Michael was privileged to sit down with Terri Davies, President of the Trusted Partner Network, at NAB to discuss the recently upgraded TPN program and the new TPN+ platform. Terri walks us through the application process and clarifies exactly what the program offers.
Michael: Hi, Michael Kammes from the Shift Media Booth here at NAB 2023. And joining us today is Terri Davies from the MPA.
Terri: Thank you for having me.
Michael: Thank you so much. We have a ton of questions to ask, so I hope all of you are paying attention. First off, there's a three-letter acronym we've heard in the industry for years, and I want to talk a lot about it. It's TPN or the Trusted Partner Network. Please explain to everyone what the TPN is, and especially what the relaunch of the TPN is.
Terri: Okay. So the TPN, Trusted Partner Network, as you said, is wholly owned by the Motion Picture Association, and it was devised back in 2018. It was launched to really reduce the number of security assessments that the vendor community had to go through for each of the studios. So some brilliant minds got together, and they pulled together this concept called TPN that basically leveraged the MPA best practices and built a questionnaire on top of it, which is, in essence, the TPN program. And then, TPN held that information. There were third-party assessors who validated the vendor's answers, and TPN became that source of truth for the studios to go and one-stop shop for all security information from which they can make their own independent risk-based decisions.
Michael: Fantastic. And you said that was 2018, correct? So there's been five years, there's been a lot of things that have happened around the world since then. So what are some of the new features? Some of the latest concepts in the relaunch of the TPN.
Terri: TPN launched doing site assessments, meaning physical locations, and it was tremendously successful. The team did a great job. It grew enormously in the first 18 months, and then, of course, COVID hit, and all of those sites and locations that were so carefully assessed shut down. And everybody moved to the cloud, and at that point, the MPA best practices did not include application either in the cloud or on-prem. So the whole thing kind of ground to a halt. And unfortunately, you know, production stopped during COVID, but then it quickly spun back up again, and the studios had to scramble to get productions up without TPN being able to keep up and do app in the cloud or on-prem. So we have spent the last year redesigning the program and relaunching it. It relaunched on February 6th.
We've rewritten the MPA best practices. We've taken it from hundreds to 65, which means that the TPN questionnaire is also reduced from 400 plus questions to 135. We've built a new platform, as well, that we've cunningly called TPN+. We launched February 6th, and it includes app and cloud, as I said, but we also wanted to address the assessment fatigue and just the sheer fatigue around the subject of security in the industry. So if a vendor, especially an application vendor, is done SOC 2, for example, we now accept SOC 2 in the TPN+ platform. And the content owners can see that cause they should be interested in that. If they've done ISO cert, we accept that, and we built in filtering based on the ISO cert to pre-populate answers in the TPN questionnaire as well. So there are many, many new functions. Those are really the high level.
Michael: For companies that are interested in getting assessed by the TPN. What are usually the steps of that process?
Terri: So, they contact us, they sign up to TPN, and they get access to the TPN+ new platform. They then complete their profile services, sites, owned applications, licensed applications, any other documentation they wish to share, including non-TPN security certs. They then complete a TPN questionnaire, 135 questions or less. If we descoped it, if, for example, they work exclusively in the cloud, we're not gonna ask them about physical tape meetings. At the same time, they schedule their assessments and negotiate that separately with a TPN-accredited third-party assessor, who then goes ahead and assesses their questions. They go through all of that to get to the end of the TPN assessment and earn their TPN Gold Shield.
Michael: And does the MPA end up listing folks who have done the TPN assessment on the website? So you can cross-reference that?
Terri: We do not put it on the website. There's a growing registry in TPN+, we're ten weeks after launch, and we have 400 companies signed up, just to give you an illustration.
Michael: That's amazing. The assessors must just be going crazy.
Terri: They are. Well, this is another nuance about TPN. So we've also introduced, because one size does not fit all, of course, in our industry, and certainly, in my time at the studio, I would view a tentpole feature film pre-release security risk very differently than a syndicated rerun of a TV show. And there are many, many service providers out there who do one or the other. So we've also introduced a TPN Blue Shield at the self-reported level. So not everybody has to go through an assessment that may well be good enough for the content owners if this service provider is just working on library content.
Michael: I see. There are two main themes in our industry. Acronyms. And misconceptions. So what I'd like to talk a little bit about is, there are a lot of misconceptions about what the TPN is, what it isn't, and I thought maybe you could explain some of those, including the term certification.
Terri: Yes. I would love to - certification or accredited or pass or fail or approved. That's that nuance. So TPN do assessments. We report the results of those assessments, including remediation items, to the content owners. So the content owners can make their independent risk-based decisions. We do not pass or fail. We do not accredit. We do not approve. We do not certify.
Michael: I think we need to say that to everyone out there. There is no MPA or TPN certification.
Terri: That's correct. That is correct. Yes. We simply do the risk assessment, and we report that to the studios because, you know, we have all of the big content owners, obviously part of TPN, there are more and more content owners joining, such as BBC Studios now, and every one of them has their own risk profile. We couldn't presume to come up with a pass or a fail that would satisfy one studio on this end of the spectrum and another studio on this end of the spectrum. So we are simply reporting findings and remediation items to the studio so they can make their own decisions.
Michael: A big, I don't wanna say player in the industry, but a huge concept is the MovieLab's 2030 Vision. If anyone attended HPA, that was a fundamental point of every session. And the 2030 Vision outlines the ten principles of where the industry should be at that point. And I'm very curious how the ten principles, the pillars of the 2030 Vision, and the refreshed or relaunched TPN assessment. How did those kind of work together?
Terri: Yeah, so MovieLabs is a sister association to ours. We have common members, and the MovieLab's work is fantastic. The work that they're doing is terrific. So as we were rewriting the MPA best practices, it was really important that we had that 2030 Vision in mind. I should also add, you know, we have done so much to update the TPN program in the last year. Our real mantra is progress over perfection because if we held out for perfection, we never would've gotten it done. So we republished the MPAs practices in October. We're publishing another update in a couple of weeks based on the ten weeks of learning we've had. Since we've launched, the 2030 Vision is like our Holy Grail, or our North Star is probably a better expression. It's our North Star. We speak with MovieLabs regularly. We are very, very connected, and we will always seek their advice as we do each iteration on the MPF best practices to make sure we're in alignment because by the time we get to the 2030 Vision, they'll be onto the 2050 Vision and so on. So, we follow their lead in that regard.
Michael: This is phenomenal information. Where can more people go to find out about the process and just TPN in general?
Terri: So our website, www.ttpn.org, has all manner of FAQs and information. And there's also a contact us button. If you can't find the information that you need, please contact us. We really don't want to be a faceless DMV. We want to be people in the industry that you can contact if you need further information. So please click that button if you can't find the information that you need. And we'll be glad to speak to you and answer your questions.
Michael: Terri, thanks so much for your time. This has been Terri Davies from the MPA. I'm Michael Kammes with Shift Media here at NAB 2023. And thanks for watching.
Terri: Thank you, Michael.
Miss our interview with Alex Williams, founder of Louper? Watch here to learn more about our review and approve integration.
For tips on post-production, check out MediaSilo’s guide to Post Production Workflows.
MediaSilo allows for easy management of your media files, seamless collaboration for critical feedback and out of the box synchronization with your timeline for efficient changes. See how MediaSilo is powering modern post production workflows with a 14-day free trial.