Common Responses

A reaction to adverse events, threats or disruptive incidents after they have occurred or started that involves directly addressing the event or threat to manage it and reduce the fall-out from it (e.g., changing all passwords after a major hacking of an organization’s IT infrastructure).

A proactive plan to ensure that the organization continues to function in the face of identified possible adverse events, threats or disruptive incidents. Continuity planning ensures minimally needed functioning of operations and programs and services, including communications to stakeholders on the same (e.g., a plan to have vital data stored on the Cloud, back-up emails addresses and servers, encrypted client data and key messages to clients and funders re: steps being taken in case of an information hack).

A proactive plan that considers immediate steps to be taken after an identified possible adverse event, threat or disruptive incident.
This can include returning operations back to their original state (e.g., assessment and revision of the safety and security of IT systems, training to staff on new IT systems or processes to ensure security of organizational data, communications to stakeholders on any changes to external-facing IT engagement).

For these three planning phases, ASOs benefit from a range of sector-specific supports such as the Ontario Provincial Resource for ASO Human Resources (OPRAH), Ontario AIDS Network (OAN) and other members of HIV Resources Ontario.

When an adverse event, threat or disruptive incident occurs, organizations generally focus on three key planning phases: