Media Security Accreditation Program Overview.V4.2. 8.13.09
1. www.contentdeliveryandstorage.org
Anti-Piracy and
Compliance Programs
Your partner in APCP anti-piracy and content protection and security programs since 1997.
2. www.contentdeliveryandstorage.org
Agenda
Why CDSA?
Anti-Piracy and Compliance Programs - APCP
Content Protection and Security
Benefits
Accreditation Process
Next Steps
Your partner in APCP anti-piracy and content protection and security programs since 1997.
3. www.contentdeliveryandstorage.org
CDSA
Formerly the International Recording Media (IRMA)
Founded in 1970
Worldwide forum advocating the innovative and responsible
delivery and storage of entertainment, software and
information content.
Developer of the Anti-Piracy and Compliance Programs
(APCP): the world’s first family of anti-piracy and security
standards specifically designed for our industry
Your partner in APCP anti-piracy and content protection and security programs since 1997.
4. www.contentdeliveryandstorage.org
APCP Certification
Programs
Pioneer of the world’s first certification program for Anti-Piracy
and Compliance Programs (APCP) and related standards
Global recognition by major content holders, as well as
international governments
+10 years tradition providing effective certification programs to
+120 APCP-certified companies in five continents
Spanning the entire supply chain
International reach, with regional offices in the United States,
United Kingdom, and Hong Kong
Your partner in APCP anti-piracy and content protection and security programs since 1997.
5. www.contentdeliveryandstorage.org
APCP Certification Programs
APCP
Family of Standards
Copyright and
Packaging and
Licensing
Materials Standards
Standards
Digital Plastic DVD
Security Packaging
Certification
Media
Security
Post
Production
Security
Your partner in APCP anti-piracy and content protection and security programs since 1997.
6. www.contentdeliveryandstorage.org
Content Protection and
Security Certification
Security management of content and other related
intellectual property – in all of its forms
Structured audit process:
Initial on-site audit to gain initial accreditation
Annual surveillance audits to maintain site accreditation
Capability Framework:
Risk management approach
Set of critical requirements for establishing, implementing and improving
security control processes:
Digital Security
Media Security
Physical Security
Your partner in APCP anti-piracy and content protection and security programs since 1997.
7. www.contentdeliveryandstorage.org
Seven
Capability Framework (CF)
Areas
• Documentation, • Personnel and • Asset • Physical security
risk management resources management
and compliance
CF1 CF2 CF3 CF4
• IT security and • Training and • Disaster recovery
electronic data awareness and Business
continuity
planning
CF5 CF6 CF7
Your partner in APCP anti-piracy and content protection and security programs since 1997.
8. www.contentdeliveryandstorage.org
Determining a Site’s Inherent
Risks Level
CDSA identifies inherent risk level posed by site, using information
gathered in:
CDSA Accreditation Program Application
Pre-Audit Assessment Survey
Resultant information is used to ascertain level of security required
to achieve and maintain accreditation under the CDSA Media
Security Accreditation Program
Two inherent risk levels:
Standard Security Risk
Enhanced Security Risk
Your partner in APCP anti-piracy and content protection and security programs since 1997.
9. www.contentdeliveryandstorage.org
Standard Security Risk Level
& Assessment
Standard Security Risk: Risk exposure is minimal to low, based upon
the scope of operations.
Activities that require this level of certification may include but not
exclusively:
Distribution, Freight Forwarding and storage of completed or post
release product
Printing and merchandising of non-sensitive component parts or
peripheral material
To achieve certification at Standard Risk Level, site must
demonstrate applied methodologies in all areas of the program,
but may not be required to provide evidence of formal
documentation in all sections of the Capabilities Framework
CDSA On-Site Audit Duration (typical): up to 1 day
Your partner in APCP anti-piracy and content protection and security programs since 1997.
10. www.contentdeliveryandstorage.org
Enhanced Security Risk
Level & Assessment
Enhanced Security Risk: Site’s security risk exposure is significant,
based upon the complexity & scope of activities.
