If you have or are aiming for large enterprise customers, ISO 27001 is basically a requirement. You'll probably also need ISO 27017, ISO 27018, ISO 27701, SOC 2, SOC 3, APEC and maybe more, all depending on which stage your company is at.