The Trusted Partner Network’s mission is to boost content security preparedness across the global M&E industry. Owned by the Motion Picture Association (MPA), a major part of their work is to support content creators, from script to screen, by publishing relevant and comprehensive “Content Security Best Practices” on behalf of its studio member companies.
The MPA Content Security Best Practices establish a single benchmark of minimum-security preparedness for the M&E industry. They are managed and updated by the TPN program, with feedback from multiple industry stakeholders, including content owners, service providers, and TPN assessors.
The latest version of their Best Practices – Version 5.3 – is about to be published, and to learn more about this update, we checked in with Crystal Pham, TPN’s VP of operations and program management.
Tell us about the role of TPN and how it collaborates with stakeholders to promote best practices across content security preparedness.
“TPN was founded in 2018 with the goal of increasing efficiency and raising content security awareness and standards across the M&E industry. This includes helping companies identify vulnerabilities, increase security capabilities and efficiently communicate security status to customers.
“Today, we have members in over 60 countries, and we help service and application providers identify and reduce duplicate security reporting efforts to their studio customers by leveraging our community platform, TPN+, which is a centralized resource and source of trusted information for member companies to participate, centrally communicate and self-manage security status. By maintaining the MPA Content Security Best Practices, we offer a critical framework and set of security preparedness controls for securing content in the cloud and on-site, including work-from-home and software applications.
“Key to our approach is our high level of stakeholder engagement and track record of enhancing industry standards. We work closely with our assessor community, service and software providers, and the content owners. We also collaborate with industry-leading organizations, such as MovieLabs, who have developed important zero trust recommended practices, and are also participating in the CSA’s pioneering AI compliance and safety initiative.”
You are about to publish Version 5.3 of your Best Practices. What has driven your approach, and what are the key updates you have included?
“As with each annual update to the MPA Content Security Best Practices, our approach to developing Version 5.3 has been based on listening closely to the experiences and feedback of our stakeholders to ensure the controls are aligned with real-life experience, evolving technology and future needs. As a result, Version 5.3 introduces a range of important updates designed to enhance the usability and relevance of the MPA Best Practices. This includes the addition of new definitions and updates to the existing best practices and additional recommendations, ensuring greater clarity and alignment with current security challenges. Several key topics have also been expanded, with new controls introduced for emerging technologies, such as artificial intelligence (AI) and machine learning (ML), as well as zero trust security models. This emphasis on these areas reflects the industry's growing focus on rapidly-emerging technologies and the content security issues they raise.
“To improve usability, some previously combined controls have been separated into distinct areas, and this restructuring provides more targeted guidance and makes the Best Practices easier to navigate.
“Another important enhancement is the expansion of our ‘site & application baseline questionnaires,’ which have grown from 11 to 17 questions. This change increases the scoping capability and improves the user experience by eliminating redundant controls and associated questions. As part of our commitment to making standards accessible, Version 5.3 documentation is also available in ten languages, including these translations: Brazilian Portuguese, Castillian, French, German, Hindi, Italian, Japanese, Korean and Latin Spanish.”
For M&E organizations focused on applying these best practices, how can they demonstrate they are being applied correctly in their organization?
“By joining TPN membership, a service or application provider can complete a site or application TPN assessment, based on the MPA Content Security Best Practices, to earn a TPN Gold Shield. The Gold Shield is awarded in recognition of a company’s commitment to security preparedness and is used as a baseline by our studio members to make their own independent, risk-based decisions.
Looking further to the future, what else is TPN focusing on?
“Security is not and never should be one and done, and bearing this in mind, we are fully committed to continuous improvement – an approach demonstrated by our dedication to annual Best Practice updates and our iterative approach to gathering feedback and releasing various new program updates and capabilities throughout the year. Our plans include continually strengthening security by collaborating with our industry partners around the world to keep content secure.”