I'm currently working on the 10.3 Appendix 3 Internal Audit Checklist which contains both ISO 27001 checklist but also ISO 22301. I haven't been working with ISO 22301 at any time throughout this project. Is it best practice to audit for 22301 even though this isn't a standard we've paid any attention to? Or should I just delete from the checklist? Afterall it's just a template.
I guess I should just remove the ISO 22301 part from the document, but I just wanted to make sure that an auditor does not expect this part as well.
In case you are implementing only ISO 27001, you can exclude the references to ISO 22301 from your internal audit checklist. A certification auditor will not look for compliance against ISO 22301 if it is not part of the certification scope.
The checklist for ISO 27001 contains all necessary information to cover requirements related to cover continuity of information security in questions related to controls from section A.17.
This article will provide you a further explanation about building a checklist: