Please note that ISO 27001 was designed to be applicable to organizations of any size and industry. In short, clauses from 4 to 10 (the ones that are mandatory), requires:
Definition of the ISMS scope considering relevant internal and external issues and expected results
Definition of roles and responsibilities regarding information security
Identification and treatment of relevant risks
Provision of resources
Proper operation of controls, and recording of evidence
Treatment of non-conformities and continual improvement
If you note, these activities should be performed by organizations of any size looking for excellence.
Regarding documents, ISO 27001 requires few documents in clauses 4 to 10, and most of the controls from Annex A do not require documentation such as policies or procedures (although for implemented controls you have to produce records, such as logs, reports, etc.)
What normally varies is that, according to the organization's willingness to take risks, the number of applicable controls will be greater or smaller than to other similar organizations, and this will affect the provision of resources.
Most of our clients are companies smaller than 200 employees, and they do not have much trouble implementing this standard.
These articles will provide you a further explanation about ISO 27001: