Your Roadmap to Risk Reduction!

The Continuum GRC ITAM SaaS platform has hundreds of plugin modules available, such as:

GRC compliance icon - risk assessment tool for ISO HIPAA SOC2 standards AI-powered cybersecurity 2025 zero trust ransomware protection supply chain security regulatory compliance operational resilience

TPN Solutions

Achieving TPN Gold certification demonstrates to studios, networks, and streaming platforms that your organization meets the most rigorous, globally recognised content-security requirements in the entertainment industry.

Module Bundle includes:

  • System Security Plan (SSP)
  • AC Access Control
  • AT Awareness and Training
  • AU Audit and Accountability
  • CA Certification, Accreditation, and Security Assessment
  • CM Configuration Management
  • CP Contingency Planning
  • IA Identification and Authentication
  • IR Incident Response
  • MA Maintenance
  • MP Media Protection
  • PE Physical and Environmental Protection
  • PL Planning
  • PS Personnel Security
  • RA Risk Assessment
  • SA System and Services Acquisition
  • SC System and Communications Protection
  • SI System and Information Integrity
  • PM Project Management

    Ensure Compliance in Supply Chain Environments

    The Trusted Partner Network (TPN) is a voluntary cybersecurity assessment program managed by the Motion Picture Association (MPA) for the media and entertainment industry. It focuses on securing sensitive content (e.g., films, TV shows, and games) throughout the supply chain. TPN audits are not traditional "pass/fail" certifications but assessments that evaluate adherence to security best practices. They result in statuses like Blue Shield (self-attested) or Gold Shield (third-party audited), with reports shared via the TPN+ platform to build trust with studios and content owners.

    Audits emphasize identifying non-conformances, risks, and remediation needs rather than issuing formal certifications. TPN does not endorse vendors or provide security ratings—it's a standardized framework to reduce duplicate reporting and demonstrate security maturity.

    FAQ

    From kickoff to final report publication, the process typically takes 3–6 months, depending on readiness, scope (on-site vs. cloud), and remediation time.

    All six MPA member studios (Disney, Netflix, Warner Bros., Universal, Paramount, Sony), plus Amazon MGM, Apple, Lionsgate, Skydance, A24, and most major gaming companies.

    Yes — virtually every major studio and streamer lists TPN Gold as a contractual requirement in 2025–2026 vendor agreements.

    TPN+ is the secure portal where your final report is published. Studios and content owners you authorize can instantly view your current status and download the report.

    Register at tpn.org, 2) Complete the baseline questionnaire, 3) Choose an accredited assessor, 4) Undergo the audit and remediation, 5) Receive your published Gold report in TPN+.

    Purpose of TPN

    TPN reports are generated post-assessment and serve as the primary output, detailing your organization's security posture. They are not public but securely shared with TPN members (e.g., studios) via the TPN+ portal.

    Key requirements include:

    • Report Content:
      • ISMS Overview: Description of your information security management system, including risk treatment, business continuity, and control implementation.
      • Control Validation: Evidence-based evaluation of adherence to MPA CSBP, highlighting conformant, non-conformant, or partially conformant controls.
      • Risk Assessment: Identification of unacceptable risks, vulnerabilities, and threats specific to media content (e.g., leaks, breaches).
      • Non-Conformance Areas: Detailed findings on gaps, with recommendations for remediation.
      • Remediation Plan: A mandatory action plan from the provider, outlining timelines, responsibilities, and evidence for addressing issues. This is submitted post-draft for Gold Shield approval.
    • Generation Process:
      1. Pre-Audit: Complete TPN questionnaire (self-attestation for Blue Shield).
      2. Audit Execution: Third-party assessor conducts interviews, evidence review, and testing (e.g., policy checks, access controls).
      3. Draft Report: Assessor submits to TPN for quality control (typically 2 weeks).
      4. Review & Remediation: Provider reviews findings and submits a remediation plan.
      5. Final Report Publication: TPN accepts and publishes; status granted upon remediation completion.
    • Validity and Renewal:
      • Blue Shield: Valid for 1 year (self-attested; annual update required).
      • Gold Shield: Valid for 2 years from report publication; requires a full re-audit every 24 months and interim Blue Shield at 12 months.
      • Gold Star (enhanced tier): Same validity, but includes full remediation of best practices and recommendations.
    • Additional Requirements:
      • Evidence Submission: Policies, logs, training records, and third-party certs (e.g., SOC 2) must be provided.
      • Follow-Up Audits: If major gaps are found, re-audits may be needed.
      • Cost & Scope: Voluntary; costs vary by assessor and scope (e.g., onsite vs. remote). No formal "certification" fee from TPN.

    Achieving Gold Shield positions your organization as compliant with these rigorous standards, enabling secure partnerships.

    What are you waiting for?

    You are just a conversation away from putting the power of Continuum GRC to work for you. Contact us using the form below or calling us at 1-888-896-6207 for assistance.

    Download our company brochure.

    ng Benefits