...
Particular domains for example, scientific collaboration environments, may also have their own control sets, for example in https://www.eugridpma.org/sci/. The telecommunications sector has ISO/IEC 27011 and cloud computing has ISO/IEC 27017
ISO/IEC 27001:2013 allows you to select controls from any source, but you must justify the exclusion of any controls from Annex A which you have chosen not to implement, to ensure that no necessary controls are overlooked.
...
It is helpful to get input from a wide variety of sources at all levels within your organisation who can present different perspectives and expertise on the choice and implementation of controls. It can be too easy just to focus on the inputs of more technical colleagues.
Effectiveness
Your selection of controls must be practical for your organisation and staff to implement and understand, otherwise they will not be effective. You should think about how you will monitor and measure the controls as set out in section 9 of the standard.
...