Terri Davies, President of the Motion Pictures Association’s Trusted Partner Network (TPN), discusses how security in the content supply chain is the key to everyone’s success.
A Lesson from the Past
I started my career as a receptionist at a video post and duplication house in Soho, London. Back then, security was a tangible, physical effort that you could see and touch. I remember working on the first international VHS release of E.T. and receiving the 1-inch PAL Master from security personnel who hand-carried it in a padlocked box.
The “man from the MPA” would physically inspect our facility, prompting a flurry of last-minute cleanup. The irony is not lost on me that I now work for the MPA, running the Trusted Partner Network (TPN), which is committed to raising global content security awareness and standards across the industry. Although much time has passed since my Soho days, the lesson remains the same: security was—and still is—everyone’s responsibility.
Today’s Supply Chain Creates Outsourcing Risks
Since the TPN+ platform’s re-launch in February 2023, we have gained a clearer picture of our members. We discovered that 78% of our global members earn less than $5 million in annual revenue, and 98% work on pre-release content. Many of these smaller companies may not have a dedicated Chief Information Security Officer (CISO) or security team. Yet, both content owners and larger service providers outsource work to these vendors and must consider their security posture as part of their vendor selection criteria.
From Physical to Digital: A Shift in Responsibility
As the industry transitioned to digital formats in the early 2000s, security responsibilities shifted toward IT departments. Networks, passwords, servers, and firewalls became the primary focus, and many creative and operational teams mistakenly felt their responsibility for security was less. Fast forward to today, and that mindset is no longer viable. The friction between creatives, information security (InfoSec) and content security is real. Creative teams want to move quickly and avoid time-consuming processes and delays, while security teams fight for detailed processes, as they juggle InfoSec, content security, and application security. This stress on the workflow highlights the need for clear, secure roles and responsibilities.
Security in a Complex Supply Chain
To address the tension, we need to understand that modern content creation is a global effort. A high-profile film may involve hundreds of service providers and contributors across multiple countries, companies, and systems. Each handoff in this complex supply chain introduces potential vulnerabilities. If a leak occurs, pinpointing its source and swiftly implementing remediation can be challenging.
This is why TPN includes the Shared Security Responsibility Model (SSRM) in the MPA Best Practices. The secure use of cloud services, for example, depends on both the service provider and the customer. Without a clear understanding of security roles, accountability becomes murky, and when things go wrong, the blame game can get ugly and swift remediation can be challenging.
Every Link in the Chain Matters
Everyone who touches content—whether an independent artist, a post-production house, a software provider, or a distributor—is part of the security equation. A single weak link can compromise the entire ecosystem.
Physical security assessments used to be simple: Vendor A had a facility in City X, and we checked that it was secure. Today, security evaluations are multilayered and complex, and must account for services, workflows, content types, cloud or hybrid environments, and owned and/or licensed software applications. Our updated TPN+ profile helps service providers present this information comprehensively, providing tools to help secure outsourcing.
Building a Culture of Security
Recognizing that security is everyone’s responsibility is the first step toward meaningful action. By embedding security into every stage of content creation—from pre-production to distribution—companies can safeguard their assets and ensure long-term success.
At its core, security isn’t just about protecting content; it’s about building a supply chain with trusted partners. By fostering a culture where security is second nature, the industry can thrive without compromising creativity or efficiency. TPN is committed to making this process easier, helping companies find trusted partners who are aware of and can share their standardized security preparedness status with their industry partners.
To help with this, TPN has recently made it possible for service providers to securely share their TPN security assessments with each other, as well as with their content owner customers.
At TPN, we are also focused on continuous improvement. Throughout the year we work with our studio and service provider members to update the MPA Best Practices, with application security being a particular focus in the first half of this year. Security is not a static concept—it must evolve with the rapidly changing digital landscape. By maintaining up-to-date standards, we help businesses stay ahead of emerging threats and provide industry partners with the ability to complete and provide current security assessments.
Call to Action
Whether you’re a service or application provider, now is the time to assess your security posture, and if appropriate, the security posture of your outsourced vendor partners. TPN provides valuable resources and tools to help you understand your own and others’ security preparedness and remediate gaps in a fast-moving industry.
Because in media and entertainment, security isn’t just an obligation—it’s a foundation for success.
Staff Reporter
Share this story
