media security accreditation program overview.v4.2. 8.13.09

www.contentdeliveryandstorage.org

Your partner in APCP anti-piracy and content protection and security programs since 1997.

Anti-Piracy and Compliance Programs



Agenda  Why CDSA?

 Anti-Piracy and Compliance Programs - APCP

 Content Protection and Security

  Benefits

 Accreditation Process

 Next Steps



CDSA

  Formerly the International Recording Media (IRMA)

  Founded in 1970

 Worldwide forum advocating the innovative and responsible delivery and storage of entertainment, software and information content.

 Developer of the Anti-Piracy and Compliance Programs (APCP): the world’s first family of anti-piracy and security standards specifically designed for our industry



APCP Certification Programs

  Pioneer of the world’s first certification program for Anti-Piracy and Compliance Programs (APCP) and related standards

 Global recognition by major content holders, as well as international governments

  +10 years tradition providing effective certification programs to+120 APCP-certified companies in five continents

  Spanning the entire supply chain

  International reach, with regional offices in the United States, United Kingdom, and Hong Kong



APCP Certification Programs

APCP

Family of Standards

Copyright and Licensing Standards

Digital Security

Media Security

Post Production

Security

Packaging and Materials Standards

Plastic DVD Packaging

Certification



Content Protection and Security Certification

  Security management of content and other related intellectual property – in all of its forms

  Structured audit process:   Initial on-site audit to gain initial accreditation   Annual surveillance audits to maintain site accreditation

 Capability Framework:   Risk management approach   Set of critical requirements for establishing, implementing and improving

security control processes:   Digital Security   Media Security   Physical Security



Seven Capability Framework (CF) Areas

• Documentation, risk management and compliance

CF1

• Personnel and resources

CF2

• Asset management

CF3

• Physical security

CF4

• IT security and electronic data

CF5

• Training and awareness

CF6

• Disaster recovery and Business continuity planning

CF7



Determining a Site’s Inherent Risks Level  CDSA identifies inherent risk level posed by site, using information

gathered in:   CDSA Accreditation Program Application

  Pre-Audit Assessment Survey

  Resultant information is used to ascertain level of security required to achieve and maintain accreditation under the CDSA Media Security Accreditation Program

  Two inherent risk levels:   Standard Security Risk

  Enhanced Security Risk



Standard Security Risk Level & Assessment

  Standard Security Risk: Risk exposure is minimal to low, based upon the scope of operations.

 Activities that require this level of certification may include but not exclusively:

 Distribution, Freight Forwarding and storage of completed or post release product

  Printing and merchandising of non-sensitive component parts or peripheral material

  To achieve certification at Standard Risk Level, site must demonstrate applied methodologies in all areas of the program, but may not be required to provide evidence of formal documentation in all sections of the Capabilities Framework

 CDSA On-Site Audit Duration (typical): up to 1 day



Enhanced Security Risk Level & Assessment   Enhanced Security Risk: Site’s security risk exposure is significant,

based upon the complexity & scope of activities.

  Activities that require this level of certification may include but not exclusively:

  Content creation, origination, editing, authoring, subtitling/dubbing and manufacture of pre and post release content

  Pre-release promotional activities

  Handling, storage, transmission and distribution of digital content   To achieve certification at the Enhanced Risk Level, site must

demonstrate formal methodologies and provide documentation of all sections of the Capabilities Framework (CF)

  Highly in-depth CDSA audit process

  CDSA On-Site Audit Duration (typical): 1 day or more



How CDSA determines Inherent Risks

• Risk assessment • Gap analysis

Security Risk Management

Support

• Identification of requirements to meet business needs

• Scope determination for the content security management system

Statement of Applicability •  Security Policy Manual

•  Specifications/Standards •  Control Procedures

Inherent Risk Level drive expectations & CDSA audit criteria



APCP Program Benefits

  Is the authoritative set of industry-driven best practices

  Empowers organizations to manage and mitigate security and piracy risks

 Can be applied and adapted to all organizations in the supply chain

  Provides a cost-effective assessment process suitable for use throughout the entire supply chain

  Supports client specifications and business needs

 Demonstrates a strong commitment to intellectual property security and protection, and the prevention of piracy

 Confidential audit feedback



Step 1: APCP Application & Pre-Audit Assessment Survey

Application

• Submit Program Application & CDSA Pre-Audit Survey to CDSA

• Determine risk level posed by site operations and activities

SoA • Complete Statement of Applicability

Program Review

• Site receives Program Resource materials

• Site implements its content protection and security system

Application Process



Step 2: APCP Audit Process

Document Review • Off-site CDSA

verification of compliance with APCP Standards

On-site Audit

• On-site CDSA verification of compliance with APCP Standards Requirements

Accredit-ation

• Site is accredited upon completion of successful on-site audit

CDSA Assessment Audit and

Report



Step 3: APCP Annual Audits

Annual CDSA Audits

•  External CDSA Audits every 12 months

Internal Audits

• Sites submit ongoing internal audit annually – six months after each CDSA scheduled audit

Corrective & Preventative

Actions

• Ongoing site performance reviews and improvement plans for continual improvement

Ongoing Surveillance

Visits



Let’s get started…

 Contact your regional CDSA representative to discuss how we can meet your organization’s needs

 Complete the APCP Program Application & Pre-Audit Assessment Survey

 Receive APCP program fee quote from CDSA



Contact us Regional Offices:

North, Central and South America Linda Dyson, Worldwide Director 3455 N. Desert Drive, Suite 3209 Atlanta, Georgia 30344 USA Tel: +1 (404) 349 9600; Fax: +1 (404) 349 4499 [email protected]

Europe, Middle East and Africa Peter Wallace, APCP Director One Heddon Street Mayfair, London W1B 4BD UK Tel: +44(0) 7850 331033 [email protected]

Asia and Pacific James Wise, APCP Director 22/F, 3 Lockhart Road Wanchai, Hong Kong SAR Tel:+852 2863 6980 [email protected]



Contact us

CDSA Headquarters:

62 Snydertown Road, Suite 301 Hopewell, New Jersey 08525 United States Tel: +1(609) 279 1700

Visit our website at: www.contentdeliveryandstorage.org

media security accreditation program overview.v4.2. 8.13.09

Documents