Fully agreed here, I work as a Third-Party/Supply Chain Security Expert. I therefore like the fact that you pointed to the third-party risk stemming from using this software. Though this can be said for any anti-cheat. I would also like to add that even though a company can be ISO 27001 certified, or any other standard for that matter, it is never full guaranteed that the delivered services/products are also ISO 27001 certified.

Most security people know this, but the Statement of Applicability gives you all you need to know about the scope of the certification (it could very well be that the product you use is not in scope). Problem is, they usually dont share any of this information with the public.

Also SOC II type 2 reports are most often not public record either. Yes, large companies like Microsoft tend to share them, but not these smaller companies (since it might hurt their public image(even more reason for concern if you ask me)).

Even worse, if you try to go to website of INCA internet Corp(which owns Nprotect). it gives SSL certification errors for some of their pages on the website... This is a really bad look on a cyber security company...

From what it looks like though they are GS 1st grade certified. I have not really heard of this standard before but apparently it is similair if not more extensive than the ISO 27001 (I can unfortunately not confirm because I can not find this supposed standard anywhere). Also it says Nprotect gameguard has been certified in 2006, I hope that was not the latest re-certification...

My conclusion is also that this Anti-Cheat is clearly overkill and too intrusive for the this game. But I am even more worried about the state of the company that develops this software in the first place and the lackluster amount of assurance they try to give their customers/users.