVID outbreak and studios implementing off-site and remote workflows, the TPN program grew as much as 300 percent for site assessment, but that changed once lockdowns were put in place.
“Everybody had to leave their buildings and move to the cloud,” recalls TPN president, Terri Davies, “and the TPN had to keep up.”
The Trusted Partner Network recently published V.5.0 of its best practices, which now includes considerations for vendors who are using apps and the cloud in their evolving workflows. The TPN program itself will transition to a fixed annual membership fee in February, a change from its current policy of variable fees for site assessment. Assessments were found to vary depending on the vendor and whether or not they have a single site or multiple locations, as well as the complexities of the cloud applications they are incorporating in their workflows. This new approach will simplify memberships for interested vendors.
Also in February, TPN will launch a new platform — dubbed TPN+ — which is designed to help vendors manage their profiles when meeting different levels of security standards, and at the same time, reducing redundancy once industry-wide solutions have proven effective.
“Now you have this matrix ability to manage your product family and your full technology stack,” Davies explains of the platform. The TPN questionnaire is now fully automated, with pre-populated answers to questions that help reduce what was once repetitive and fatiguing. For example, if a file transfer application has already been vetted, it would be simple to add that application to a vendor’s profile without having to explain its nuanced features.
There are also different security levels that can be achieved, further helping to simplify the process. Studios that work on TV libraries or reruns, for example, might only need to achieve a Blue TPN Shield level, while those working on sensitive, pre-release content might work toward higher-level “Gold” certification.
One of those Gold-level vendors, who are early adopters of the TPN+ platform, is Dneg, a leading visual effects facility with locations around the world. The studio recently announced that is it further expanding it reach with an operation in Sydney, and not surprisingly, many of its creatives are also working remotely, further complicating the process of managing security for sensitive material.
Royston Ballard is Dneg’s chief information security officer, tasked with looking after everything to do with information security, assurance compliance and data protection for the company. He echoes Davies’ thoughts on changing workflows and moving to the cloud because of the pandemic.
“Given where we sit at the moment, with very much more of a hybrid working model that's been adopted — both up to and through the pandemic — the landscape has changed exponentially,” says Ballard. “A lot of the traditional toolsets that were sort of an ‘enclave-type’ approach, where everything was ‘ring fenced’ from a facility perspective, [have] now exponentially grown to encompass not only multiple facilities, (but) people working from home. The toolsets — from a collaborative, communicative and production standpoint — have now exploded into the cloud. From our perspective, the real benefit [of TPN+] is that transparency and visibility of being able to have a single platform which is uniformly adopted throughout the entire industry, where people can get that assurance and compliance snapshots.”
One of the biggest challenges that the Trusted Partner Network has been trying to solve is the speed at which content owners can onboard new vendors or reassess existing vendors when a new project ramps up. Up until now, TPN site assessment would take anywhere from two to four months, notes Davies. New capabilities that will allow service providers to manage their entire product family should help in expediting that process.
The process of reaching different levels of security standards isn’t strictly reserved for MPA members, Davies adds, noting that Amazon Studios and BBC Studios are also on-board, with more coming, joining thousands of existing vendors that are already in the system.
Ballard sums up the value of the TPN+ platform from the perspective of a client, who would be calling on a studio, such as Dneg, and its global resources.
“(It) gives that level of assurance and compliance, irrespective of wherever people are working {around] the globe, or where they're connecting to. There's a measurable standard to which we have to attain and comply with, which is easily demonstrable across the entire board. From our side, that's another huge plus.”