Hollywood’s major studios are looking to seal up the cracks in their digital supply chain.
The MPAA has teamed with trade org Content Delivery & Security Association (CDSA) to launch the Trusted Partner Network — a new seal-of-approval program for partners aimed at reducing the risk of TV shows and movies hitting piracy networks before their release.
Launched Monday, the TPN is a global clearinghouse that will set security standards for entertainment production and distribution companies. Partners who pass an independent assessment conforming to those industry best practices will be listed as “trusted partners” in the TPN directory.
The move comes after a series of high-profile pre-release leaks in 2017. Those included the theft and release of “Orange Is the New Black” season 5 episodes from an audio post-production firm and an episode from “Game of Thrones” season 7 that was traced to employees at a data-management vendor working with 21st Century Fox’s Star India.
The Trusted Partner Network, established as standalone entity funded by the MPAA and CDSA, “will help prevent leaks, breaches, and hacks of film and television content,” the organizations said in a joint announcement. The participants in the TPN will not be publicly listed (only verified members will be able to access the directory).
Here’s how the Trusted Partner Network will work: Individual assessment professionals (not their audit firms) undergo an approval process. Once they get the OK, vendors will pay to hire a “qualified assessor” from the TPN database to review the security of their procedures and technology systems (although individual content owners may also opt to foot the bill). The assessment reports are shared within the TPN platform and can also be shared with customers outside the TPN at the vendor’s discretion.
The first class of TPN “qualified assessors” is being tested this week, and beta testing of key vendors is expected to commence this month. The full rollout of the TPN program is scheduled for June 2018. The partner assessments will be required to on an annual basis.
Deluxe Entertainment is one the vendors confirmed to be working with the TPN, but the company declined to discuss its involvement citing a policy of not commenting on security issues.
“Creating the films and television shows enjoyed by audiences around the world increasingly requires a network of specialized vendors and technicians,” MPAA chairman and CEO Charles Rivkin said in a prepared statement. “That’s why maintaining high security standards for all third-party operations — from script to screen — is such an important part of preventing the theft of creative works and ultimately protects jobs and the health of our vibrant creative economy.”
Besides promoting baseline, industry-wide standards, the Trusted Partner Network is aimed at greatly reducing the number of assessments that individual studios and other content owners perform on a worldwide basis. The organizers of the TPN compare the effort to industry-wide security initiatives in other sectors such as finance, payment processing, and health care.
The Trusted Partner Network is headed by chairman/president Dan Robbins, MPAA’s senior VP and associate general counsel, and CEO Guy Finley, who is executive director of the CDSA. The organizers of the Trusted Partner Network compare it to industry-wide security initiatives in other sectors, such as finance, payment processing, and health care.
“Our goal is to create a dynamic industry program where entertainment vendors demonstrate to content owners around the world that they strive for the highest levels of security for their client’s content,” CDSA’s Finley said.
With the launch of the Trusted Partner Network, CDSA will sunset its Content Protection Security (CPS) vendor-auditing program with a program expiration date of March 31, 2019. The MPAA will continue to maintain and update its content-security best practices for industry players.
The MPAA and CDSA noted that a TPN assessment does not provide a “pass/fail” grade, certification, or rating. Rather, it’s an assessment of a facility’s security preparedness for compliance with MPAA content security best practices.
More info on the Trusted Partner Network initiative is available on its website, available at ttpn.org.