ETCO INDIA SERVICES FOR MOTION PICTURES ASSOCIATION (MPA) CONTENT PROTECTION BEST
PRACTICES FOR TRUSTED PARTNER NETWORK (TPN) CERTIFICATION AND ITS MAINTENANCE
Motion Pictures Association (MPA) Content Protection Best Practices For Trusted Partner
Network (TPN) Certification and its maintenance

Please contact us at: consulting@etcoindia.co.in

1. Threats to Content and their Transmission/Processing/Storage Assets in Digital Services Sector

Digital Services Businesses in today's competitive world are very complex and are immensely
dependent upon Digital Content, their transmission, processing, storage and security systems. The
challenges of managing Digital Content Risks & their mitigation, Security Controls, Incidents, Root
Causes, Organizational Changes, System Knowledge, System Availability, System Capacity Burn Rate,
Service Levels, Disaster Recovery Readiness, Business Contingency and all supporting Processes are
getting more stringent day by day.

A serious malicious action can lead to serious Financial, Customer, and Reputational impacts, leading
to loss of business deals, revenues, and market share. Most of the organizations have their own
Damage Control Strategies such that they are able to contain the damage to some extent. While this is
important from reactive perspective, it is critical in today's world to have Proactive Control strategies.
The management shall own a framework that can help in reducing the potential threats and
probability of impacts that is possible given the available resources and the restrictions around them.

Primarily, an Organization looks forward to protection from the following major threats to Business
and the corresponding Information Systems:
(1) System Outage - leading to disruption of Business Services being extended to Customers.
(2) Uncontrolled Changes in Business Systems - can potentially result in a number of threats to Digital
Assets from
Confidentiality, Integrity, Availability, Reliability, Trustworthiness, Copyrights, and Fair Usage
perspective..
(3) Content Loss or Corruption - Leading to missing or wrong stored content pertaining to Business
Systems or a Customer.
(4) Transaction Execution and Delivery Errors (due to errors in inputs or processing algorithms)
(5) Unauthorized Dealing and Trading Practices.
(6) Theft, Robberies and Raids.
(7) External and Internal Frauds - malicious actions (like Network Penetration, Internet Hacking, etc) by
individuals/communities leading to Financial, Customer, and Reputational impacts, leading to loss of
business deals, revenues, and market share.
(8) Activity by Competition.
(9) Breaches of Legal Requirements and Self-Regulation: Privacy and Trust related
(10) Major Disasters - Partial/Complete interruptions to business activities.
The answer is to implement a powerful, easy to manage and effective Content Security Management
System within the organization. Digital services industry needs to implement Content Security
Management System to:
(1) Ensure protection of Customer Information against vulnerabilities in India and the Country of the
Customer.
(2) Ensure that they do not become the gateway to exploits into Customer IT environment.
(3) Fulfill the terms of a Master Service Agreement (wherever applicable).
(4) Protect offshore business by tangibly demonstrating a strong and working CSMS framework and its
compliance at India.
(5) Improving process dependence thereby reducing employee dependence thus reducing handover
cycles against attrition of key staff.
(6) Protection of Employees
(7) Protection of Business Critical Information and Content
(8) Establishing a strong edge over competition
(9) Last but not the least - Having an another tangible component in ensuring commitment towards
Customer delight which is the primary mission of all service organizations

2. Scope of Content Security Management System (CSMS) as per MPA Content Security Best
Practices for Trusted Partnership Network (TPN) certification

Content Security Management System (CSMS) is a structured management framework to ensure
protection of sensitive business information. The framework encompasses People, Processes and
Technology (IT systems and other technologies).

The world class standard that defines this framework in detail is BS ISO/IEC 27001:2013 and the best
practices are defined in BS/ISO/IEC 27002. Other standards supporting CSMS implementation are
ISACA's COBIT, NIST 800-53, Cloud Security Alliance, and MPA Content Security Best Practices. In this
proposal, the framework of interest is MPA Content Security Best Practices (supported by all other
prescribed standards) as its compliance is the primary requirement of TPN certification.

