Risk management is a primary concern for any organisation. Its significance has only increased since the start of the COVID-19 pandemic. Organisations need to prepare for all types of threats, both probable (a server breaking down) and improbable (the office being flooded), to ensure that their operations can survive and adapt to continue with BAU (business as usual) in the face of a disaster. Yet risk management isn’t solely about preventing negative outcomes, it is also about an organisation taking a known risk to uncover new opportunities to improve the organisation. For example, the transition of employees to remote working could risk an organisation’s security as an employee could connect their laptop to an unsecure Wi-Fi connection. However, as demonstrated in the pandemic, remote working helped protect employees as the risk of infecting one another with COVID-19 was reduced. Read this pocket guide to understand how: Risk-based management can prepare your organisation for future threats and therefore help the success of a BCP (business continuity plan); To identify whether the opportunities gained from a ‘risky’ decision can outweigh the perceived threat; The principles of ISO 31000 can help your organisation develop a framework for its approach to risk management; The guidelines of ISO 31000 can be interwoven with controls in other standards such as ISO 27001 and ISO 9001; and The organisation must continually review its approach to risk management to stay prepared for the latest threats.