Content Protection and Security (CPS) Certification Program Overview



Similar documents
Content Protection & Security (CPS) Certification Program Overview

Introduction to Social Compliance & Its Business Benefits

Music Recording Studio Security Program Security Assessment Version 1.1

ISO 27001: Information Security and the Road to Certification

Content Protection & Security Standard

Leveraging Teamcenter security capabilities to protect your intellectual property and enable secure collaboration

IT Security. Securing Your Business Investments

3 Terms and definitions 3.5 client organization whose management system is being audited for certification purposes

HKCAS Supplementary Criteria No. 8

Copyright, Language, and Version Notice The official language of this [Certification Protocol] is English. The current version of the [Certification

Thales e-security Financial and Operational Benefits of using Datacryptor R4.02 in your network

IAF Mandatory Document for the use of Computer Assisted Auditing Techniques ( CAAT ) for Accredited Certification of Management Systems

Moving from BS to ISO The new international standard for business continuity management systems. Transition Guide

Contents. Foreword The Hong Kong Institute of CPAs commitment to audit quality Why audit quality is important... 3

HKSAE 3000 (Revised), Assurance Engagements Other than Audits or Reviews of Historical Financial Information

Enabling compliance with PLM audit management

CP14 ISSUE 5 DATED 1 st OCTOBER 2015 BINDT Audit Procedure Conformity Assessment and Certification/Verification of Management Systems

Unilever Supplier Qualification System (USQS) PI Supplier Information Pack SQA Audit

Cyber Essentials Scheme. Protect your business from cyber threats and gain valuable certification

I S O I E C I N F O R M A T I O N S E C U R I T Y A U D I T T O O L

Information Security ISO Standards. Feb 11, Glen Bruce Director, Enterprise Risk Security & Privacy

Consideration of Laws and Regulations in an Audit of Financial Statements

HKCS RESPONSE COMMONLY ACCEPTED AUDIT OR ASSESSMENT MECHANISM TO CERTIFY INFORMATION SECURITY STANDARDS

PCI Security Compliance

Guidance for Data Users on the Collection and Use of Personal Data through the Internet 1

Accreditation in Europe

FMCF certification checklist (incorporating the detailed procedures) certification period. Updated May 2015

GAO. Government Auditing Standards Revision. By the Comptroller General of the United States. United States Government Accountability Office

ISMS Implementation Guide

Security in Space: Intelsat Information Assurance

TG TRANSITIONAL GUIDELINES FOR ISO/IEC :2015, ISO 9001:2015 and ISO 14001:2015 CERTIFICATION BODIES

Preparing yourself for ISO/IEC

opinion piece IT Security and Compliance: They can Live Happily Ever After

How To Protect Your Credit Card Information From Being Stolen

3000_115 Competency Standard: Certified Practitioner in Asset Management (CPAM)

Internal Auditing: Assurance, Insight, and Objectivity

Penetration Testing. I.T. Security Specialists. Penetration Testing 1

How to implement an ISO/IEC information security management system

Approach to Information Security Architecture. Kaapro Kanto Chief Architect, Security and Privacy TeliaSonera

Certification for Information System Security Professional (CISSP)

General Conditions for the Certification of Management System

IP Trading Solutions

reflected and translated into policy orientations and priorities as well strategy documents and a management plan.

VARONIS CASE STUDY. HIT Entertainment

AN OVERVIEW OF INFORMATION SECURITY STANDARDS

CITY UNIVERSITY OF HONG KONG

Rouse. The right mix of intellectual property specialists.

ETSI TS V2.1.1 ( )

Comodo HackerGuardian. PCI Security Compliance The Facts. What PCI security means for your business

LEGISLATIVE COUNCIL PANEL ON FINANCIAL AFFAIRS. Hong Kong Harbour Fest

Customer application package. Included in this package are the following documents. Customer application form

Due Diligence in Regulation D Offerings

AVANTGARD Hosting and Managed Services

HSIN R3 User Accounts: Manual Identity Proofing Process

EXAM PREPARATION GUIDE

C ETS C/ETS: CYBER INTELLIGENCE + ENTERPRISE SOLUTIONS CSCSS / ENTERPRISE TECHNOLOGY + SECURITY

Specialist Cloud Services. Acumin Cloud Security Resourcing

The Value of Information Security Certifications

security standards and guidelines development

THE AMBA DEVELOPMENT NETWORK (ADN)

Business Continuity Management Software

Cyber Security solutions

At a Glance. Key Benefits. Data sheet. A la carte User Module. Administration. Integrations. Enterprise SaaS

Special Considerations Audits of Group Financial Statements (Including the Work of Component Auditors)

The Information Security Management System According ISO The Value for Services

INTELLIGENCE. RISK MITIGATION. RESPONSE. CONSULTANCY.

