The ISO 27001 specifications do not specify any fixed areas of application for information security per se. Instead, the standard requires you to define (at least) one area of application yourself.
You therefore decide for yourself in which areas of your company you want to implement the ISO standard and determine the relevant topics. These may primarily be external factors such as security updates for your software, innovations in data protection, cyber attacks or new security technologies. However, internal topics are just as possible, e.g. securing data and information in the home office, a secure in-house WLAN or the security of production facilities.
ISO 27001 can be used company-wide or limited to specific processes, departments or teams. The requirements of the standard demand that you take into account the interests of all groups involved and coordinate the management of information security accordingly.
To determine the scope of ISO 27001 in your company, you need to analyze which specific threats exist, which areas in your organization are affected and which requirements need to be taken into account in order to protect them.
Important: ISO 27001 requires the creation of a document in which you define the scope of application.