Queries ISO 27001

Hello, I did a translation of a documentation that I found from English to Spanish and there are things that I do not understand what they refer to, for example:

Information security risk assessment does not require...

What would not be required in this case, define risk acceptance criteria, define sanctions for non-compliance in information security, identification of security risks or identification of risk owners?

Taking into account ISO 27001, the following is required for risk assessment:

• Define a risk assessment process (risk identification, risk analysis, and risk evaluation)
• Define risk acceptance criteria
• Define criteria for performing risk assessment
• Identify risk owners
• Retain documented information about the risk assessment process

Considering that, from your examples, defining sanctions for non-compliance in information security is not required.

For further information, see:

• 6 main steps in risk management https://advisera.com/27001academy/iso-27001-risk-assessment-treatment-management/
• Risk assessment methodology https://advisera.com/27001academy/iso-27001-risk-assessment-treatment-management/#section3
• Risk assessment https://advisera.com/27001academy/iso-27001-risk-assessment-treatment-management/#assessment