To define strategic risk assessment separately from operational risk assessment and assign appropriate rankings, first, identify strategic risks that could affect your long-term objectives, such as market changes or regulatory shifts. Develop a unique set of criteria for strategic risks, considering their impact and likelihood For these strategic risks I use clauses 4.1, 4.2 and 6.1.1. Please check this free webinar-on-demand - How to Implement Risk Management in ISO 9001:2015 slide 11. Although it is about ISO 9001, I think it can help.
For operational risks, focus on environmental aspects and impacts and consider abnormal and emergency situations. Then, assign rankings based on the specific criteria for each category. Strategic risks may receive rankings based on their potential impact on long-term goals, while operational risks are ranked according to their daily impact and likelihood.