ISO 27001 and ISO 27002

There is always a first time. If you refer to the implementation of the ISO 27001, it is composed of a series of stages, and depending of the company, each phase can be more or less easy. If you need a checklist for its implementation, please read this “ISO 27001 implementation checklist": https://advisera.com/27001academy/knowledgebase/iso-27001-implementation-checklist/
 
If you refer to the implementation of the ISO 27002, also depending of the company will be more/less easy implement the security controls (related to IT, HR, legal, etc.)
 
On the other hand, ISO 27002 is only a code of best practices, this means that the certification bodies not certify it, so there isn´t specific audit for only the ISO 27002. Although you can see in the Annex A of the ISO 27001 all security controls of the ISO 27002 (which are audited in a ISO 27001 audit), but you can only see a brief description, in the ISO 27002 you ca n see for each control an implementation guide. 

 
If you want to know more about the differences between ISO 27001 and ISO 27002, please read this article “ISO 27001 vs. ISO 27002": https://advisera.com/27001academy/knowledgebase/iso-27001-vs-iso-27002/