Assume a senior manager in a University like UC has asked you to conduct a quick review of the organisation's business continuity and disaster recovery planning efforts during the unfolding of the COVID-19 pandemic. The review is to ensure the organisation will be adequately protected around issues directly related to the COVID-19 outbreak.

Q1.1 What would be the major threats to UC that could eventuate from the pandemic and associated government actions?

Q1.2 How would you go about conducting such an exercise? You need to identify the major steps in such a review, the documents that you would need to look at, and the key stakeholders that you may want to talk to along the way. There is no need to discuss the potential outcomes of the review - only focus on the process, stakeholders and issues to be considered.

Section 17 of ISO 27002 may provide some assistance with this.