You have to buy the ISO 27001 standard, which is a security standard: “ISO/IEC 27001:2013 specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization.”

Absolutely not. None of the ISO standards would meet either of those criteria.

Nah, the term "open standard" is so vague that is probably does.

In its laxest definition -- endorsed by ISO itself -- it's just a standard managed by a nonprofit standard organization. In the more common definition it only requires royalty-free use plus the org. Requiring free access is unfortunately an extreme in the spectrum of definitions.

It's not an analogy -- ISO/IEC 18033-3 [0] is literally an encryption standard that you have to buy to inspect.

[0]: https://www.iso.org/standard/37972.html

There's more. ISO/IEC 29192-1 through 29192-7 are standards on lightweight cryptography that you have to buy to inspect. Total cost for all of them including the one amendment is CHF 812.