A risk class groups risks into tiers (e.g. low, medium, high, critical) and determines what depth of measures is required for each. The assignment is made via the risk matrix based on likelihood and impact. Risks in higher classes require prioritised treatment and closer monitoring. You can also link risk classes to SLA targets: a critical risk might have to be treated within 30 days, for instance. In an ISMS the risk class is the basis for prioritisation in the risk-treatment plan.