# Risk assessment ## Risk assessment A risk can be evaluated with the following formula: $$ Risk=Probability∗Impact $$ Where the **probability** is the frequency of occurrence of a hazardous event and/or a hazardous element, and the **impact** is the severity of the effects and/or the severity of the consequences of this hazardous event. The impact of a risk is classified by default in 4 categories: * Catastrophic, * Significant, * Medium, * Low. The probability of a risk is classified by default in 4 categories: * Very likely, * Likely, * Possible, * Unlikely. {% hint style="info" %} It's possible to customize the risk levels in Dastra. {% endhint %} ## Risks classification Depending on their level of probability and impact, risks can be classified into several categories: * Intolerable risks; * Risks that must be limited as much as possible; * Acceptable risks either because the probability and/or the severity of the risk is/are negligible compared to other risks. Unacceptable risks are shown in **red** in Dastra. Risks that should be limited as much as possible are represented in **orange** or **yellow** in Dastra. Acceptable risks are shown in **green** in Dastra. ## Gross risk vs. net (or residual) risk A "**gross**" risk is considered without all of the surrounding control systems - organization, various controls, documentation, etc. A "**net**" (or residual) risk, on the other hand, is evaluated by taking into account all the systems already in place and effective. ## Visualization of a risk

## For more information {% content-ref url="../../features/risk-management/attach-a-risk-to-a-processing-activity" %} [attach-a-risk-to-a-processing-activity](https://doc.dastra.eu/en/features/risk-management/attach-a-risk-to-a-processing-activity) {% endcontent-ref %} {% content-ref url="risques-sous-traitants" %} [risques-sous-traitants](https://doc.dastra.eu/en/le-rgpd-en-bref/risk-management/risques-sous-traitants) {% endcontent-ref %}