I am starting a BCP/DR effort here. I have not seen the ISO 27031. Our implementation would be mostly around a SaaS cloud services environment. We just passed our ISO 27K Stage 2 audit. Should I use ISO 22301 or ISO 27031 for BCP/DR guidance? Is there much difference in the two docs?
Answer: This really depends on what would you like to focus - if you want to develop your disaster recovery infrastructure, ISO 27031 would be better. If you would like to develop resilience capability for your whole organization (including the business part), then ISO 22301 is better.
These two standards are quite different, because ISO 27031 is much more technically oriented. Further, you can get certified against ISO 22301 but not against ISO 27031.