What is the Trusted Partner Network?
Per TPN:The Trusted Partner Network primarily aims to increase security awareness among Service Providers and allow Content Owners (the major Studios) to use TPN assessments in place of their own.
Instead of each individual studio doing a security deep-dive with each Service Provider they want to bring on to a project, they ask Service Providers to get assessed by TPN instead.
This greatly simplifies the process of securing sensitive content and reducing work for both Service Providers and the Studios.
TPN and the Studios regularly discuss issues in the industry and update the MPA Content Security Best Practices to reflect priorities in the industry.
Note that TPN Assessments are not just for the Content Owners - Service Providers can use TPN Assessments to judge the security posture of other Service Providers they might want to work with.
The MPA Content Security Best Practices is a real security framework and can be presented outside the industry to show compliance to a security framework. A TPN Assessment is not a pass/fail audit. It merely attempts to get a true picture of a Service Providers' security posture.
Blue Shield - the TPN Blue Shield indicates to Content Owners that you have completed the TPN Questionnaire. If you Self-Report and submit, your Blue Shield is valid for 1 year. If you then decide to have an Assessor perform an assessment, upon completion your Blue Shield will now be valid for 2 years.
Gold Shield - a TPN Gold Shield indicates that you had an assessor assess your environment and release a report, and you the Service Provider put in a Remediation Plan for items that did not meet the MPA Best Practices. A Remediation Plan is a list of changes/alternate solutions that you put in place or promise to put in place to secure your environment and bring it up to MPA Best Practices.
Self-reported Questionnaire - the Self-Reported Questionnaire is a Questionnaire Service Providers can fill out to assess their own environment. This typically takes a long time and involves doing a deep dive in to your environments and business practices. Typically this is done with the help of your IT department, but Assessors might offer a service where they guide you along the Questionnaire and provide support and clarity.
Content Owners/Studios - a Company who owns or distributes content, and procures services from Service Providers.
Assessor - an individual who is accredited by TPN to perform TPN assessments.
Service Provider - a Company who provides services and/or software to Content Owners.
Scope - scoping can refer to the initial signup process to TPN, where Service Providers have to determine what membership level applies to them and their business. In the context of Assessments, Scope refers to the nature of the Assessment that the Assessor will perform - will the Assessment require a Site Visit (Site Assessment)? Or is the business wholly in the Cloud, in which case you perform a Cloud Assessment? Assessors will use answers from the company profile, Self-reported Questionnaire and discussions with the business to determine the Scope.
The most widely asked question is "how much?". There is no set fee schedule for these types of assessments. There a numerous considerations that Assessors have to make before deciding how much to charge. Here are a few:
Every Assessor operates under a different set of limitations. Assessors living in Europe might charge you more for an Assessment in Asia. Assessors working under the umbrella of a larger company might charge more than small and independent Assessors. Our suggestion is to find Assessors in your area and shop around - not all Assessors are the same.