ISO/IEC 17025/17020...
 
Notifications
Clear all

ISO/IEC 17025/17020 One-Person Organisation

10 Posts
3 Users
0 Likes
485 Views
(@trewmte)
Posts: 1877
Noble Member
Topic starter
 

ISO/IEC 17025/17020 - One-Person Organisation

Having just finished part two of the work study into QA and Laboratory Accreditation MTEB UK SEMINARS 2016 II v03- QA Lab Accreditation.pdf [ http//trewmte.blogspot.co.uk/2016/10/qa-and-laboratory-accreditation.html ] I came across this cracking article by Karin Athanas, Program Manager at the American Association for Laboratory Accreditation (A2LA) titled "Accreditation for the One-Person Organization - The smallest laboratories can teach us the biggest lessons." [ http//trewmte.blogspot.co.uk/2016/10/isoiec-1702517020-one-person.html ]

Basically Karin's article helps us understand that one, two or three person/s organisation/s should not be put off but can and should apply for ISO/IEC 17020 and 17025 as the requirements are not insurmountable, particularly when it comes to allocation to whom the quality manager's role, audits etc. will be allocated and deemed to be responsible. I also read this to mean that ABs might need to widen their scope to appreciate many roles in a accredited system can be held by one person.

Karin's article is a recommended read.

 
Posted : 15/10/2016 6:15 pm
minime2k9
(@minime2k9)
Posts: 481
Honorable Member
 

I'm not 100% sure that article is aimed at digital forensics, as it misses the largest problem with ISO 17025 - its not aimed at Digital Forensics.
As you may know all LE entities in the UK are currently undergoing ISO 17025 accreditation for all of their activities (to be in by late 2017) and the amount of resources this is taking is ridiculous.
Basically, unlike other branches of forensics, there are no such things as established methods which can be adopted by digital forensics labs. This means every method will need validation by the lab and re-validation when software updates etc make changes to it.
For a 1 person organisation to do this, they would either never do any work or just use outdated methods (which is fine according to ISO!) to avoid re-validation.
Anyone volunteering for ISO accreditation in the Digital Forensics field IMHO needs holding for psychiatric evaluation.

 
Posted : 15/10/2016 7:13 pm
(@dandaman_24)
Posts: 172
Estimable Member
 

Anyone volunteering for ISO accreditation in the Digital Forensics field IMHO needs holding for psychiatric evaluation.

I said the same when someone volunteered for me to write SOP's GN's and validation wink

 
Posted : 15/10/2016 8:38 pm
minime2k9
(@minime2k9)
Posts: 481
Honorable Member
 

I feel for you! Though GN's?

 
Posted : 15/10/2016 9:17 pm
(@trewmte)
Posts: 1877
Noble Member
Topic starter
 

As you may know all LE entities in the UK are currently undergoing ISO 17025 accreditation for all of their activities (to be in by late 2017) and the amount of resources this is taking is ridiculous.

Not for all activities…some LE are doing it piecemeal (e.g. don't bite off more than you can chew.) For those areas not run under accreditation…should follow Judges' rules..as per English legal system

Basically, unlike other branches of forensics, there are no such things as established methods which can be adopted by digital forensics labs..

Yes there are, but not covering every aspect of every digital devices and applied techniques. Just because the tool you purchased performs in a certain way doesn't limit you. It requires establishing the method, and importantly, the interface you selected for the examination (if you will), plus the software you chose for the SPECIFIC device under test, to be confirmed. That is to the extent in your absence another competent reviewer can establish and interpret the data the way you did, at first instance.

For a 1 person organisation to do this, they would either never do any work or just use outdated methods (which is fine according to ISO!) to avoid re-validation.

No, Karin's article IMHO states get help in those areas where one person cannot act alone.

Anyone volunteering for ISO accreditation in the Digital Forensics field IMHO needs holding for psychiatric evaluation.

I do understand where you are coming from. But if you knew all along that ISO/IEC 17025 wasn't helping, did you speak out and say "we" (the digital forensic community) need a different system in place? (e.g. no use closing the door after the horse has bolted - may be a reply to your statement).

 
Posted : 15/10/2016 9:25 pm
minime2k9
(@minime2k9)
Posts: 481
Honorable Member
 

I do understand where you are coming from. But if you knew all along that ISO/IEC 17025 wasn't helping, did you speak out and say "we" (the digital forensic community) need a different system in place? (e.g. no use closing the door after the horse has bolted - may be a reply to your statement).

I will post a more in-depth post, however AFAIK many forces did reply to the consultation with "this is lunacy" and the answer was "Your going to do it so suck it up".

 
Posted : 15/10/2016 9:48 pm
(@trewmte)
Posts: 1877
Noble Member
Topic starter
 

I do understand where you are coming from. But if you knew all along that ISO/IEC 17025 wasn't helping, did you speak out and say "we" (the digital forensic community) need a different system in place? (e.g. no use closing the door after the horse has bolted - may be a reply to your statement).

I will post a more in-depth post, however AFAIK many forces did reply to the consultation with "this is lunacy" and the answer was "Your going to do it so suck it up".

The LEs I spoke with will only do what they can do. Which is absolutely right.

The same must be said for the private sector.

 
Posted : 15/10/2016 9:56 pm
minime2k9
(@minime2k9)
Posts: 481
Honorable Member
 

Are there any private sector companies who hold the accreditation?
Last thing I heard CCL lost theirs recently (or rather its suspended) once they had to abide by the FSR codes of conduct. Although, they still seem to be running the courses on ISO 17025.

 
Posted : 15/10/2016 11:08 pm
(@trewmte)
Posts: 1877
Noble Member
Topic starter
 

Are there any private sector companies who hold the accreditation?

I totally agree with the above, which I similarly referred to in Seminar II regarding very small number accredited; Karin indicates low uptake of accreditation, too.

During my research I did visit UKAS website (to search categories e.g. testing accreditation) using search [ https://www.ukas.com/accredited-organisations-search-result-more/?col=ukastest&str=digital&post_code= ]. The results returned identified a number of private sector organisations having received accreditation, in addition to public sector organisations (e.g. Constabularies).

From my search at UKAS I did not find (but could have missed it) a one-person, two-, three- organisation/s having received accreditation, which is perhaps not surprising or a revelation given how new this accreditation scheme is. However, as Karin infers from her article this size of organisations shouldn't be put off; there are ways and means.

For the 2017 deadline, some might not meet that timing but may already be well-advanced in the accreditation process; so slippage beyond the deadline is to be expected (even if unwanted or undesired).

 
Posted : 16/10/2016 1:54 pm
(@dandaman_24)
Posts: 172
Estimable Member
 

I feel for you! Though GN's?

Yes guidance notes.

 
Posted : 18/10/2016 11:37 pm
Share: