Step 6: Statement of Applicability

Document which ISO 27001 Annex A controls are applicable, partially applicable, or not applicable to your organization