1 - Should all documents have a confidentiality level?
First is important to note that defining confidentiality level for documents is necessary only if control A.5.12 Classification of information is identified as applicable in the Statement of Applicability.
Considering that, only documents with information considered relevant to the Information Security Management System scope must have a confidentiality level.
For example, in case financial information is not included in the ISMS scope, then documents with financial information do not need to have a confidentiality level.
This article will provide you with a further explanation of information classification:
2 - Also in the standard Annex A there is a table of 'A' numbers, example A.12.1.3 how do I link these to the clauses in the standard? Example 9 Performance evaluation?
Please note that there is no connection between individual clauses to particular controls.
This is so because the purpose of the main part of the standard (clauses 4 to 10) is to manage security (e.g., risk management, internal audit, etc.), whereas the purpose of Annex A is to decrease risks with controls.
For further information, see: