We all know how important role data security plays in the global film and television industry to prevent
leaks of their new releases. Hundreds of people work on one project where the chances of leaks, hacks, and
breaches increase. Hence the result is that VFX studios are not able to get projects that are possible for
them to work on. The only reason that impacts negatively is no security proof for clients. It is what TPN
Certification is all about. Let’s check the WWH (what, why, and how) of TPN here -
What Is TPN?
TPN, Trusted Partner Network, is the initial content protection accreditation for the film and television
industry that helps companies assure their clients regarding the prevention of leaks, hacks, and breaches
of movies, videos, or shows before decided release dates. TPN becomes necessary to make customers believe
in the raised security in all aspects.
assessment is the security audit where your entire integrated system and ongoing
workflows, such as management system, physical space, security (physical and digital), etc, are inspected
thoroughly for conformance with the best MPA practices by the licensed Assessor. It is designed to provide
a brief generated report to MPA, ACE, and CDSA member studio content owners stating ISMS execution,
control practices, business and risk management approach, and remedies for future conformance.
Why did TPN come into existence, and why is it needed?
As far of now, content for short films, movies, and shows is created by the growing ecosystem of
third-party vendors who collab with different security degrees. It has increased the threat of leaks and
breaches of the most valuable asset of the studios - CONTENT. The TPN certification is about raising
security awareness and capabilities within the industry.
The TPN creates a solitary benchmark of least security preparedness for all vendors and their groups at
any place they work and their expertise. By making a solitary, worldwide catalog of "trusted partner"
sellers, content organizations will approach the important data set to gain proficiency with their TPN
It is much needed by VFX Studios that offers numerous benefits such as -
Gains the trust of vendors and customers regarding security
Seeks to raise security against data threats
Get the centralized directory as a Trusted Partner vendor.
Extend the security standards of the vendor community
Increase the number of third-party vendor projects assessed.
Is there any benefit of the TPN Program to Vendors?
Here is a list of advantages TPN provides to vendors, such as -
Decrease the assessment count conducted at every facility.
Decrease various controls utilized by different content owners.
Get stand out in the competitive market with the suitable quote
Enable promotion of security preparedness And many more.
Joining TPN is a good step where every vendor, be it large or small, believes security is the core
business principle of their firm.
How much is the cost of the TPN Assessment?
Checking the price of the assessment depends on varied cases and factors. There are no pricing models
defined for the individual assessors or their companies. It is the done deal between TPN Assessor and the
vendor making the request. Cost varies with the type of firm, types of projects they are working on,
services offered by studio owners, physical space, types of clients they have, database features, etc. For
more details, visit www.ttpn.org/about/faqs.
How to join TPN?
A short but thorough procedure has to be followed to join the TPN program and get certified for security
Go to the Vendor assessment request tab in the TPN Platform. For this, visit
Fill out the form with all your basic company information accurately.
After clicking on submit, you will receive an email confirmation stating that you will receive the
Once you receive a questionnaire, you will be asked to submit some documents to evaluate your company and
can proceed with an on-site review.
Before the on-site review, the assigned assessor will ask you to keep documents ready which
are needed at
a time to inspect your space as per requirements.
- Onsite assessments involve a site visit during which an assessor physically inspects and evaluates a
vendor’s facility and are typically requested for facilities handling pre-theatrical content or sensitive
assets addressed early in the distribution cycle.
Step 6: If your services/work are after the release cycle or the selected phase is post-theatrical, then
you have the option to avail remote review/ telephonic interview session.
If your services/work are after the release cycle or the selected phase is post-theatrical, then you have
the option to avail remote review/ telephonic interview session.
After the complete assessment by the approved assessor, the report draft is sent to TPN for quality
control which takes around two weeks of time.
If any non-compliance is received by any means for your area, there will be the remediation list provided
by the team with the ten working days time duration given for fixing the issues they caught up.
Once everything gets cleared, the vendor will have their company enrolled with authorized supporting
assessment materials in the directory of the TPN vendor.
Step 10: Vendor portal credentials also will be shared with the vendor through which they can log in to
the portal using 2-factor authentication.
Can anyone ‘Fail’ a TPN Assessment?
The TPN evaluation doesn't give a "pass or fail" grade, certificate, or rating. It gives an evaluation of
security preparedness for conformance with the MPA content security best practices. In case an evaluation
shows non-conformance with control or practice, any important remediation might be directed by a
different, however, correspondingly approved, TPN assessor. The merchant may likewise give proof of their
own remediation to the TPN. The TPN likewise has a proper survey and accommodation process for any
evaluation debates. Assessors will be routinely estimated and assessed through the TPN Qualified Assessor
And the good part is that VANI software works well for
TPN-certified firms and vendors without any
compliance. It does not imply any obstacle in the security of data as necessary.