"I am a Risk Management Practitioner and I use risk as a general term for Threats (risks with negative impact) and Opportunities (risks with positive impacts). When I started to learn about ISO standards I saw that all of them are using the word risk only for threats. I want to know if, for ISO 9001:2015 implementation it's mandatory to use risks and opportunities (as the standard required) or I can use risk (as I usually do).”
ISO 9000:2015 defines Risk as the effect of uncertainty. Then, in a note adds that an effect is a deviation from the expected - positive or negative. So, ISO 9000:2015 accepts the use of the general word risk both for negative and positive impact. Although when one use the words risk and opportunity is much more easy to distinguish positive from negative effects – remember that many organizations use different methods to evaluate risks and opportunities. For example, many organizations use probability as a factor to evaluate risks and others use effort as factor to evaluate opportunities.
The f ollowing material will provide you information about the risk-based approach: