MPAA/TPN compliance, security policy


This is a very general question in the area I’m not very versed at, quite frankly, but I’d like to hear experiences from people who may be able to share some insights.

The studio I’m at is looking to implement/improve security measures to comply with the MPAA/TPN requirements and one thing that often comes up is how to handle complete production isolation from the internet.

We use standard shotgun cloud and artists access it via web browser. Additionally, the requests are sent by shotgun desktop and toolkit integrations from the artists workstations. There are also a number of services running on internal servers which utilize script API access.

Now, I know Shotgun provides a list of IP addresses which could be whitelisted (while restricting everything else), but I don’t know if this is in accordance with the MPAA guidelines and also, my question is a little bit wider. There are other cloud services that almost any studio in the world utilizes in one way or another:

  • remote render farms
  • team chat services
  • source code hosting
  • project management service
  • email

How should these be handled if the internet restriction is to be fully applied?

There’s also a question of uploading screenshots, playblasts, render previews and other media items.

So, my question is, if your studio has implemented such security policy, how did you do it - and particularly if this was in relation to the MPAA/TPN standardization effort?

Looking forward to hearing any thoughts

1 Like

Hey @koaleksa - good questions! I’ve asked the Product Team to chime in on this one in addition to the community. :smiley: