How to Confluence as ISMS for ISO 27001

Hi Atlassian community,

we are currently in audits for getting certified for ISO 27001 with Confluence as our ISMS.
We therefore need to make Confluence ISO ready based on the feedback we have gotten from the auditor. The main feedback was that every newly published version should have a comment, which is currently not possible due to ([CONFCLOUD-6373] Option for making page-publish/edit comments mandatory - Create and track feature requests for Atlassian products.)

We are looking into the following app that seems promising: Workflows for Confluence - Document Management & Approvals | Atlassian Marketplace

I however still wanted to ask some questions the community that are or were in the same situation to use Confluence as their ISMS for ISO 27001.

What kind of changes have you done in Confluence to get ISO 27001 ready (structure, content and technical)?
Which kind of Confluence built-in functionality do you use?
What kind of Marketplace apps have you added for this use-case?

I also need to mention that we are having Confluence Standard, which could potentially limit on what we can do, but even if you are using Premium functionality then this is good to know.

Thanks in advance for any kind of response!

Cheers
Simon