No, we are not currently ISO 27001 certified. We are currently progressing toward SOC2 certification. You can see more about standards and compliance here: https://fusionauth.io/features/security-data-compliance/
Please see this issue for updates on this functionality. Vote for it if this is important to you.
Yes and no. Since OAuth 2.1 isn't released yet (though the working group seems to be getting pretty close) no one can "support" it yet. This is the draft specification right now: https://tools.ietf.org/html/draft-ietf-oauth-v2-1-00
This blog post examines some of the changes and how FusionAuth is set up to handle them: https://fusionauth.io/blog/2020/04/15/whats-new-in-oauth-2-1#can-you-use-oauth-21-right-now
I faced similar kind of issue last time, I am still searching for some proper solution.