Gatekeeper PKI Framework. February Registration Authority Operations Manual Review Criteria

<COMPANY> P01 - Information Security Policy

UNCLASSIFIED CESG ASSURED SERVICE CAS SERVICE REQUIREMENT DESTRUCTION. Version 1.0. Crown Copyright 2012 All Rights Reserved.

SAP Product and Cloud Security Strategy

AEROSPACE QUALITY MANAGEMENT SYSTEMS AUDIT, CERTIFICATION & TRAINING SERVICES

CIRCULAR November IFG Asia Seminar in Hong Kong

How To Ensure That A Quality Control System Is Working Properly

PDS (The Planetary Data System) Information Technology Security Plan for The Planetary Data System: [Node Name]

LEEDS BECKETT UNIVERSITY. Information Security Policy. 1.0 Introduction

PERFORMING, PLAYING OR SHOWING COPYRIGHT WORKS IN PUBLIC

How To Resolve A Software License Dispute

Outsourcing and third party access

Moving from ISO/IEC 27001:2005 to ISO/IEC 27001:2013

CyberSecurity Solutions. Delivering

Experienced professionals may apply for the Certified Risk Management Professional (CRMP) certification under the grandfathering provision.

Strategic Analysis for Strategic Analysis for Growth Development Growth & Development. International Economics.

Spillemyndigheden s Certification Programme Change Management Programme

REQUIREMENTS FOR CERTIFICATION BODIES TO DETERMINE COMPLIANCE OF APPLICANT ORGANIZATIONS TO THE MAGEN TZEDEK SERVICE MARK STANDARD

ISO 9000 FOR SOFIYifrARE QUALITY SYSTEMS

Earning Your Security Trustmark+

Asset Management Systems Scheme (AMS Scheme)

Optimizing Your Accounting Process with Electronic Invoicing. A GXS White Paper for the Active Business

CYBERSECURITY IN FINANCIAL SERVICES POINT OF VIEW CHALLENGE 1 REGULATORY COMPLIANCE ACROSS GEOGRAPHIES

Press release Hong Kong, January 2013

UIC Membership Package

The value of accredited certification

Transcription:

Content Protection and Security (CPS) Certification Program Overview DOCUMENTATION, RISK MANAGEMENT AND COMPLIANCE PERSONNEL AND RESOURCES ASSET MANAGEMENT PHYSICAL SECURITY IT SECURITY TRAINING AND AWARENESS BUSINESS CONTINUITY AND DISASTER RECOVERY PLANNING Content Protection & Security Program Revised April 9, 2013

ABOUT CDSA CDSA, the Content Delivery & Security Association (formerly IRMA, the International Recording Media Association), is the international content protection association. For over 40 years, it has served as the worldwide forum advocating the innovative and responsible delivery and storage of entertainment, software and information content. Founded in 1970, this 501(c)(6) non-profit organization s global membership includes companies involved in every facet along the digital and physical media supply chain. Beginning with the audiocassette, through the home video revolution, and into today s digital delivery era, CDSA has always been the organization companies have turned to for news, networking, market research, information services, and leadership. In 2010 CDSA went under the management of the Media & Entertainment Services Alliance (MESA) and all CDSA member companies receive reciprocal benefits as Associate Level members of MESA. BACKGROUND In the 1990 s, the Content Delivery & Security Association developed the world s first, independent and impartial audit certification system and related family of international standards, collectively called CDSA s Anti-Piracy and Compliance Programs (APCP). With the support of the entertainment and media industry worldwide, CDSA has certified hundreds of sites on six continents in its cadre of APCP Standards. The APCP is the only industry-driven program recognized by major content holders and governments worldwide. Due to worldwide acclaim for its anti-piracy and content protection standards, CDSA has focused its activities on protecting entertainment IP throughout the supply chain, both pre-release and post release content. With offices in the United States, United Kingdom, and Hong Kong, CDSA can meet the global needs of any organization regardless of location. CDSA is your partner in protecting the security and integrity of intellectual property and related assets. The Content Protection & Security (CPS) standard has been in place for six years. Since being published, it has been successfully integrated into more than 100 sites and now covers a diverse range of media services within the physical and digital supply chains. The CPS standard has been updated to address emerging risks and improve user-friendliness, with the most recent revision taking effect April 1, 2013. The standard continues to provide a significant contribution to program members when developing effective security controls. In particular, these are increasingly focused on securing digital media assets and implementing effective information technology (IT) security controls. Furthermore, the CPS standard is now being used by content owners as a benchmark against individual requirements, other security standards and published best practices. 2013 Content Delivery & Security Association Page 2 of 7

