ISO compliance tells you almost nothing about the security of the product being developed, just about the processes in place at the company developing the product.
Yes thats why I also added SOC 2. I have gone through an ISO audit for our company so I know the process. The point is that these certifications are mostly a joke but you have to play the game to win "enterprise" deals.