TPN VENDOR FAQs
What vendors should join the TPN?
Joining the TPN is voluntary; however, every vendor – large and small – that believes that security is a core business principle of their organization should join the TPN.
What are the benefits for vendors in the TPN program?
The TPN program will provide a number of benefits to vendors, including:
- Reduce the number of assessments conducted at each facility annually.
- Reduce the number of different controls used by various content owners.
- Create competitive, market-driven assessment pricing.
- Accelerate assessment report turn-around.
- Offer controls that are specific to the needs and workflows of specific vendor types.
- Assist in identifying vulnerabilities and communicate remediation through the TPN Platform.
- Allow vendors to promote their security preparedness.
Why should I consider a TPN assessment?
The TPN has been developed to help the industry improve content security, avoid duplicative assessments, and provide content owners with a unified platform for recognizing levels of compliance to the MPAA’s content security best practices.
What types of facilities are assessed?
Currently, the TPN is available to provide assessments of most production, post-production, and distribution operations throughout the entertainment supply chain. Your facility’s specific services will be determined and addressed during the TPN assessment process.
If I have multiple facilities or locations how do I get assessment(s)?
Each facility is considered a separate operation for the purposes of an assessment. Please complete the general questions for the locations you wish to have evaluated on the TPN Platform and individual assessments can be arranged.
Is the TPN international, and if so, where does the TPN perform assessments?
The TPN plans to serve the international community with assessors available to address facilities in most geographic regions of the world.
Does the TPN certify my facility / operation?
Completing an annual TPN assessment allows you to display the TPN logo and assessment certificate indicating your facility or operation has been reviewed by a TPN Qualified Assessor. The TPN logo is recognized by many content holders but is not a “certification.” Individual business decisions will always be made by your customers based on their needs.
Who recognizes the TPN logo / assessment?
The major Hollywood motion picture studios and many others in the industry participated in the development of this program.
Do I have to have a TPN assessment to do business with a content creator?
No. Joining the TPN is voluntary. Individual content creators can always decide who to do business with depending on the type of project and their own risk management strategies. The TPN program demonstrates to content holders that a vendor facility takes content security seriously and ensures its protection.
Will content owners still be conducting their own assessments?
The TPN is expected to greatly reduce the number of content owner-initiated and funded assessments. Content owner assessments will continue on an “as-needed” basis.
If I have an assessment from the TPN, will I still need an assessment from the MPAA, CDSA, or others?
Both the MPAA and CDSA will cease their individual security auditing programs and focus exclusively on developing and managing the TPN program and TPN annual assessments. Past audits or assessments will remain valid for the period originally indicated but will not be renewable within their individual programs. For both organizations, our primary focus is to provide a unified assessment program for our industry through the TPN.
How does a vendor get their information published in the TPN directory?
Once enrolled in the TPN Platform, the vendor(s) will have their company information, along with any authorized supporting assessment materials, published in the TPN vendor directory.
How do I get a TPN assessment?
Participating in the TPN is voluntary and very straight forward. Simply follow the steps on the website and enter your information to begin the process. Through the TPN Platform you will receive all the notifications and information necessary to arrange your initial assessment.
How do I prepare for an assessment?
There are a variety of ways to prepare for an assessment. Downloading a free copy of the MPAA content security best practices is a great way to start. If you aren’t sure about how to implement controls, or need other assistance, there are also TPN assessors that may be able to help you with consultative work. Please remember that if you select a TPN assessor to aid in either preparation or remediation work, that assessor cannot be the same person providing your TPN assessment.
Who pays for the TPN assessment?
Assessment fees are underwritten by the vendor. Assessment reports are shared within the TPN platform and can also be shared with customers outside the TPN at the vendor’s discretion. Content owners may also opt to pay for individual TPN assessments.
How much does a TPN assessment cost?
The cost of an assessment is negotiated, on a case-by-case basis, between the TPN Qualified Assessor and the vendor making the assessment request. The TPN has no control of the pricing models of individual assessors and/or their firms.
What do I get for my assessment fee?
Your assessment fee gets your facility reviewed by a TPN Qualified Assessor of your choosing, a thorough assessment report with suggested remediations and improvements, and visibility in the vendor roster within the TPN Platform. Additionally, once your assessment has been completed through the TPN, we follow up on remediation items and update your facility data. We also provide an annual assessment certificate and the TPN logo to display to acknowledge participation. TPN will work with you to keep your status current through annual assessments and will provide technology alerts regarding possible vulnerabilities within in your own systems.
How frequent are the TPN assessments?
Due to the dynamic nature of the content security landscape, and the ongoing development and refinement of security controls, TPN assessments renew annually.
Can I “fail” a TPN assessment?
The TPN assessment does not provide a “pass/fail” grade, certification, or rating. It provides an assessment of a facility’s security preparedness for compliance with the MPAA content security best practices. If an assessment indicates non-compliance with a control or practice, any necessary remediation may be conducted by a separate but similarly approved TPN assessor. The vendor may also provide evidence of their own remediation to the TPN. The TPN also has a formal review and submission process for any assessment disputes. Assessors will be regularly measured and evaluated through the TPN Qualified Assessor Program.
Who gets to see my TPN Assessment Report?
A TPN Assessment Report will be visible to content owners that are a part of the TPN, as well as our internal quality assurance experts. No other vendors, competitors or otherwise, will be able to see your assessments or any information contained within. Additionally, if you funded your TPN facility assessment you may share your TPN Assessment Report with anyone you wish.
Who are the TPN assessors?
Individual assessors (not audit firms) will undergo a strict review and approval process as to their expertise in securing pre-release, entertainment content. Vendors will hire a Qualified Assessor from the TPN database and will schedule their assessment and manage the process via the secure online platform.
How are TPN Qualified Assessors accredited?
TPN assessors go through a careful screening of their credentials and experience in the industry auditing information security and entertainment assets. There is also a technical test and vetting process for the assessor to gain the accreditation.
What are the criteria (standards) the TPN assessors review my facility against?
The TPN assesses against a set of controls specific to your business operations and are directly based on the industry-recognized MPAA content security best practices.
Does the TPN assessment substitute for ISO or other standards bodies?
The TPN assessment and credential is designed to be the benchmark for the film and television industry’s handling of content across all phases of the supply chain. It is based on the widely recognized MPAA content security best practices. The TPN assessment is not a substitute for ISO or other standards bodies not specific to our industry.
Does the TPN endorse or recommend vendors?
The TPN does not endorse, recommend, or certify vendors. The TPN provides a unified, consistent framework of assessment recognized by the industry as the benchmark for content security. Upon completion of their TPN assessment, the vendor facility may display the TPN logo to show the world they participate in the TPN and strive for the highest levels of security for their client’s content.
Does the TPN endorse, evaluate, or recommend hardware or software solutions for security?
At this time, the TPN does not evaluate or address specific hardware or software solutions at the product or service level. The TPN is focused on assessments of facilities and workflows that directly handle intellectual property and programming content of creators and title rights holders.