In ISO standards, requirements usually describe a management system. ISO standards have a topic, like “Information security” in ISO 27001. In this example, the standard has requirements for the management system for information security. Another example is ISO 9001 which contains requirements for a quality management system.
In ISOPlanner menu ‘Requirements’ you’ll see requirements, if one or more standards are activated. See Activate your standards for more information on this.
Some standards like ISO 27001 also contain controls, which upon activation of the standard will become available in the ‘Controls’ menu. Again, this specific standard is about information security, which means it is concerned with risks regarding information which is stored on assets.
So, requirements are not directly related to specific assets, risks or controls. Rather there may be a requirement to identify and evaluate risks, and use a set of controls to mitigate those risks. Risks are then related to controls in the sense that the controls linked to a risk are implemented with the purpose of mitigating that risk. If an inventory of asset (types) is created in ISOPlanner, they can be related to certain risks, to identify that those risks apply to that asset.