There are four main groups of requirements for ISO 27001.
The first set of requirements focus on management responsibility, the areas of your information management system in which your senior leaders need to be involved with.
The second set of requirements focus on the management of resources; in other words, how you organise your staff, business infrastructure, facilities and equipment.
The third group of requirements revolve around information security, which requires you to develop processes that protect both physical and digital information assets.
The last group of requirements focus on measurement, analysis and improvement. This last set requires you to put in place processes that allow you to assess how well your management system is working, and what you can do to improve it.