As a result of the experience gained in the audit process and feedback from clients, opportunities have been identified whereby the relevance and application of the CPS standard could be further developed and improved by publishing this revised standard. OBJECTIVES The (APCP) and related Standards were developed to meet two key objectives: 1. To support the health, growth and economic well-being of the entertainment and media industries by promoting sound security and anti-piracy compliance standards and practices. 2. To help organizations across the media and entertainment supply chains adopt an open set of standards to protect the confidentiality, integrity and availability of intellectual property; our most valued asset. By improving operational practices, organizations of any size or scope can minimize the risks associated with the handling, storage, and delivery of content, entertainment media, and other privileged assets. Unlike other programs, CDSA works in partnership with entertainment, media and content management organizations. APCP FAMILY OF STANDARDS To meet these objectives, CDSA offers three primary programs and related Standards: 1. Copyright and Licensing Verification (CLV), a certification program to confirm IP rights prior to manufacturing and distribution of content 2. Content Protection and Security (CPS), a certification program including physical security, digital asset security, risk management, and disaster recovery. 3. Content Security Risk Assessment, an audit program to spot check security at sites where full CPS certification is not preferred. 2013 Content Delivery & Security Association Page 3 of 7

CPS STANDARD The goal of the CPS Standard is to secure media assets at all stages of the supply chain. This objective-based approach establishes seven frameworks of capability. CONTENT PROTECTION AND SECURITY STANDARD CF 1: DOCUMENTATION, RISK MANAGEMENT AND COMPLIANCE CF 2: PERSONNEL AND RESOURCES CF 3: ASSET MANAGEMENT CF 4: PHYSICAL SECURITY CF 5: IT SECURITY CF 6: TRAINING AND AWARENESS CF 7: BUSINESS CONTINUITY AND DISASTER RECOVERY PLANNING The requirements defined within the Standard and its accompanying guidance form the basis of a Content Security Management System (CSMS). This consists of cohesive policies, processes and controls that are designed to assess, manage and minimize risks to an acceptable level, thereby ensuring the continued integrity of intellectual property, confidentiality and media asset security. In determining content protection requirements, CDSA have assessed industry specific risks, identified threats and current vulnerabilities that are encountered within the industry. This process has facilitated the formulation of a suite of objectives to control and/or mitigate those risks, threats and vulnerabilities. 2013 Content Delivery & Security Association Page 4 of 7

These objectives provide the basis on which to define the auditable requirements for certification with the CDSA Content Protection and Security (CPS) program. CPS CERTIFICATION PROCESS There are three steps necessary to achieve site accreditation (CDSA is available throughout the process to provide guidance.) Step 1: CDSA provides the Program Application and Program Agreement. Sites seeking certification must complete and submit the Program Application and Program Agreement to initiate the process. CDSA then provides a pack of resource materials to the applicant, including the CPS Standard and Guidance Document, Statement of Applicability, and sample documentation (e.g., sample manual and policies). Using the guidance documentation provided, the site completes a risk assessment and a Statement of Applicability which summarizes all mandatory security requirements that must be met. This documentation also summarizes the types of controls in place or, where appropriate, gives an explanation and justification for any exclusions. 2013 Content Delivery & Security Association Page 5 of 7

Step 2: Upon completion of the requisite site documents and process by the applicant, CDSA arranges and conducts an on-site audit to verify the requirements of the CPS Standard are met. Step 3: CDSA sends and audit report to the applicant site containing details of all compliances and noncompliances together with other conclusions and recommendations. If one or more major or systemic noncompliances are identified during the initial accreditation audit, then a re-audit may be required. When minor non-compliances are identified, the applicant must submit corrective action plans to address them within 30 days of the audit. These plans are reviewed and approved by CDSA auditors for suitability, and the certification is granted. The initial certification status is valid for 6 months, after which further successful on-site audits extend the certification for one year periods. Sites must continue the CDSA audits, as well as maintain internal audits and controls to retain CPS certification. 2013 Content Delivery & Security Association Page 6 of 7

CONTACT CDSA To discuss specific requirements and application process into the Content Protection and Security Standard Certification Program, contact CDSA: In North America, South America, Europe, Middle East, or Africa: Peter Wallace, Worldwide Director Kestrel Court, Harbour Road Portishead, Bristol BS20 7AN United Kingdom Tel: +44 (0) 7850 331033 E-mail: pwallace@cdsaonline.org In Asia or Australia: James Wise, Regional Director 22/F, 3 Lockhart Road, Wanchai Hong Kong, SAR Tel: +852-2863-6980, Fax: +852-2290-9111 E-mail: jwise@cdsaonline.org 2013 Content Delivery & Security Association Page 7 of 7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information