I’m assuming you are referring to the content of the documentation toolkit.
Considering that, please note that the Risk Assessment Table included in the ISO 27001 toolkit contains separated tabs listing examples of assets, threats and vulnerabilities to be used to fill in the Risk Assessment Table (in the cells of each specific column you can chose an item from a list). The only difference from Conformio platform is that Conformio automatically suggests threats and vulnerabilities, while such functionality does not exist in the Excel sheet from the toolkit.
For further information, see:
- ISO 27001 risk assessment: How to match assets, threats and vulnerabilities https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/
In case you are referring to Conformio, please note that the content of the paper “Diagram of ISO 27001 Risk Assessment and Treatment Process” is a visual presentation of how risk assessment and treatment is performed through the Conformion Risk Register module. You have the same resources available in the Risk Register. It’s only not shown in a graphical format.
For each risk entry you perform the exact same steps:
- when you chose an asset a set of related vulnerabilities is presented
- for each chosen vulnerability, a set of threats is presented
- when impact and likelihood are defined, for those risks calculated as unacceptable, there will be presented suggested controls to treat them.
When you access the Risk Register, there is a video presenting how to perform risk assessment and treatment in Conformio.