I am going through an ISO 20k and 27001 audit right now. Your best bet is to bite the bullet and get CCS (control compliance suite) and then buy the 27001 "module" for CCS. It will walk you through, build your security posture to reflect ISO standard...