BS EN ISO IEC 27001:2013 provides the framework for an Information Security Management System or ISMS.
The core ISO 27001 requirements are provided in clause 4.1 through to 10.2 and the Annex A controls you may choose to implement (based on your risk management) are listed in control groups A.5 through to A.18.
To achieve ISO 27001 certification you will need to meet all the core ISO 27001 requirements. A fundamental core requirement (6.1) is to identify, assess and make treatment decisions about your information security risks which helps you determine what specific risk-reducing controls are required and whether the ISO 27001 Annex A controls are applicable.