1. How can ISO 27001 ensure data integrity in a company that needs to create all its security policies from scratch
ISO 27001 Annex A has controls that can be applied to minimize risks that information is changed or destroyed without authorization (e.g., A.9.1.1 Access control policy, and A.12.1.2 Change management), and that changes performed can be tracked and undone if needed (e.g., A.12.4.1 Event logging, and A.12.3.1 Information backup), thus helping protect information integrity.
2. is the return on investment of an ISO 27001 project feasible?
ISO 27001 was designed to help organizations apply controls based on relevant requirements and in levels related to their risk tolerance.
Considering that, provided that the ISO 27001 project is aligned to the business' and interested parties' (e.g., customers, regulation bodies, suppliers, etc.) needs and objectives, its return on investment is feasible.
This article will provide you a further explanation about ISO 27001 implementation: