Company Claims to Sell ISO 27001 Certified Software but Fails to Comply

The author is working with a client who uses expensive software, sold as an ISO 27001 certified SaaS solution, but with questionable development and security methods. The software provider copies production data to test and development environments without masking it, which contradicts ISO 27001 guidelines A.8.31 and A.8.33. This method is used to avoid production issues and is applied to over 700 companies.