Activities that require this level of certification may include but not
exclusively:
Content creation, origination, editing, authoring, subtitling/
dubbing and manufacture of pre and post release content
Pre-release promotional activities
Handling, storage, transmission and distribution of digital content
To achieve certification at the Enhanced Risk Level, site must
demonstrate formal methodologies and provide documentation of
all sections of the Capabilities Framework (CF)
Highly in-depth CDSA audit process
CDSA On-Site Audit Duration (typical): 1 day or more
Your partner in APCP anti-piracy and content protection and security programs since 1997.
11. www.contentdeliveryandstorage.org
How CDSA determines
Inherent Risks
Statement of
• Risk assessment Applicability • Security Policy Manual
• Gap analysis • Specifications/Standards
• Identification of • Control Procedures
requirements to meet
business needs
• Scope determination
for the content security
Security Risk management system
Inherent Risk Level
Management drive expectations &
Support CDSA audit criteria
Your partner in APCP anti-piracy and content protection and security programs since 1997.
12. www.contentdeliveryandstorage.org
APCP Program Benefits
Is the authoritative set of industry-driven best practices
Empowers organizations to manage and mitigate security and
piracy risks
Can be applied and adapted to all organizations in the supply
chain
Provides a cost-effective assessment process suitable for use
throughout the entire supply chain
Supports client specifications and business needs
Demonstrates a strong commitment to intellectual property
security and protection, and the prevention of piracy
Confidential audit feedback
Your partner in APCP anti-piracy and content protection and security programs since 1997.
13. www.contentdeliveryandstorage.org
Step 1:
APCP Application &
Pre-Audit Assessment Survey
• Submit Program
Application & CDSA Pre-
Audit Survey to CDSA
Application
• Determine risk level
posed by site operations
and activities
Application SoA • Complete Statement of
Process Applicability
• Site receives Program
Resource materials
Program • Site implements its
Review content protection and
security system
Your partner in APCP anti-piracy and content protection and security programs since 1997.
14. www.contentdeliveryandstorage.org
Step 2:
APCP Audit Process
Document
Review • Off-site CDSA
verification of
compliance with APCP
Standards
CDSA
• On-site CDSA
Assessment On-site verification of
Audit and Audit compliance with APCP
Standards
Report Requirements
• Site is accredited upon
Accredit- completion of
ation successful on-site audit
Your partner in APCP anti-piracy and content protection and security programs since 1997.
15. www.contentdeliveryandstorage.org
Step 3:
APCP Annual Audits
Annual • External CDSA Audits
CDSA Audits every 12 months
Ongoing Internal
• Sites submit ongoing
internal audit annually
Surveillance Audits
– six months after each
CDSA scheduled audit
Visits
• Ongoing site
performance reviews
Corrective & and improvement
Preventative
Actions plans for continual
improvement
Your partner in APCP anti-piracy and content protection and security programs since 1997.
16. www.contentdeliveryandstorage.org
Let’s get started…
Contact your regional CDSA representative to
discuss how we can meet your organization’s needs
Complete the APCP Program Application & Pre-
Audit Assessment Survey
Receive APCP program fee quote from CDSA
Your partner in APCP anti-piracy and content protection and security programs since 1997.
17. www.contentdeliveryandstorage.org
Contact us
Regional Offices:
North, Central and South America
Linda Dyson, Worldwide Director
3455 N. Desert Drive, Suite 3209
Atlanta, Georgia 30344 USA
Tel: +1 (404) 349 9600; Fax: +1 (404) 349 4499
ldyson@contentdeliveryandstorage.org
Europe, Middle East and Africa
Peter Wallace, APCP Director
One Heddon Street
Mayfair, London W1B 4BD UK
Tel: +44(0) 7850 331033
pwallace@contentdeliveryandstorage.org
Asia and Pacific
James Wise, APCP Director
22/F, 3 Lockhart Road
Wanchai, Hong Kong SAR
Tel:+852 2863 6980
jwise@contentdeliveryandstorage.org
Your partner in APCP anti-piracy and content protection and security programs since 1997.
18. www.contentdeliveryandstorage.org
Contact us
CDSA Headquarters:
62 Snydertown Road, Suite 301
Hopewell, New Jersey 08525
United States
Tel: +1(609) 279 1700
Visit our website at:
www.contentdeliveryandstorage.org
Your partner in APCP anti-piracy and content protection and security programs since 1997.