We're not currently audited for ISO 27001, but the two categories of WebTrust audit criteria include (by direct reference) most of the same underlying ISO documents and requirements. Just offhand, I think most of the other items in 27001 relate to PII practices; we collect minimal PII and only from the Subscriber itself.
If there are specific criteria you need that are missing, we could explore getting them included in our next audit, especially if you're working with a set of criteria that other folks are also likely to need.