All controls as described in the Annex of ISO 27001.
Try to include as many controls as possible in your Statement of Applicability, as this increases the value of your certification.
Not all controls need to have a risk associated with them. You can also include them because of legal or contractual requirements, or just because it is based on good practice.
Table of contents