• Assessing and evaluating content security at third-party outside vendors;
• Reinforcing the importance of securing Member Company content; and
• Providing a standard survey vehicle for further individual discussions regarding content security between Member Companies and their business partners.

Any questions about the program should be directed to sitesurvey@mpaa.org

The main objective of these "best practice" documents is to provide current and future vendors engaged by MPAA Member Companies with an understanding of general content security expectations and current industry best practices. Decisions regarding the use of vendor(s) by any particular Member Company are made by each Member Company solely on a unilateral basis.

Please note that best practices outlined in this document are subject to local, state, and federal laws or regulations. Compliance with best practices is strictly voluntary. This is not an accreditation program.

Best practices presented are organized following the MPAA Content Security Maturity Model, which is used as the basis for all global site security surveys. The MPAA Content Security Maturity Model provides an analytical framework for assessing a facility's capabilities to secure content. It is comprised of 25 dimensions across three areas: (1) control environment, (2) physical security, and (3) digital security.

The components of the MPAA Content Security Maturity Model are based on relevant ISO standards (27001/27002/27005), security standards (i.e., NIST), as well as Deloitte & Touche LLP industry best practices. The relevant security references have been included in the guidelines.

Go to the best practice documents.