Content Protection & Security (CPS) Certification Program Overview



Similar documents
Content Protection and Security (CPS) Certification Program Overview

Music Recording Studio Security Program Security Assessment Version 1.1

Introduction to Social Compliance & Its Business Benefits

Earning Your Security Trustmark+

How to become an Approved Contractor

Information Security ISO Standards. Feb 11, Glen Bruce Director, Enterprise Risk Security & Privacy

Hidden Supply Chain Risk A Social, Quality, Environmental and Security Challenge

DCA Certifications Scheme

MITEL. Enterprise Management Solutions

Specialist Cloud Services. Acumin Cloud Security Resourcing

Foreword Introduction - The Global Food Safety Initiative (GFSI) Scope Section Overview Normative References...

Domestic & General deliver a new IBM WebSphere Application Server Environment at speed using RapidDeploy for Application Deployment

Cyber Essentials Scheme. Protect your business from cyber threats and gain valuable certification

What is the ACCA Approved Employer Programme?

IRAP Policy and Procedures up to date as of 16 September 2014.

TG TRANSITIONAL GUIDELINES FOR ISO/IEC :2015, ISO 9001:2015 and ISO 14001:2015 CERTIFICATION BODIES

CITY UNIVERSITY OF HONG KONG

Crisis and issues management

C ETS C/ETS: CYBER INTELLIGENCE + ENTERPRISE SOLUTIONS CSCSS / ENTERPRISE TECHNOLOGY + SECURITY

Surrey Compact. Volunteering Code

Approach to Information Security Architecture. Kaapro Kanto Chief Architect, Security and Privacy TeliaSonera

Good Practice Guide: the internal audit role in information assurance

Managing data security and privacy risk of third-party vendors

Internal Audit Landscape 2014

The PNC Financial Services Group, Inc. Business Continuity Program

Spillemyndigheden s change management programme. Version of 1 July 2012

Linarch. April Sample Report - Global Ethernet Exchange Services Market

Need to protect your business from potential disruption? Prepare for the unexpected with ISO

I S O I E C I N F O R M A T I O N S E C U R I T Y A U D I T T O O L

Unequalled Physical Security Information Management Software

IT Security. Securing Your Business Investments

Compliance Guide: ASD ISM OVERVIEW

Frequently Asked Questions. Frequently Asked Questions: Securing the Future of Trust on the Internet

Roles within ITIL V3. Contents

WEALTH MANAGEMENT SOLUTIONS

Contact address: Global Food Safety Initiative Foundation c/o The Consumer Goods Forum 22/24 rue du Gouverneur Général Eboué Issy-les-Moulineaux

Follow the sun support 24x7x365. Keeping your HP NonStop systems and software up and running

SMART Goal Setting Worksheet

SAM Starter Kit: A fast track guide to. Software Asset Management

Guidelines for Corporate Community Engagement

ASTRAZENECA GLOBAL POLICY SAFEGUARDING COMPANY ASSETS AND RESOURCES

Information security due diligence

GLOBAL MOBILITY PROGRAM POLICY DESIGN AND IMPLEMENTATION

GPG13 Protective Monitoring. Service Definition

The Software Experts. Software Asset Management Services & Solutions

PCI DSS Overview and Solutions. Anwar McEntee

Crisis Prevention and Response Services. NYA International. Crisis Prevention and Response Services. Crisis Prevention and Response Services

PSN Protective Monitoring. Service Definition

Internal Auditing: Assurance, Insight, and Objectivity

Principles on Outsourcing by Markets

Best Practices in ICS Security for Device Manufacturers. A Wurldtech White Paper

Information Governance Management Framework

Business Operations. Module Db. Capita s Combined Offer for Business & Enforcement Operations delivers many overarching benefits for TfL:

PCI Security Compliance

Prudential Relocation

PRINCE2 Introduction PRINCE2 Introduction

Document control for sensitive company information and large complex projects.

Assuria from ZeroDayLab

Technology and Cyber Resilience Benchmarking Report December 2013

Appendix. Key Areas of Concern. i. Inadequate coverage of cybersecurity risk assessment exercises

Submission of the.au Domain Administration Ltd (auda) to the Australian Government's Cyber Security Review

Evaluation Reminders. For Team Chairs Evaluators, Financial Reviewers, And Generalists Institutions being Reviewed

EMBEDDING BCM IN THE ORGANIZATION S CULTURE

Design Consultancy Audit CFD 3D Modelling Energy Efficiency. Global Data Centres. at the core of your business

SFJCCAD2 Promote business continuity management

AN OVERVIEW OF INFORMATION SECURITY STANDARDS

AVANTGARD Hosting and Managed Services

Standard for Business Continuity/Disaster Recovery (BC/DR) Service Providers

Rouse. The right mix of intellectual property specialists.

IAF Mandatory Document for the use of Computer Assisted Auditing Techniques ( CAAT ) for Accredited Certification of Management Systems

Security in the Cloud: Visibility & Control of your Cloud Service Providers

Creative Industries Workshop Key IPR Issues

Transparency report 30 June 2016

Statistics on E-commerce and Information and Communication Technology Activity

QUICK FACTS. Facilitating Application Packaging on Behalf of a Global Professional Services Company

ISO27032 Guidelines for Cyber Security

Report on Hong Kong SME Cloud Adoption and Security Readiness Survey

Sector Development Ageing, Disability and Home Care Department of Family and Community Services (02)

7Seven Things You Need to Know About Long-Term Document Storage and Compliance

Overview TECHIS Carry out security testing activities

Twelve compelling reasons why you should choose MCS and our hire management solutions

SIP Trunks. The cost-effective and flexible alternative to ISDN

London Local Authorities Business Continuity Guidance for Suppliers & Contractors

FSSC Certification scheme for food safety systems in compliance with ISO 22000: 2005 and technical specifications for sector PRPs PART I

Quality Standards in Management Consultancy Dr. Ilse Andrea Ennsfellner, CMC Management Consultant and ICMCI Representative

3 Terms and definitions 3.5 client organization whose management system is being audited for certification purposes

FMCF certification checklist (incorporating the detailed procedures) certification period. Updated May 2015

House of Lords Digital Skills Committee. Digital Skills in the UK Call for Evidence

Service provider strategies for mobile advertising: case studies

HEALTHCARE SOLUTIONS

Microsoft s Compliance Framework for Online Services

Transcription:

Content Protection & Security (CPS) Certification Program Overview GOVERNANCE & SECURITY CULTURE PERSONNEL AND RESOURCES ASSET MANAGEMENT PHYSICAL SECURITY IT SECURITY TRAINING AND AWARENESS BUSINESS RESILIENCE Content Protection & Security Program Revised January 2016

ABOUT CONTENT DELIVERY SECURITY ASSOCIATION (CDSA) Founded in 1970, CDSA (formerly IRMA, International Recording Media Association) is a US incorporated 501(c) (6) non-profit organizations with a global membership spanning the Americas, EMEA and Asia Pacific territories. For over 40 years, the association has provided a worldwide forum, advocating the secure, innovative and responsible delivery and storage of entertainment, software and information content. As one of the leading authorities in securing the digital delivery and storage of content, CDSA continues to develop strong relationships with Content Owners and Vendors. The association provides an established and well-respected suite of Content Security Standards, Anti Piracy programs and media security best practices. In response to the ever-changing landscape of threat, vulnerability and risk, the association has extended its range of services to secure media assets including detailed vulnerability assessment, risk management consultancy and security standards benchmarking. Accountable to its board of directors, in 2010 our resources came under the management umbrella of the Media & Entertainment Services Alliance (MESA). All CDSA/MESA member companies receive reciprocal benefits. This provides all parties with an opportunity to be part of a much wider media community including access to current information, industry best practice, available technology and thought leadership. BACKGROUND In the 1990 s, the Content Delivery & Security Association developed the world s first, independent and impartial audit certification system and related family of international content protection and security standards, collectively called CDSA s Anti-Piracy and Compliance Programs (APCP). With offices and resources in the United States, United Kingdom, Hong Kong and Australia, CDSA has certified hundreds of sites across six continents. The APCP remains the only annual, vendor funded, industry-driven suite of programs recognized by major content holders and governments worldwide. CDSA can meet the global needs of any organization regardless of size and geographic location whatever the media subject CDSA is your partner in protecting the security and integrity of intellectual property and related assets. The Content Protection & Security (CPS) standard has been in place now for six years. Since being published, it has been successfully integrated into more than 100 sites and now covers a diverse range of media services within the digital and physical supply chains. The CPS standard continues to be updated annually to address emerging risks to content and improve the user experience. Input is invited from content owners, technology specialists, vendors and security specialists. 2016 Content Delivery & Security Association Page 2 of 6

Mapped extensively to other relevant industry security standards and best practices the CPS is increasingly used as a benchmarking tool by both those requiring and required to demonstrate compliance. OBJECTIVES The (APCP), related Standards and best practices were developed to meet the following key objectives: 1. To support the health, growth and economic well-being of the entertainment and media industries by promoting sound base-line security and anti-piracy compliance standards and best practices. 2. To promote a strong security culture based on continual improvement and annual review 3. To design an objective and risk based set of programs and best practices that are available, attainable and affordable to the widest possible community within the media vendor supply chain 4. To provide Content Owners and other parties requiring compliance and visibility of risk, access to a service that is scalable and where ownership of risk is placed through a process of Responsibility, Accountability, Consultation and Access to Information. 5. To provide viable options for subsidized and vendor funded participation By assisting organizations in this way we believe we can provide a crucial role in protecting the confidentiality, integrity and availability of intellectual property; our most valued asset. APCP FAMILY OF STANDARDS To meet these objectives, CDSA offers Five primary programs and related Standards: 1. Copyright and Licensing Verification (CLV), a certification program to confirm IP rights prior to manufacturing and distribution of content. 2. Content Protection and Security (CPS), a certification program including physical security, digital asset security, risk management, and disaster recovery. 3. Content Security Risk Assessment (CSRA), an audit program to spot check security at sites where full CPS certification is not preferred. 4. Music Recording Studio Security Program (MRSSP), a certification program based upon the CPS specifically designed for Recording Studio environments. 5. Best Practices for Production and Post Security, best practices for securing content and confidential information on-location productions and the postproduction editorial spaces. 2016 Content Delivery & Security Association Page 3 of 6

CPS STANDARD The goal of the CPS Standard is to secure media assets at all stages of the supply chain. This objective-based approach establishes seven frameworks of capability. The requirements defined within the Standard and its accompanying guidance form the basis of a Content Security Management System (CSMS). This consists of cohesive policies, processes and controls that are designed to assess, manage and minimize risks to an acceptable level, thereby ensuring the continued integrity of intellectual property, confidentiality and media asset security. In determining content protection requirements, CDSA have assessed industry specific risks, identified threats and current vulnerabilities that are encountered within the industry. This process has facilitated the formulation of a suite of objectives to control and/or mitigate those risks, threats and vulnerabilities. These objectives provide the basis on which to define the auditable requirements for certification with the CDSA Content Protection and Security (CPS) program. 2016 Content Delivery & Security Association Page 4 of 6

CPS CERTIFICATION PROCESS There are three steps necessary to achieve site accreditation (CDSA is available throughout the process to provide guidance.) Step 1: CDSA provides the Program Application and Program Agreement. Participants seeking certification must complete and submit the Program Application and Program Agreement to initiate the process. CDSA then provides a pack of resource materials to the applicant, including the CPS Standard and Guidance Documents and sample documentation (e.g., sample manual and policies). Using the guidance documentation provided, the site completes a risk assessment and gap analysis against the mandatory security requirements that must be met. Step 2: Upon completion of the requisite site documents and process by the applicant, CDSA arranges and conducts an on-site audit to verify the requirements of the CPS Standard are met. 2016 Content Delivery & Security Association Page 5 of 6

Step 3: CDSA sends and audit report to the applicant site containing details of all compliances and non-compliances together with other conclusions and recommendations. If one or more major or systemic non-compliances are identified during the initial accreditation audit, then a reaudit may be required. When minor non-compliances are identified, the applicant must submit corrective action plans to address them within 30 days of the audit. These plans are reviewed and approved by CDSA auditors for suitability, and the certification is granted. The initial certification status is valid for 6 months, after which further successful on-site audits extend the certification for one year periods. Sites must continue the CDSA audits, as well as maintain internal audits and controls to retain CPS certification. CONTACT CDSA To discuss specific requirements and application process into the Content Protection and Security Standard Certification Program, contact CDSA: Chris Johnson Worldwide Director CDSA - Content Delivery & Security Association Suite 102, 377-399 London Road, Camberley, Surrey. UK GU15 3HL email: cjohnson@cdsaonline.org Tel: +44 (0) 1276 415726 (office) +44 (0) 7951 011080 (mobile) 2016 Content Delivery & Security Association Page 6 of 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information