Database development and security certification and accreditation plan pitwg
Media Security Accreditation Program Overview.V4.2. 8.13.09
description
Transcript of Media Security Accreditation Program Overview.V4.2. 8.13.09
www.contentdeliveryandstorage.org
Your partner in APCP anti-piracy and content protection and security programs since 1997.
Anti-Piracy and Compliance Programs
www.contentdeliveryandstorage.org
Your partner in APCP anti-piracy and content protection and security programs since 1997.
Agenda Why CDSA?
Anti-Piracy and Compliance Programs - APCP
Content Protection and Security
Benefits
Accreditation Process
Next Steps
www.contentdeliveryandstorage.org
Your partner in APCP anti-piracy and content protection and security programs since 1997.
CDSA
Formerly the International Recording Media (IRMA)
Founded in 1970
Worldwide forum advocating the innovative and responsible delivery and storage of entertainment, software and information content.
Developer of the Anti-Piracy and Compliance Programs (APCP): the world’s first family of anti-piracy and security standards specifically designed for our industry
www.contentdeliveryandstorage.org
Your partner in APCP anti-piracy and content protection and security programs since 1997.
APCP Certification Programs
Pioneer of the world’s first certification program for Anti-Piracy and Compliance Programs (APCP) and related standards
Global recognition by major content holders, as well as international governments
+10 years tradition providing effective certification programs to+120 APCP-certified companies in five continents
Spanning the entire supply chain
International reach, with regional offices in the United States, United Kingdom, and Hong Kong
www.contentdeliveryandstorage.org
Your partner in APCP anti-piracy and content protection and security programs since 1997.
APCP Certification Programs
APCP
Family of Standards
Copyright and Licensing Standards
Digital Security
Media Security
Post Production
Security
Packaging and Materials Standards
Plastic DVD Packaging
Certification
www.contentdeliveryandstorage.org
Your partner in APCP anti-piracy and content protection and security programs since 1997.
Content Protection and Security Certification
Security management of content and other related intellectual property – in all of its forms
Structured audit process: Initial on-site audit to gain initial accreditation Annual surveillance audits to maintain site accreditation
Capability Framework: Risk management approach Set of critical requirements for establishing, implementing and improving
security control processes: Digital Security Media Security Physical Security
www.contentdeliveryandstorage.org
Your partner in APCP anti-piracy and content protection and security programs since 1997.
Seven Capability Framework (CF) Areas
• Documentation, risk management and compliance
CF1
• Personnel and resources
CF2
• Asset management
CF3
• Physical security
CF4
• IT security and electronic data
CF5
• Training and awareness
CF6
• Disaster recovery and Business continuity planning
CF7
www.contentdeliveryandstorage.org
Your partner in APCP anti-piracy and content protection and security programs since 1997.
Determining a Site’s Inherent Risks Level CDSA identifies inherent risk level posed by site, using information
gathered in: CDSA Accreditation Program Application
Pre-Audit Assessment Survey
Resultant information is used to ascertain level of security required to achieve and maintain accreditation under the CDSA Media Security Accreditation Program
Two inherent risk levels: Standard Security Risk
Enhanced Security Risk
www.contentdeliveryandstorage.org
Your partner in APCP anti-piracy and content protection and security programs since 1997.
Standard Security Risk Level & Assessment
Standard Security Risk: Risk exposure is minimal to low, based upon the scope of operations.
Activities that require this level of certification may include but not exclusively:
Distribution, Freight Forwarding and storage of completed or post release product
Printing and merchandising of non-sensitive component parts or peripheral material
To achieve certification at Standard Risk Level, site must demonstrate applied methodologies in all areas of the program, but may not be required to provide evidence of formal documentation in all sections of the Capabilities Framework
CDSA On-Site Audit Duration (typical): up to 1 day
www.contentdeliveryandstorage.org
Your partner in APCP anti-piracy and content protection and security programs since 1997.
Enhanced Security Risk Level & Assessment Enhanced Security Risk: Site’s security risk exposure is significant,
based upon the complexity & scope of activities.
