When filling out the Treatment Table there are the columns Selection of Options and Means of Implementation. Both offer a selection of inputs. Is it mandatory to use these selections or can you use some other inputs that are not in the selection table? For instance can I add Other measures tot the "Selection of Options" and "Scan all documents to be stored on secure NAS, Destroy all physical documents".
But it is important to mention that "Scan all documents to be stored on secure NAS, Destroy all physical documents" is an example of implementation of controls A.8.2.3 Handling of assets, so in principle there is no need to add your example as mean of implementation.
This answers the first part of my question. The second part maybe wasn't comprhensive enough.
When completing the Risk Treatment Table. You have to think about how you are going to treat a particular risk. Next you have to choose a related control from ISO 27001 Annex A. This choice however does not clarify the specific action that you are going to take in the form of adapting one of the toolbox documents or maybe writing a specific work instruction (like scan and destroy all phisical documents).
When I have to think about a solution to a threat I want to be able to describe this solution and not to have to come back to that specific threat in de treatment table to think about the problem for a second time. The Treatment Table only allows me to choose related Annex A items but does not allow me to describe a specific action in more detail.
First of all thanks for the clarification about your doubt.
In fact for the purpose you described, the Risk Treatment Plan is not the proper document. As you said, it describes the general solution for risk. For recording more detailed information you can use the Statement of Applicability template. In this template you have a column called "Implementation method ", where you can describe the solution for a control (covering all risks and legal requirements related to that control), or make reference to documents (e.g., policy, procedure, or work instruction) describing the adopted solution.