Is your cloud supplier doing enough to protect your content?
Imagen are proud sponsors of DPPs supplier security checklist and user guide, designed to help customers and suppliers build confidence and trust in digital tools and services.
The Supplier Security Checklist and User Guide are two key components in a body of new work from the DPP on the theme of trust and security. Both documents are the product of extensive input from a wide range of expert DPP Members including BBC, ITV and Channel 4.
The Checklist is designed to help build confidence between supplier and customer in the transfer or storage of digital content. It covers the broad aspects of trust and security management from practical technical measures through to information management policies and processes.
There are three parts to the checklist:
- Looks at relevant existing industry standards and certification schemes such as International Standards Organisation (ISO) 27001, Content Delivery & Security Association (CDSA) and Cloud Security Alliance (CSA) Star.
- Explores the supplier’s policies and processes; incident management and recovery planning; physical security; and IT security. In aggregate, these four areas cover much of the territory covered by the formal standards listed in Part A.
- Covers the supplier’s commercial and legal considerations; training and awareness; long term preservation; business continuity and resilience. These areas will provide protection for both parties if something goes wrong.
Who should complete the supplier security checklist?
The Checklist can be used by both suppliers and customers. The term ‘supplier’ in the Checklist refers to any company that is supplying a service e.g. post production or VFX facilities, digital agencies, providers of cloud based applications or services, broadcast technology manufacturers, internal technology departments and so on. The term ‘customer’ in the Checklist refers to a company buying a service from a supplier e.g. a production company, online channel, broadcaster or distributor.