Your browser is out-of-date!

Update your browser to view this website correctly. Update my browser now

×

The security super service provider

Trusted Partner Network president Terri Davies talks to TVBEurope about the importance of collaboration and certification in ensuring security in the media industry

The Trusted Partner Network (TPN) is a global security initiative, launched by the Motion Picture Association in 2018.

The aim of the organisation is to help vendors and film studios establish a single benchmark for security in various contexts and at various points in the content pipeline, including on-premise.

Before TPN was launched, vendors were often subject to multiple security audits when working with just one studio. As each vendor would often work with more than one studio, that meant lots of paperwork. TPN created a single benchmark built upon MPA best practices and its own questionnaire.

“The needle, of course, went over the record when Covid happened, because all of the sites that had been assessed shut down and everybody moved to the cloud,” explains TPN president Terri Davies. “And really, because the best practices in TPN hadn’t included software and applications at that time, the studios had no choice but to go back to the old ways and create their own application and cloud assessments, and therefore the industry became fragmented again.”

Davies joined TPN in February 2022 and was tasked with refreshing the programme, reducing the best practices from 365 to around 65. In February 2023, TPN relaunched to include software applications and the cloud.

“Coincidentally, in my old job, I had just been through a TPN assessment, so I experienced it firsthand, and it was painful. It was 450+ questions and not super comprehensive either. It took the 365 best practices and set a questionnaire on top,” Davies continues, “because, frankly, back in 2018 there was no budget, it was a group of well-intentioned people just wanting to follow progress over perfection and help.”

Davies admits that the cloud does make things more complex compared to possible physical weaknesses such as doors and windows, but she believes security in the cloud is possible if just a bit more complicated. 

“TPN used to be very flat, very simple. It was vendor A in Barcelona, here’s the site assessment for that Barcelona building,” she explains. “As we thought about bringing in software applications, which are mostly in the cloud these days, it suddenly made it much more matrixed.”

Now, if a technology vendor completes the TPN assessment, any post or VFX house that uses that technology will automatically inherit the TPN assessment. Studios can then see the full technology stack and the fact that the post or VFX house is responsibly sourcing their technology partners. 

“TPN is not a pass or a fail,” adds Davies, “first of all, for antitrust reasons, but also because we’ve got all eight big studios, plus BBC, Canal Plus and Sky Studios now using the data, and they all have very different risk profiles. We provide information from which they make their own independent risk-based decisions. We also don’t use the word certify, because that implies pass or fail.”

At the time of our interview, TPN had awarded 637 gold shields. The process includes both the Q&A and an assessor who audits the company against their answers. “They may have some remediation items and we may require them to update their remediation plan,” she continues. “Then they get the gold shield which is really an indication to content providers that the vendor is someone they should come and look at.”

“Our companies are struggling, and we need to find ways to help them,” continues Davies. “We understand that money is difficult at the moment but any company can come and sign up on our platform, TPN Plus, create an account, create their profile, answer the TPN questionnaire, which we give a Blue Shield for, see where they’re compliant with the best practices and they don’t have to pay us a penny.”

Looking ahead, education and training will be a big focus for TPN in 2025 and even possible expansion into the music industry. “We’re seeing a lot of crossover with vendors in the gaming business and the music business, as well as the media, movie and TV business, so I think that’s probably a natural extension for us,” concludes Davies.