Before January 2020, if you had asked an organization whether they had considered a pandemic as a risk to the organization, most would have answered no. Recent world events have resulted in issues that have impacted almost every business industry and type of workforce. Many of these organizations were not fully prepared for these world events. Organizations had not considered a pandemic that would have far reaching effects and require employees to work from home.
ISO 9001:2015 introduced the concept of taking actions to address risks and opportunities. Included in this new concept was the requirement to evaluate the effectiveness of actions taken to address your identified risks and opportunities. As organizations have developed these risks and opportunities, there has been varying degrees of the maturity of approaches that have been used. It can probably be said that none or very few of these approaches considered a pandemic