Media Security Accreditation Program Overview.V4.2. 8.13.09

www.contentdeliveryandstorage.org

Anti-Piracy and
Compliance Programs

Your partner in APCP anti-piracy and content protection and security programs since 1997.


Agenda
  Why CDSA?

  Anti-Piracy and Compliance Programs - APCP

  Content Protection and Security

  Benefits

  Accreditation Process

  Next Steps



CDSA
  Formerly the International Recording Media (IRMA)

  Founded in 1970

  Worldwide forum advocating the innovative and responsible
delivery and storage of entertainment, software and
information content.

  Developer of the Anti-Piracy and Compliance Programs
(APCP): the world’s first family of anti-piracy and security
standards specifically designed for our industry



APCP Certification
Programs

  Pioneer of the world’s first certification program for Anti-Piracy
and Compliance Programs (APCP) and related standards

  Global recognition by major content holders, as well as
international governments

  +10 years tradition providing effective certification programs to
+120 APCP-certified companies in five continents

  Spanning the entire supply chain

  International reach, with regional offices in the United States,
United Kingdom, and Hong Kong



APCP Certification Programs
APCP
Family of Standards

Copyright and
Packaging and
Licensing
Materials Standards
Standards

Digital Plastic DVD
Security Packaging
Certification

Media
Security

Post
Production
Security



Content Protection and
Security Certification
  Security management of content and other related
intellectual property – in all of its forms
  Structured audit process:
  Initial on-site audit to gain initial accreditation
  Annual surveillance audits to maintain site accreditation

  Capability Framework:
  Risk management approach
  Set of critical requirements for establishing, implementing and improving
security control processes:
  Digital Security
  Media Security
  Physical Security



Seven
Capability Framework (CF)
Areas
• Documentation, • Personnel and • Asset • Physical security
risk management resources management
and compliance

CF1 CF2 CF3 CF4
• IT security and • Training and • Disaster recovery
electronic data awareness and Business
continuity
planning

CF5 CF6 CF7


Determining a Site’s Inherent
Risks Level
  CDSA identifies inherent risk level posed by site, using information
gathered in:
  CDSA Accreditation Program Application
  Pre-Audit Assessment Survey

  Resultant information is used to ascertain level of security required
to achieve and maintain accreditation under the CDSA Media
Security Accreditation Program

  Two inherent risk levels:
  Standard Security Risk
  Enhanced Security Risk



Standard Security Risk Level
& Assessment
  Standard Security Risk: Risk exposure is minimal to low, based upon
the scope of operations.
  Activities that require this level of certification may include but not
exclusively:
  Distribution, Freight Forwarding and storage of completed or post
release product
  Printing and merchandising of non-sensitive component parts or
peripheral material
  To achieve certification at Standard Risk Level, site must
demonstrate applied methodologies in all areas of the program,
but may not be required to provide evidence of formal
documentation in all sections of the Capabilities Framework
  CDSA On-Site Audit Duration (typical): up to 1 day



Enhanced Security Risk
Level & Assessment
  Enhanced Security Risk: Site’s security risk exposure is significant,
based upon the complexity & scope of activities.
  Activities that require this level of certification may include but not
exclusively:
  Content creation, origination, editing, authoring, subtitling/
dubbing and manufacture of pre and post release content
  Pre-release promotional activities
  Handling, storage, transmission and distribution of digital content
  To achieve certification at the Enhanced Risk Level, site must
demonstrate formal methodologies and provide documentation of
all sections of the Capabilities Framework (CF)
  Highly in-depth CDSA audit process
  CDSA On-Site Audit Duration (typical): 1 day or more



How CDSA determines
Inherent Risks
Statement of
• Risk assessment Applicability •  Security Policy Manual
• Gap analysis •  Specifications/Standards
• Identification of •  Control Procedures
requirements to meet
business needs
• Scope determination
for the content security
Security Risk management system
Inherent Risk Level
Management drive expectations &
Support CDSA audit criteria



APCP Program Benefits
  Is the authoritative set of industry-driven best practices

  Empowers organizations to manage and mitigate security and
piracy risks

  Can be applied and adapted to all organizations in the supply
chain

  Provides a cost-effective assessment process suitable for use
throughout the entire supply chain
  Supports client specifications and business needs
  Demonstrates a strong commitment to intellectual property
security and protection, and the prevention of piracy

  Confidential audit feedback



Step 1:
APCP Application &
Pre-Audit Assessment Survey
• Submit Program
Application & CDSA Pre-
Audit Survey to CDSA
Application
• Determine risk level
posed by site operations
and activities

Application SoA • Complete Statement of
Process Applicability

• Site receives Program
Resource materials
Program • Site implements its
Review content protection and
security system



Step 2:
APCP Audit Process

Document
Review • Off-site CDSA
verification of
compliance with APCP
Standards

CDSA
• On-site CDSA
Assessment On-site verification of
Audit and Audit compliance with APCP
Standards
Report Requirements

• Site is accredited upon
Accredit- completion of
ation successful on-site audit



Step 3:
APCP Annual Audits
Annual •  External CDSA Audits
CDSA Audits every 12 months

Ongoing Internal
• Sites submit ongoing
internal audit annually
Surveillance Audits
– six months after each
CDSA scheduled audit
Visits

• Ongoing site
performance reviews
Corrective & and improvement
Preventative
Actions plans for continual
improvement



Let’s get started…
 Contact your regional CDSA representative to
discuss how we can meet your organization’s needs
 Complete the APCP Program Application & Pre-
Audit Assessment Survey
 Receive APCP program fee quote from CDSA



Contact us
Regional Offices:

North, Central and South America
Linda Dyson, Worldwide Director
3455 N. Desert Drive, Suite 3209
Atlanta, Georgia 30344 USA
Tel: +1 (404) 349 9600; Fax: +1 (404) 349 4499
ldyson@contentdeliveryandstorage.org

Europe, Middle East and Africa
Peter Wallace, APCP Director
One Heddon Street
Mayfair, London W1B 4BD UK
Tel: +44(0) 7850 331033
pwallace@contentdeliveryandstorage.org

Asia and Pacific
James Wise, APCP Director
22/F, 3 Lockhart Road
Wanchai, Hong Kong SAR
Tel:+852 2863 6980
jwise@contentdeliveryandstorage.org



Contact us

CDSA Headquarters:

62 Snydertown Road, Suite 301
Hopewell, New Jersey 08525
United States
Tel: +1(609) 279 1700

Visit our website at:


Media Security Accreditation Program Overview.V4.2. 8.13.09

Recommended

Recommended

More Related Content

Viewers also liked

Viewers also liked (10)

Similar to Media Security Accreditation Program Overview.V4.2. 8.13.09

Similar to Media Security Accreditation Program Overview.V4.2. 8.13.09 (20)

Media Security Accreditation Program Overview.V4.2. 8.13.09