I am writing to find out the implications of using unlicensed product keys or incorrect licenses on ISO 27001.
I have come across cases where there are certain products such as XXX, XXX and XXX that are not correctly used. Product keys were acquired, but the licenses were not.
I am under the assumption that the control A.18.1.2 requires an organization to use the correct licenses. Would these issues have an impact on certification if they are uncovered within an audit?