ISOs 27000 and 22301

I'm assuming you are talking about ISO 27001, which defines requirements for the ISMS. ISO 27000 defines the vocabulary for ISO 27001 series of standards.

Considering that, regarding disaster recovery, ISO 27001 defines objectives and controls (what must be achieved) related to information security aspects of business continuity, on Annex A, section A.17, but it does not provide guidance on how to implement such controls.

But please note that disaster recovery is required by ISO 27001 only if you have relevant risks, or legal requirements (e.g., laws, regulations, and contracts), that require the implementation of disaster recovery.

In this case, for guidance, you can use either ISO 27002, which provides guidance on the implementation of ISO 27001 Annex A controls, or ISO 22301, but please note that neither are required to be used for ISO 27001 implementation.

These articles will provide you a further explanation about ISO 27002 and ISO 22301:

• ISO 27001 vs. ISO 27002 https://advisera.com/27001academy/knowledgebase/iso-27001-vs-iso-27002/
• How to use ISO 22301 for the implementation of business continuity in ISO 27001 https://advisera.com/27001academy/blog/2015/06/15/how-to-use-iso-22301-for-the-implementation-of-business-continuity-in-iso-27001/

This material will also help you regarding controls implementation:

• ISO 27001 Annex A Controls in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/