Is Risk Treatment Table necessary?

Answer: If all the risks are acceptable, this would mean that you do not need to implement any control, so this would mean that Risk Treatment Plan is not needed.

I must add that if you have such situation, there is something wrong - it is impossible to have all the risks at the acceptable level, so you might have not identified all the risks, or you have been assigning the impact or likelihood too low, or your acceptable level of risk is too low. In any case, not having Risk Treatment Plan will create big problems during the certification audit.

Also I would like to know if it's possible to have a detailed list of Control and Objectives to clarify my thoughts when I'm filling out the Statement of Applicability Table.

Answer: In the ISO 27001 Toolkit you purchased, you have the Statement of Applicability template that lists the names of all controls from ISO 27001 Annex A; however to read the description of ea ch of those controls and get the suggested control objectives, you need to purchase the ISO 27001 standard, you can find it on the ISO website: https://www.iso.org/standard/54534.html

By the way, together with the toolkit you received video tutorial that explains how to fill out the Statement of Applicability - there you can see how to fill out this document, including examples of control objectives.

This article can also help you: ISO 27001 control objectives – Why are they important? https://advisera.com/27001academy/blog/2012/04/10/iso-27001-control-objectives-why-are-they-important/

These materials will also help you regarding Statement of Applicability and Risk Treatment Plan:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your
Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course
https://advisera.com/training/iso-27001-foundations-course/