1. What I meant by restricting access in the following question "Do we really have to restrict access in case we'd like to access the information systems in the datacenter? We do have a Mobile Device and Teleworking Policy and Clear Screen and Clear Desk Policy which is being implemented." is the fact that the authorized employees can access the data on distance (so they do not have to be in the datacenter). If we decide to include the datacenter in the scope and no other locations (home, office, etc...) the access in these other locations should be restricted. However this is not going to make things easy for the employers and the employees because the datacenter is 71,5km away from the office, this would mean that they have to travel at least 143 km's everyday.
If a Mobile Device & Teleworking Policy and Clear Screen & Clear Desk Policy would not be adequate, would there be another more 'achievable' way how to restrict access?
Answer: First of all, sorry for this confusion.
Use of Mobile Device and Teleworking Policy and Clear Screen and Clear Desk Policy is the proper treatment for situations like that, where you do not have control over some locations from where employees can access information (home, office, etc...), since these policies define secure behavior for teleworkers when they are out of organization premises.
2. I assume the Risk Treatment Table only has to contain the unacceptable risks, right?
Answer: Besides unacceptable risks, the Risk Treatment Table also has to include acceptable risks related to controls you want to make modifications or improvements (e.g., if you want to update a technology related to a control, or setup new parameters).