End-of-Life (EOL) marks the point at which a manufacturer no longer provides security updates, patches, or technical support for a product. Software and hardware in EOL status pose a significant security risk because newly discovered vulnerabilities remain unpatched.
In an ISMS, tracking EOL dates is part of lifecycle management (ISO 27001 Annex A, A.5.9 / A.8.9). You need an inventory that records EOL dates for all products in use, plus a migration process that kicks in well before the EOL date. Where migration is not possible, compensating controls must be documented: network isolation, additional monitoring, or extended support contracts.