Responding to the trend among broadcast organisations to leverage cloud-based solutions for a variety of operational needs, the EBU has updated its EBU R 143 set of guidelines to encompass the cybersecurity requirements of SaaS (Software as a Service).
Initially released in 2016, EBU R 143 was developed by the EBU to provide guidance on cybersecurity safeguards for media organisations and vendors to apply when planning, designing or sourcing products and services. The recommendation has been periodically updated to address emerging challenges and technologies in the field of cybersecurity.
While SaaS platforms offer advantages such as scalability, flexibility, and cost-effectiveness, they also introduce a shift of responsibility towards the vendors in the field of cybersecurity and data privacy, and the EBU has extended the scope of the recommendation with its v2.4 release to incorporate SaaS. The organisations says the move underscores the evolving landscape of cybersecurity threats and the increasing reliance on cloud-based services within the broadcasting industry.
The updated recommendation includes an additional list of cybersecurity requirements covering access management, data protection, security monitoring and incident remediation. The Security Controls Assertation file now also includes a section for SaaS solutions.
The EBU recommends that broadcasters engaged in tenders use it as a basis to set minimal system acceptance levels in their purchasing processes.
