ISO 9001:2015, Clause 6.1 introduces the term “actions to address risks and opportunities,” as a replacement for the standard’s previous term, “preventive actions.” The juxtaposition of “risks” and “opportunities” seems to imply a relational nature between the two concepts. But is it still realistic to apply this notion after the beating administered by 2020 and 2021?

I think most organizations would agree that 2020 and 2021 have been a challenge above and beyond anything in the last three decades, as unknown risks to workforce and supply chain have compounded already known, but growing, cybersecurity risks. If we were to take a SWOT approach going into 2022, perhaps we could identify possible opportunities in the risks that are sure to carry over from the past two years.

 …