As for the Annual Internal Audit Program (I think that's one of the mandatory documents), I've seen the preview of the document. At the top it says "Internal audits according to ISO/IEC 27001 and ISO 22301/BS 25999-2 standards will be conducted in the following way". I was wondering why I have to do internal audits for ISO 22301/BS 25999-2 if I just want to be compliant with ISO 27001 for now?
First of all, sorry for this confusion. In fact you do not have to perform internal audits for ISO 22301/BS 25999-2 if you want to be compliant with ISO 27001 only.
The "Annual Internal Audit Program" template was designed to be compliant with both ISO 27001 and ISO 223001/BS 25999-2 (these standards have the same requirements regarding internal audit), so the text on the template covers all these standards, but in the comments included in the template we show which text you can exclude in case you are using the template for only one of these standards.
This article will provide you further explanation about ISO 27001 internal audit:
- How to prepare for an ISO 27001 internal audit https://advisera.com/27001academy/blog/2016/07/11/how-to-prepare-for-an-iso-27001-internal-audit/