Strix's risk assessment is a special form of a gap assessment (see Gap Assessment), as it provides the opportunity to carry out a risk assessment in the event of an identified gap.
The risk parameters such as severity, probability of occurrence, and probability of detection are evaluated during the assessment.
The resulting overall risk assessment can be used to support a risk-based approach. In the case of an identified gap, the overall risk assessment can be used directly during the assessment to decide whether a measure is necessary or whether the risk is accepted without further activities.