ISO 27000 defines an information security management system.  It's the '

policies, procedures, guidelines, and associated resources and activities, collectively managed by an organization, in the pursuit of protecting its information assets.'

The applications covered by that system aren't 27k compliant, it's the overall system that's compliant.  Unfortunately, you're asking the wrong question.  A better question would be:

'given my ISMS, what risks are there in leaving Odoo unsecured and so what policies doI need to enact to secure it ?'

From the standard (2018):

All information held and processed by an organization is subject to threats of attack, error, nature (for example, flood or fire), etc., and is subject to vulnerabilities inherent in its use. The term information security is generally based on information being considered as an asset which has a value requiring appropriate protection, for example, against the loss of availability, confidentiality and integrity.

As information security risks and the effectiveness of controls change depending on shifting circumstances, organizations need to:
a) monitor and evaluate the effectiveness of implemented controls and procedures;
b) identify emerging risks to be treated; and
c) select, implement and improve appropriate controls as needed.
To interrelate and coordinate such information security activities, each organization needs to establish its policy and objectives for information security and achieve those objectives effectively by using a management system.

An ISMS consists of the policies, procedures, guidelines, and associated resources and activities, collectively managed by an organization, in the pursuit of protecting its information assets. An ISMS is a systematic approach for establishing, implementing, operating, monitoring, reviewing, maintaining .........