How would a company use risk index numbers/values to determine sample size for protocols (e.g. validation)? If you are in industry- perhaps you can give examples of what occurs in your companies?

For example in my company, if there is a high risk index number, the sample size needed for testing would have to be greater. For example, my company deals with IAB’s and leaks are considered a major failure and the sample size to test leaks would need be greater. However, something like a cosmetic defect is consider a minor risk/failure and would not need a large sample size.