Skip to content

Farncombe Security® Audit

Overview

The Farncombe Security® Audit is Cartesian’s independent specialist security auditing service for content owners, broadcasters, OTT service providers, and technology suppliers worldwide.
Trusted and recommended by the major Hollywood studios, Cartesian is one of a select few companies worldwide that offer an auditing service that meets their rigorous standards, as well as the MovieLabs Enhanced Content Protection specification for Ultra HD content.

Methodology

Cartesian’s Farncombe Security® Audit is an industry-recognized methodology for reviewing security solutions (CAS, DRM, multi-DRM licensing services, …), as well as end-to-end video platforms, client devices, or streaming solutions. It is trusted and recognized by the major Hollywood studios, and provides a detailed and independent assessment of how the audited system aligns with content providers’ requirements and industry’s best practices in terms of content security.

Our Approach

Our audit is conducted in three phases:

Phase 1: Questionnaire-based evaluation

A questionnaire is created by Cartesian, specific to the audited system. By analysing the responses to this questionnaire, Cartesian assesses the readiness of the auditee, and designs the scope, objectives and agenda for the on-site review.

Phase 2: On-site review and analysis

Cartesian conducts as many workshops as required to get a holistic and in-depth understanding of the audited system and its environment. Cartesian analyses the system and checks all the points that may influence the level of security the system grants to audio-visual content.

Phase 3: Reporting

From the outcomes of phases 1 and 2, Cartesian finalize their analysis, and draft two reports:

  • A complete technical security review report, for internal use by the auditee, including all Cartesian’s findings, as well as recommendations allowing the auditee to improve the security of his system.
  • A summary report, only containing the scores and conclusions, for external use.

Optionally, Cartesian is also able to offer targeted penetration testing of systems and devices to complement the security audit process.

Farncombe Security® Audit Coverage

The scope of our security reviews has been established and is continuously maintained through dialogue with content owners. Our audits assess and score how systems meet content providers’ requirements and industry’s best practices in each reviewed area. These areas include for example (subject to variations, depending on the audited system):

Corporate Security

  • Physical Security
  • Access management
  • Development environments
  • Production environments
  • Security awareness
  • Security organization
  • Security policy and processes

Operation Security

  • User authentication
  • Device authentication
  • Enforcement of usage rules
  • Key segregation and rotation
  • License delivery conditions
  • Token and license lifecycles

Design Security

  • Messaging security
  • Chains of trust
  • Cryptography
  • Client personalization
  • Provisioning of secrets
  • Storage of secrets
  • Content path security
  • Client environment security
  • WBC and obfuscation

The Farncombe Security® Shield Mark Program

Upon completion of a Farncombe Security® Audit, businesses may choose to display the Farncombe Security® Shield Mark on their website and publicity materials. Displaying the Shield Mark indicates that a Farncombe Security® Audit report is available from the auditee upon request.

Why Cartesian?

Unbiased and independent Audit, recognized and trusted by the Hollywood studios.
Unique Farncombe Security® reference brand, associated with the security of digital contents for more than 30 years.
Unique in-depth and holistic review, exclusively focused on content security.
Fit-to-purpose audit method and scope, adapted pragmatically to every specific case.
Renowned Farncombe Security® Shield Mark.

Case Studies

Get in touch

Need security support or advice?

Loading...