Help: Creating risk management plan under ISO27005
I am after some help with creating a risk management plan, I have completed the work but have a few questions. The methodology I chose to apply was ISO27005, but I am unclear on whether the risk communication and risk monitoring review sections are mandatory?
Actually which parts are mandatory? Another thing I am not clear on is how I am supposed to provide justification of the risk treatment options. Is this something which is necessary under ISO27005?