Factors from a PESTLE analysis are external issues. Considering your organization’s strategic orientation and relevant interested parties you can classify those factors as positive or negative (opportunities or threats). If you do the same exercise for internal factors you can classify them as positive or negative (strengths or weaknesses).
Now, you can match opportunities with strengths or weaknesses, and you can match threats with strengths or weaknesses, and what you get is a set of risks and opportunities.
Although about ISO 9001, perhaps the technique that I use and present in this free webinar on-demand - Context of the organization, interested parties, and scope - - may be useful for you to work with context and interested parties to determine risks.
Please check this information below with more detailed answers: