As I understand, ISO 27001 is a standard, a set of requirements to be met by a company to be compliant with. But ISO does not provide a method or a methodology to implement the requirements. Is that true ? If yes, could you please name a widely accepted method or methodology to do so.
ISO does not prescribe a method to implement its management standards so organizations can choose the method that better suits their needs.
Widely accepted methods for ISO 27001 implementation are project management approaches based on traditional and agile frameworks like PMBoK and Scrum, but they need to be adjusted for the specific needs of an ISMS implementation project.