For system/app decommissioning you should consider these controls:
- A.8.1.1 Inventory of assets: the inventory of assets should be updated after system/app decommissioning
- A.12.1.2 Change management: system/app decommissioning should be performed in an authorized and controlled manner
- A.14.2.3 Technical review of applications after operating platform changes: after decommission the security of remaining platforms which had interrelation with decommissioned system/app should be evaluated
Please note that the application of these controls should consider the results of risk assessment.