ISO/IEC 17025/17020 - One-Person Organisation
Having just finished part two of the work study into QA and Laboratory Accreditation MTEB UK SEMINARS 2016 II v03- QA Lab Accreditation.pdf [ http//
Basically Karin's article helps us understand that one, two or three person/s organisation/s should not be put off but can and should apply for ISO/IEC 17020 and 17025 as the requirements are not insurmountable, particularly when it comes to allocation to whom the quality manager's role, audits etc. will be allocated and deemed to be responsible. I also read this to mean that ABs might need to widen their scope to appreciate many roles in a accredited system can be held by one person.
Karin's article is a recommended read.
I'm not 100% sure that article is aimed at digital forensics, as it misses the largest problem with ISO 17025 - its not aimed at Digital Forensics.
As you may know all LE entities in the UK are currently undergoing ISO 17025 accreditation for all of their activities (to be in by late 2017) and the amount of resources this is taking is ridiculous.
Basically, unlike other branches of forensics, there are no such things as established methods which can be adopted by digital forensics labs. This means every method will need validation by the lab and re-validation when software updates etc make changes to it.
For a 1 person organisation to do this, they would either never do any work or just use outdated methods (which is fine according to ISO!) to avoid re-validation.
Anyone volunteering for ISO accreditation in the Digital Forensics field IMHO needs holding for psychiatric evaluation.
Anyone volunteering for ISO accreditation in the Digital Forensics field IMHO needs holding for psychiatric evaluation.
I said the same when someone volunteered for me to write SOP's GN's and validation wink
I feel for you! Though GN's?
As you may know all LE entities in the UK are currently undergoing ISO 17025 accreditation for all of their activities (to be in by late 2017) and the amount of resources this is taking is ridiculous.
Not for all activities…some LE are doing it piecemeal (e.g. don't bite off more than you can chew.) For those areas not run under accreditation…should follow Judges' rules..as per English legal system
Basically, unlike other branches of forensics, there are no such things as established methods which can be adopted by digital forensics labs..
Yes there are, but not covering every aspect of every digital devices and applied techniques. Just because the tool you purchased performs in a certain way doesn't limit you. It requires establishing the method, and importantly, the interface you selected for the examination (if you will), plus the software you chose for the SPECIFIC device under test, to be confirmed. That is to the extent in your absence another competent reviewer can establish and interpret the data the way you did, at first instance.
For a 1 person organisation to do this, they would either never do any work or just use outdated methods (which is fine according to ISO!) to avoid re-validation.
No, Karin's article IMHO states get help in those areas where one person cannot act alone.
Anyone volunteering for ISO accreditation in the Digital Forensics field IMHO needs holding for psychiatric evaluation.
I do understand where you are coming from. But if you knew all along that ISO/IEC 17025 wasn't helping, did you speak out and say "we" (the digital forensic community) need a different system in place? (e.g. no use closing the door after the horse has bolted - may be a reply to your statement).
I do understand where you are coming from. But if you knew all along that ISO/IEC 17025 wasn't helping, did you speak out and say "we" (the digital forensic community) need a different system in place? (e.g. no use closing the door after the horse has bolted - may be a reply to your statement).
I will post a more in-depth post, however AFAIK many forces did reply to the consultation with "this is lunacy" and the answer was "Your going to do it so suck it up".
I do understand where you are coming from. But if you knew all along that ISO/IEC 17025 wasn't helping, did you speak out and say "we" (the digital forensic community) need a different system in place? (e.g. no use closing the door after the horse has bolted - may be a reply to your statement).
I will post a more in-depth post, however AFAIK many forces did reply to the consultation with "this is lunacy" and the answer was "Your going to do it so suck it up".
The LEs I spoke with will only do what they can do. Which is absolutely right.
The same must be said for the private sector.
Are there any private sector companies who hold the accreditation?
Last thing I heard CCL lost theirs recently (or rather its suspended) once they had to abide by the FSR codes of conduct. Although, they still seem to be running the courses on ISO 17025.
Are there any private sector companies who hold the accreditation?
I totally agree with the above, which I similarly referred to in Seminar II regarding very small number accredited; Karin indicates low uptake of accreditation, too.
During my research I did visit UKAS website (to search categories e.g. testing accreditation) using search [ https://
From my search at UKAS I did not find (but could have missed it) a one-person, two-, three- organisation/s having received accreditation, which is perhaps not surprising or a revelation given how new this accreditation scheme is. However, as Karin infers from her article this size of organisations shouldn't be put off; there are ways and means.
For the 2017 deadline, some might not meet that timing but may already be well-advanced in the accreditation process; so slippage beyond the deadline is to be expected (even if unwanted or undesired).
I feel for you! Though GN's?
Yes guidance notes.