Which artifact demonstrates a vendor's information security management system certification?

The main idea is that an ISMS certification is evidenced by ISO 27001, the international standard for information security management systems. When a vendor carries ISO 27001 certification, an independent auditor has verified that the vendor has established, implemented, maintained, and continually improved an ISMS in accordance with the standard. This involves formal risk assessment and treatment, defined security controls, leadership and governance over security, and a process of ongoing monitoring and review. The result is external validation that the vendor systematically manages information security. Other options address different concepts: PCI DSS focuses on protecting payment card data, not certifying an overall ISMS; SOC 2 Type II is an attestation about the effectiveness of a service organization's controls over a period, not the ISMS certification itself; GDPR is a regulation, not a certification.