Yes. ISO 27001 has no minimum size requirement, and small organizations with fewer than 50 employees have successfully achieved certification. The ISMS scope can be limited to specific services or business units to make certification more manageable. Certification body fees are typically scaled to organization size.
Keep Exploring