Organizations can pick and choose the appropriate controls and decide how they deploy them based on their risk assessment and risk treatment plan. ISO 27001 Annex A is like a Table of Contents that lists all the security controls under ISO. ISO 27001 lists its 114 controls in Annex A which are divided into 14 domains.
ISO 27001 controls are the measures that organizations must take by way of policies, processes, and procedures to meet the security requirements of the framework.
