I was wondering, how can I develop a control for A.12.7.1? should it be inside a policy? Which policy?
Answer: If you have identified risks or legal requirements that justify the application of control A.12.7.1 - Information systems audit controls, which requires careful planning and agreement regarding the verification of operational systems, I suggest you to develop its implementation in the Security Procedures for IT Department template, located in folder 11 Security Controls of the ISO 27001 Documentation Toolkit you bought.
This document helps define and ensure correct and secure functioning of information and communication technology for which the responsibility lays with the IT department, and you can include the implementation of control A.12.7.1 here.