TL;DR: TIL TECHNOLOGIES by Hirsch says its SPAC Alliance membership and repeated ANSSI CSPN certifications reflect a long-term security model built around certified access control and continuous development discipline. For IAM and NHI teams, the signal is that certification posture is increasingly part of the trust model, not just a procurement checkbox.
NHIMG editorial — based on content published by Viscount Systems: TIL TECHNOLOGIES by Hirsch's certified cybersecurity commitment
Questions worth separating out
Q: How should security teams use certification claims when evaluating access-control vendors?
A: Use certification as one assurance input, not as proof that a product will fit your environment.
Q: When does a certification become more marketing than governance?
A: A certification becomes weak governance when it is presented as a substitute for operational evidence.
Q: What should procurement teams ask about repeated security certification?
A: Ask whether the vendor can produce evidence of repeatable assurance, including how security checks are embedded in development and release cycles.
Practitioner guidance
- Map certification claims to control requirements Translate SPAC Alliance or ANSSI references into your own access-control baseline, then verify which deployment, integration, and lifecycle requirements are actually covered.
- Test assurance continuity across releases Ask vendors for repeatable evidence that certification-aligned controls survive upgrades, protocol changes, and configuration drift.
- Validate lifecycle governance after deployment Review onboarding, change management, and offboarding for access systems to confirm that certified security assumptions still hold in production.
What's in the full article
Viscount Systems' full article covers the operational detail this post intentionally leaves for the source:
- The specific SPAC Alliance membership and certification context behind the claim
- The development-process changes the vendor says support repeated certification
- The concrete customer-facing security benefits the article associates with certified access control
👉 Read Viscount Systems' article on SPAC Alliance certification and certified access security →
SPAC Alliance certification: what should access teams take from it?
Explore further
Certification is becoming a governance boundary, not just a vendor badge. The article shows how access-control vendors increasingly frame certification as part of the trust architecture itself. That matters because security teams do not buy features in isolation, they inherit assurance assumptions embedded in the control plane. When access systems are central to physical and logical protection, certification status becomes part of the governance conversation. Practitioners should treat certification as a signal about process maturity, not as proof of security completeness.
A few things that frame the scale:
- 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface, according to the Ultimate Guide to NHIs.
- Only 5.7% of organisations have full visibility into their service accounts, which means governance often starts from incomplete inventory data.
A question worth separating out:
Q: How do certification and sovereignty claims affect access-risk decisions?
A: They matter when your environment depends on verifiable control over who can administer, integrate, and change the access layer. Treat sovereignty language as a prompt to test governance, hosting dependencies, and auditability rather than as a stand-alone reason to approve a product.
👉 Read our full editorial: SPAC Alliance certification and what it means for access security