Whether or not you can stop IIS after upgrading to 12.1 depends on how your clients are communicating.
The easiest way to check is to look in your Management Server Lists (found in Policies -> Policy Components -> Management Server Lists) and check if your SEP clients are connecting in using a port that IIS is listening on.
If they are, then it means your SEP Clients are going through IIS, which is then rediecting the session to the SEPM's apache component. This means you'd have to assign a new MSL to the clients to tell them to connect in on the new port of 8014 (so that they bypass IIS and talk directly to SEPM's apache webserver).
If the SEP Clients are not using a port assigned to IIS, then you should be free to stop it (assuming you have nothing else using IIS that is).