...
Your selection of controls must be practical for your organisation and staff to implement and understand, otherwise they will not be effective. You should think about how you will monitor and measure the controls as set out in section 9 of the standard.
Training/Awareness
It is sensible to provide training to those responsible for implementing, managing, or monitoring controls. This training should cover the reasons why the controls are implemented, how they are intended to reduce risk, and the different ways in which the control can be implemented. It is also a useful means to get feedback on the suitability of controls. Also consider making this training available to your internal auditors.
Selection
All controls must be selected for a reason. The core reason in ISO 27001 is to address a specific risk. The control must do something to reduce this risk.
Controls may also be selected because a customer has asked you to implement it, or because a law or regulation requires it. You should try to understand these external factors in Section 4 of the standard. Selected controls should be implemented in a lawful manner.
This section should have a reference to ISO 27001 chapter 6: planning.
...