Security Policies and Procedures

EIDR (Entertainment Identifier Registry – eidr.org) is a service provider for the global media and entertainment industry. Our members include some of the largest media companies in the world (eidr.org/eidr-members) and the identification services we provide are integrated directly into their supply chain operations (eidr.org/about-us). The Motion Picture Association (MPA – motionpictures.org) operates the Trusted Partner Network (TPN – ttpn.org), which provides a set of Content Security Best Practices for the industry (v5.3 – ttpn.org/links-resources). We at EIDR do not handle media directly, but we do manage descriptive metadata related to those programs and our services are used in the pre-release window when content security concerns are at their highest. We’re a small, not-for-profit organization. To date, our focus has been on service delivery, not security. Our security policies, procedures, and training programs have largely consisted of “we’re all professionals, so behave yourselves.” As you can imagine, this is not sufficient to meet the formal TPN security standards. The tasks ahead of us include: Reviewing the TPN Security Best Practices to determine which apply to our operation (providing justifications/explanations for those that do not) Comparing the applicable TPN Security Best Practices to our draft policies and procedures and correcting any identified gaps Developing a prioritized implementation plan that will guide us from current state to verifiable compliance with the applicable TPN Security Best Practices