Practically every digital services organization has a need for CSMS. The key to success in managing
content security is to know ALL the digital assets of the Organization, their value, the current threats,
probability of exposure, the impact, the risk and the mitigation strategy around them. If planned and
implemented carefully, the management of the Organization can have a centralized control on an end
to end framework that can ensure a clear visibility into the threats, resulting risks and their mitigation
strategy.

A single lose end has enough potential to cause a significant damage. It is like one of the weak gates
of a strong fort. Hence, it is important to implement the entire process framework and resulting
controls without missing on even one of them. It has been our experience that most of the loose ends
remain because of inadvertent ignorance rather than lack of funds. Investment on the best in class
security systems of the world may not be enough unless the processes and controls around them are
adequately implemented.

3. Applicability of MPA Content Security Best Practices in Your Esteemed Organisation

The purpose of the MPA code of best practices for content security is to guide an Organization on the
level of security controls implementation feasible as per the organizational business needs and
customers' security requirements. They guide the organization to implement a structured Content
Security Management System with an approach of Risk Assessment & Business Impact Analysis that
shall incorporate world class best practises in management of the existing systems running in the
Organization in the form of a Framework. The Framework would include:

(1) Executive Security Awareness/Oversight
(2) Risk Management (Risk Assessment, Business Impact Analysis, Risk Treatment)
(3) Security Organisation Structure
(4) Policies and Procedures
(5) Incident Management and Response
(6) Business Continuity and Disaster Recovery
(7) Change Control and Configuration Management
(8) Workflow Security
(9) Segregation of Duties
(10) Background Verifications of Employees and Contractors
(11) Confidentiality Agreements
(12) Third Party Use and Screening
(13) Entry and Exit Security
(14) Management of Visitors
(15) Identification
(16) Perimeter Security
(17) Alarms
(18) Authorisation
(19) Electronic Access Control
(20) Physical and Digital (Cryptographic) Keys
(21) CCTV Cameras
(22) Logging and Monitoring
(23) Searches
(24) Assets and Inventory Management
(25) Media Receiving, Handling, Shipping, and Disposals
(26) External Networking/WAN Security
(27) Internet Access Security
(28) Internal Network/LAN Security
(29) Wireless Security
(30) I/O Device Security
(31) Systems Security
(32) Account Management and Authentication
(33) Mobile Security
(34) Security Techniques
(35) Content Tracking
(36) Human Resources Policies and Procedures
(37) Transfer Systems Security
(38) Transfer Device and Methodology
(39) Client Portal Access Security

Post implementation of the above framework, ETCO India shall assist Your Esteemed Organisation for a
formal registration, assessment, and certification on MPA Content Security Best Practices from a
certified TPN security assessor via the application process described on the TPN website.

4. Proposed Objectives of ETCO India in implementing MPA content security best practices, and
achieving and maintaining TPN certification for Your Esteemed Organisation

To achieve a well documented and implemented CSMS Framework and its controls framework for
compliance with MPA Content Security Best Practices as mandated by TPN.

(1) To implement a structured Framework by means of documentation, communication, trainings,
workshops, certifications and Security agreements.

(2) To support your esteemed organisation in procuring, deploying, and configuring all the required
hardware, software, networking infrastructure, systems and data centre security solutions, physical
security solutions, content processing, transmission, and storage security solutions, AAA and access
control solutions, and application security solutions required to meet the requirements of MPA
Content Security Best Practices.

(3) To document and implement effective security controls to meet the requirements of MPA Content
Security Best Practices.

(4) To create a comprehensive and transparent security reporting system for the Management, Clients,
and other Stakeholders, and to help you in "Demonstrating Compliance during External Audits"
conducted by your existing and new Clients, Regulators, and their Representatives.

(5) To engage with a TPN certified assessor for pre-assessment, and then apply for TPN assessment
through their prescribed process and coordinate with their assessor till final certification. The TPN's
directory of assessors may be accessed from here: https://www.ttpn.org/consultant-directory/


5. About Trusted Partnership Network (TPN) and MPA Content Security Best Practices
compliance, and our role in it

TPN (Trusted Partnership Network) is a global initiative through partnership between Motion Picture
Association (MPA) and the Content Delivery & Security Association (CDSA). Almost every major motion
picture producing company and media content owner is member of these two associations. TPN is
specifically designed for service providers and outsourced production and/or workflow partners of
production companies and any type of content owners. The objective of TPN is to certify compliances
to the controls framework designed under MPA Content Security Best Practices, which are as per ISO
27001 and NIST 800-53 standards. TPN offers assessments through a network of certified professional
assessors for compliance to MPA Content Security Best Practices.

