Mandatory documents

There are some requirements of procedures in 114 controls in the standard. Do we really need to make procedures? because someone told me that procedures are not required for the new version of 27001. And please tell me, if i cannot involve all the employees of the department for filling of the risk assessment sheet, how can i do it myself?  who will be the asset owner and risk owner for people? (employees, contractors, visitors)

Answer:

Yes, there are some mandatory documents in ISO 27001:2013, including procedures, plans, policies, etc. For example is mandatory the Incident management procedure (clause A.16.1.5). Here you can see a list of mandatory documents (and also non-mandatory) “List of mandatory documents required by ISO 27001 (2013 revision)” : https://advisera.com/27001academy/knowledgebase/list-of-mandatory-documents-required-by-iso-27001-2013-revision/ 
You can perform the risk assessment by yourself, but you will need some information about the departments involved in the scope of the ISMS: assets, threats and vulnerab ilities, consequences and likelihood related to each asset. This article can be interesting for you “How to assess consequences and likelihood in ISO 27001 risk analysis” : https://advisera.com/27001academy/iso-27001-risk-assessment-treatment-management/#assessment And maybe this article can be also interesting for you “ISO 27001 risk assessment: How to match assets, threats and vulnerabilities” : https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/
Generally the asset owner can be for example an IT administrator, and the risk owner can be the head of the IT department. For more information about the risk owners and asset owners, please read this article “Risk owners vs. Asset owners in ISO 27001:2013” : https://advisera.com/27001academy/knowledgebase/risk-owners-vs-asset-owners-in-iso-270012013/