The provider is responsible for developing the sampling strategies as part of their quality assuring assessment processes. Providers will make these sampling strategies available for the internal verification and external authentication processes, as appropriate.
The internal verifier and the external authenticator will apply the appropriate sampling strategy.