ETCO India's role in TPN is the following:

(a) Taking accountability and responsibility of procurement, implementation, and documentation of IT
infrastructure security, software and applications security, data centre security, physical security, and
content processing security as recommended in the content security controls of the MPA Content
Security Best Practices;
(b) Engaging with a TPN assessor;
(c) Coordination with the TPN assessor for pre-assessment such that all implemented controls can be
verified from the perspective of a certified assessor;
(d) Applying to TPN for formal assessment expressing the TPN assessor hired for pre-assessment as
our preferred assessor;
(e) Coordinating with the TPN assessor and achieving TPN certification;
(f) Repeating the TPN assessment cycle every year (because the certificate's validity is one year);
(g) Supporting your esteemed organisation in demonstrating your compliance to clients, external
auditors, authorities, regulators, or whoever concerned about your content security controls and best
practices.


6. Advantages of MPA Content Security Best Practices and related TPN certification in Your
Esteemed Organisation at Corporate Level

Following are the benefits of CSMS that the Management of the organization can achieve tangibly at
the corporate level:

(1) Customers will be assured about Content Security seriousness of the Organization.

(2) Companies that are strict about Content Security would feel very comfortable dealing with Your
Esteemed Organisation.

(3) The Organization would have a structured approach to Content Security with effective Risk
Management.

(4) Employees, Contractors and Suppliers will take security seriously amidst adequate policies and
penalties for any security breach.

(5) Investments on IT and other security areas would be in the right direction (fulfilling Customer and
overall Business requirements) with an accurate distribution of spending.

(6) Money would not be invested against marketing skills of a security product company rather there
would be a sound analysis on risks and controls required.

(7) As a Digital Services Organization, Your Esteemed Organisation shall have a sound advantage over
direct competition because the Service Delivery personnel and Service Ambassadors would be CSMS
trained.

(8) Detailed documentation framework with activity tracking and log-sheets that can be readily
extended to other Locations.

(9) Adequate Disaster Recovery and Business Continuity Plans.

(10) Strong branding in a highly competitive industry

7. Advantages of MPA Content Security Best Practices in Your Esteemed Organisation at
Department Level

Following are the benefits of CSMS that the Head of a Department can achieve tangibly at the
Department level:

(1) Post the trainings imparted, all Department Heads and other nominated people will have
knowledge about a new domain (Information Security) which is one of the fastest growing business in
the Global Digital Media industry.

(2) All Information Assets of the department will be clearly identified and listed in an Asset Master.

(3) Risk Assessment and Business Impact Analysis against loss/mishandling of departmental assets
would be clearly visible to the department head.

(4) As a part of Role definitions and KRAs of the department employees, Security compliance will be
included with quantifiable measurement.

(5) Department level internal audits will have Security Auditing included.

(6) A structured risk assessment methodology will be published which the department head can trigger
at a periodic level to review department level risks.

(7) The Department Head can map certain department level risks to an impact affecting entire
organization such that they can be escalated and treated at a Corporate level.

(8) Security controls applicable at a department level would be applied effectively.

(9) Control Effectiveness Measurement will be carried out at a department level and all Heads will have
a clear visibility into the same.

We have designed a massive repository of tailorable templates of policies, standards, processes and
workflows those can be customized as per Customer needs in very short time reducing the
implementation cycles and costs significantly. In order to get a detailed understanding of our
approach of implementation at every step of the entire framework, we offer you to browse our site.
You may please contact us at the published numbers or may write to us at consulting@etcoindia.co.in

We shall be delighted to serve your esteemed organisation. We shall undertake 100%
responsibility and accountability to implement all IT and related infrastructure components,
content security controls, coordinate with the assessors, and coordinate with everyone engaged
in the project till the final TPN certification is achieved, and manage the annual renewal cycles.
Please contact us at: consulting@etcoindia.co.in


Copyright 2024 - 2028 ETCO INDIA. All Rights Reserved