Activities that require this level of certification may include but not exclusively:
Content creation, origination, editing, authoring, subtitling/dubbing and manufacture of pre and post release content
Pre-release promotional activities
Handling, storage, transmission and distribution of digital content To achieve certification at the Enhanced Risk Level, site must
demonstrate formal methodologies and provide documentation of all sections of the Capabilities Framework (CF)
Highly in-depth CDSA audit process
CDSA On-Site Audit Duration (typical): 1 day or more
www.contentdeliveryandstorage.org
Your partner in APCP anti-piracy and content protection and security programs since 1997.
How CDSA determines Inherent Risks
• Risk assessment • Gap analysis
Security Risk Management
Support
• Identification of requirements to meet business needs
• Scope determination for the content security management system
Statement of Applicability • Security Policy Manual
• Specifications/Standards • Control Procedures
Inherent Risk Level drive expectations & CDSA audit criteria
www.contentdeliveryandstorage.org
Your partner in APCP anti-piracy and content protection and security programs since 1997.
APCP Program Benefits
Is the authoritative set of industry-driven best practices
Empowers organizations to manage and mitigate security and piracy risks
Can be applied and adapted to all organizations in the supply chain
Provides a cost-effective assessment process suitable for use throughout the entire supply chain
Supports client specifications and business needs
Demonstrates a strong commitment to intellectual property security and protection, and the prevention of piracy
Confidential audit feedback
www.contentdeliveryandstorage.org
Your partner in APCP anti-piracy and content protection and security programs since 1997.
Step 1: APCP Application & Pre-Audit Assessment Survey
Application
• Submit Program Application & CDSA Pre-Audit Survey to CDSA
• Determine risk level posed by site operations and activities
SoA • Complete Statement of Applicability
Program Review
• Site receives Program Resource materials
• Site implements its content protection and security system
Application Process
www.contentdeliveryandstorage.org
Your partner in APCP anti-piracy and content protection and security programs since 1997.
Step 2: APCP Audit Process
Document Review • Off-site CDSA
verification of compliance with APCP Standards
On-site Audit
• On-site CDSA verification of compliance with APCP Standards Requirements
Accredit-ation
• Site is accredited upon completion of successful on-site audit
CDSA Assessment Audit and
Report
www.contentdeliveryandstorage.org
Your partner in APCP anti-piracy and content protection and security programs since 1997.
Step 3: APCP Annual Audits
Annual CDSA Audits
• External CDSA Audits every 12 months
Internal Audits
• Sites submit ongoing internal audit annually – six months after each CDSA scheduled audit
Corrective & Preventative
Actions
• Ongoing site performance reviews and improvement plans for continual improvement
Ongoing Surveillance
Visits
www.contentdeliveryandstorage.org
Your partner in APCP anti-piracy and content protection and security programs since 1997.
Let’s get started…
Contact your regional CDSA representative to discuss how we can meet your organization’s needs
Complete the APCP Program Application & Pre-Audit Assessment Survey
Receive APCP program fee quote from CDSA
www.contentdeliveryandstorage.org
Your partner in APCP anti-piracy and content protection and security programs since 1997.
Contact us Regional Offices:
North, Central and South America Linda Dyson, Worldwide Director 3455 N. Desert Drive, Suite 3209 Atlanta, Georgia 30344 USA Tel: +1 (404) 349 9600; Fax: +1 (404) 349 4499 [email protected]
Europe, Middle East and Africa Peter Wallace, APCP Director One Heddon Street Mayfair, London W1B 4BD UK Tel: +44(0) 7850 331033 [email protected]
Asia and Pacific James Wise, APCP Director 22/F, 3 Lockhart Road Wanchai, Hong Kong SAR Tel:+852 2863 6980 [email protected]
www.contentdeliveryandstorage.org
Your partner in APCP anti-piracy and content protection and security programs since 1997.
Contact us
CDSA Headquarters:
62 Snydertown Road, Suite 301 Hopewell, New Jersey 08525 United States Tel: +1(609) 279 1700
Visit our website at: www.contentdeliveryandstorage.org