Shows you how much these certifications are worth in reality.

Absolutely worthless pieces of paper. We had the ISO 270001 and the physical security "walk tour" or whatever it's called; I could've outsourced that to a bunch of preschoolers walking around the offices and data center rooms and would've gotten the same result. The only _actually_ working way to protect your org is to continuously attack your own systems and see what part of it breaks or leaks data.

Clearly the real issue is their 27001 expired on 15/12/2025

I saw that too. Ddg didn't give me a lot of results. Beyond a few dozen