In most large media organisations, cyber security risk management is now at a mature state, with teams in place to manage and respond to risks and threats. However, broadcast and media organisations rely on a supply chain made up of many critical third party suppliers, and the level of maturity in those organisations may vary from very high to very low.
As a result, there is a need to easily identify media technology service providers and suppliers that are working towards improving their cyber security maturity. The DPP Committed to Security Programme was developed to fulfil this need, spearheaded by a range of senior technology and cyber security leaders from the broadcast and media industry. So where has adoption of the programme got to?
Most large broadcasters in the UK now publicly recognise the merits of the DPP Committed to Security Programme. Some have taken this further and include the programme in their own risk management processes.
In order to recognise and support those suppliers who’ve taken part in the programme, some buyers are now assigning formal benefit to DPP Committed to Security mark holders during their procurements. One broadcaster will now completely exempt low risk and non-critical media technology suppliers from its own security risk assessments, if they are mark holders. Another will assign an increased score in their procurement process to those suppliers who hold the DPP Committed to Security mark.
Organisations which are subject to public procurement regulations are unable to prescribe a requirement for specific standards or certifications. However, they still recognise the DPP Committed to Security mark as a reputable industry credential.
Gary Payne, Chief Information Security Officer at the BBC, underlines the importance of the Committed to Security mark and emphasises the collective support of UK broadcasters:
“As a proactive founder member of the DPP, the BBC has helped define the DPP Committed to Security mark, which incorporates a subset of the procurement checks that the corporation uses as a baseline for Broadcast and Production supplier selection. Alongside other key players in UK broadcasting, the BBC is committed to supporting the industry to align behind effective measures that help assure the security resilience of Broadcast and Production technology. In supporting this unified approach we are strongly encouraging industry suppliers to match, and where possible exceed, the baseline requirements for attaining the DPP Committed to Security mark.”
As internal procedures and processes in media organisations are always evolving, we expect more organisations to formally recognise the value that the DPP Committed to Security Programme can bring to their organisations.
Many smaller suppliers, especially in the media processing sector, find that it’s helping them to achieve a baseline level of cyber security and supporting business development. Others find that it is a stepping stone to achieve a higher degree of maturity through other industry accreditations such as the TPN.
Rhodri James, Director of Technology and Operations, Gorilla TV, explains:
“The DPP Committed to Security programme has given us real value. It really helped us to meet cyber security best practice, and it's subsequently enabled us to proceed with other assessments such as the TPN and be accepted into the Netflix NP3 Programme.”
With clear benefits in managing your cyber security risks, what are you waiting for? The DPP Committed to Security Programme is available to all, and is free for DPP members. If you’re not already a mark holder, now’s the time to get started. Register now by visiting https://www.thedpp.com/security.
To find out more, please contact:
Programme Delivery Manager