...
There is a strong relation with the ISO 27001 Statemnet op Statement of Applicability, and the risk based selection of controls. You can use ISO 27002 and her its chapters for grouping controls or you can use other grouopings groupings that are more adapted better suited to your business processes.