To be ISO 27001 compliant we have to have an "approved software list", as such there should be an ability to create lists of apps that a user cannot install or run, this should exist on profile level.