Risk assessment

Learn how to assess the level of a risk with Dastra.

Risk assessment

A risk can be evaluated with the following formula:

Risk=ProbabilityImpactRisk=Probability∗Impact

Where the probability is the frequency of occurrence of a hazardous event and/or a hazardous element, and the impact is the severity of the effects and/or the severity of the consequences of this hazardous event.

The impact of a risk is classified by default in 4 categories:

  • Catastrophic,

  • Significant,

  • Medium,

  • Low.

The probability of a risk is classified by default in 4 categories:

  • Very likely,

  • Likely,

  • Possible,

  • Unlikely.

It's possible to customize the risk levels in Dastra.

Risks classification

Depending on their level of probability and impact, risks can be classified into several categories:

  • Intolerable risks;

  • Risks that must be limited as much as possible;

  • Acceptable risks either because the probability and/or the severity of the risk is/are negligible compared to other risks.

Unacceptable risks are shown in red in Dastra.

Risks that should be limited as much as possible are represented in orange or yellow in Dastra.

Acceptable risks are shown in green in Dastra.

Gross risk vs. net (or residual) risk

A "gross" risk is considered without all of the surrounding control systems - organization, various controls, documentation, etc.

A "net" (or residual) risk, on the other hand, is evaluated by taking into account all the systems already in place and effective.

Visualization of a risk

For more information

Attach a risk to a processing activityVendor risk management

Dernière mise à jour