Answer: ISO 28001 deals with supplier security covering more aspects than ISO 27k series, which covers most Information and Communication Technologies issues. You can map ISO 28001 practices to ISO 27002 controls from section A.15 - Supplier relationships, but I suggest you to take a look at ISO 27036 ( Information security for supplier relationships), which has more detailed information regarding information security with suppliers. You can find this standard on this link: https://www.iso.org/obp/ui/#iso:std:iso-iec:27036:-1:ed-1:v1:en
Regarding the ISO 28001 Annexes, documents from Annex A and B (security assessment and treatment) can be mapped to sections 6.1 (Actions to address risks and opportunities), 8 (Operation), 9 (Performance evaluation) and 10 (Improvement) from ISO 27001.
Unfortunately we do not have a direct mapping document available.