At the risk drawing fire from everyone, I don't really think ISO27001 is a security certification. We get audited annually against 27k Annex A (basically ~95% of full one) + UK Gambling Commission extras.
The audit focuses far more on technical aspects of business continuity than actual security. There's certainly plenty of overlap, but other than the parts about access controls and "who watches the watchmen" aspect, ISO27k is almost entirely about your ability to recover from even the most devastating disaster. The pragmatic security parts have a bolted-on feeling to ensure the recovery path remains largely uncorrupted.
and to be fair, Information Security is generally accepted to cover Confidentiality, Integrity, and Availability (see: CIA Triad)... so DR/BC are definitely within scope.
The audit focuses far more on technical aspects of business continuity than actual security. There's certainly plenty of overlap, but other than the parts about access controls and "who watches the watchmen" aspect, ISO27k is almost entirely about your ability to recover from even the most devastating disaster. The pragmatic security parts have a bolted-on feeling to ensure the recovery path remains largely uncorrupted.