Identification of applicable controls

Answer: ISO 27001 it does not have a set of basic controls, rather they have to be selected through a risk assessment process, and to identify the controls required for an organization you must verify its Statement of Applicability (SoA) and results of risk assessment. These documents will provide you information about how the organization perceives its risks and how they are going to treat them (since each organization is unique in its context and risk appetite, they will have different approaches considering the same risks, and you should take that into consideration).

This article will provide you further explanation about controls selection:
- The basic logic of ISO 27001: How does information security work? https://advisera.com/27001academy/knowledgebase/the-basic-l ogic-of-iso-27001-how-does-information-security-work/

As for the general requirements of ISO 27001, this article will provide you documents and records that are mandatory and some common adopted practices:
- List of mandatory documents required by ISO 27001 (2013 revision) https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/

These materials will also help you regarding audits:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/