Content Security Guidelines
for Production and Post-Production Partners
Why is this Important?
Our studio production security is key to our ability to surprise and delight our subscribers. As a post-production partner, this guideline will help you understand how to use our production collaboration tools to improve content security.
Intended Audience: Any staff member, contractor or partner organization working on a Netflix production.
We want to make sure that when you are accessing production materials, we're confident that it's really you. That means user accounts must be for individual users, and logins may not be shared. In some cases users will be asked to verify their identity using a mobile device, usually when logging in from a new device.
Using Google Accounts: In cases where partners manage their own Google domain account or they are using a "gmail.com" account on GSuite and Google Drive, we require that you turn on 2-step authentication (or other form of second factor authentication) for any Google domain account that will access production resources via Google collaboration tools.
Partner Onboarding: If you are a new partner, we can add your organization to our partner directory service. This will provide us with the ability to add and remove users within the scope of your organization. If you need to start the onboarding process, please reach out to the support email listed at the end of this guideline.
Today, partners who have administrative privilege are responsible for disabling or removing accounts for their users when they are no longer needed. It is also important for partners to review existing accounts each quarter to clean up unneeded accounts.
Backlot accounts will be considered dormant if there is no login for 30 consecutive days. Dormant accounts will be deactivated automatically. The reactivation flow needs to be followed to allow login on the deactivated accounts.
Marketing Partners: Please reach out to your Netflix contact if access is needed to Backlot, Pix, or other data stores.
Delivery of Proxies
We provide proxies (lower quality copies of our content) in the following format for subtitling and audio dubbing:
For partners who require subcontractors to access proxies:
- A subcontractor must download a proxy directly from Backlot.
- Proxies will be watermarked for the subcontractor. At the minimum the watermark will identify the subcontractor entity and where possible the individual user who is requesting to download the proxy.
In cases where we work with a partner at scale it's best to integrate directly with our user authentication and Backlot access APIs. We prefer that you not build screen-scraping or similar tools which can often break and provide inaccurate results, so if you are currently using such a tool please speak with our Backlot engineering team to arrange for API access. The following requirements must be met when integrating with the Backlot API for access to proxies:
Requirements for partners providing streaming access to their users:
When our partners provide streaming access to our pre-release material for users of their SaaS solution, we require the following:
- Use Meechum for user auth
- Use Backlot API for retrieving proxies per user
- Must use DRM (approved by audit)
- Must delete any unencrypted proxies within 24hrs
- Partners must not stream unencrypted content and must apply a Netflix approved DRM prior to streaming. Clear proxy must be encrypted within 24 hours and once encrypted the clear proxy must be deleted.
Download the full PDF Content Security Guidelines for Production and Post-Production Partners.
To request additional users within your organization:
If you have been assigned administrative privilege for your users, you will be able to setup new users without the need to request it. Otherwise please contact firstname.lastname@example.org.