ISO27001 Implementation

ISO 27001 consists of two parts:
1 - the main part of the standard, from clauses 0 to 10, out of which clauses 4 to 10 are mandatory. These clauses defined what an Information Security Management System (ISMS) needs to perform, document, record, and deliver.

2 - Annex A, which has 14 sections - it starts from A.5 to A.18. These sections contain the 114 controls, which defines information security requirements and controls objectives

ISO 27001 Annex A is based on British Standard BS 7799-1 (Information technology - Code of practice for information security management ), which had the following structure:

Foreword
0 introduction
1 scope
2 terms and definitions
3 structure of this standard
4 risk assessment and treatment
5 security policy
6 organization of information security
7 asset management
8 human resources security
9 physical and environmental security
10 communications and operations management 
11 access control
12 information systems acquisition, development and maintenance
13 information security incident management
14 business continuity management
15 compliance
Bibliography
Index

So, when this content was incorporated to ISO 27001 Annex A, version 2005, to facilitate the transition for those who used the BS standard, the names and section numbers from sections 5 to 15 of the old BS 7799-1 were kept, only including the "A." to indicate they are part of the ISO 27001 Annex. When ISO 27001 was updated to version 2013 this sequence was maintained.

Here you can see a further explanation:
- A list of sections in Annex A: https://advisera.com/27001academy/iso-27001-controls/
- What is ISO 27001 https://advisera.com/27001academy/what-is-iso-27001/

This whitepaper also can help you:
- Clause-by-clause explanation of ISO 27001 (PDF) https://info.advisera.com/27001academy/free-download/clause-by-clause-explanation-of-iso-27001