ISO 17025 scalabili...
 
Notifications
Clear all

ISO 17025 scalability research

3 Posts
3 Users
0 Likes
487 Views
socratescymru
(@socratescymru)
Posts: 13
Eminent Member
Topic starter
 

Hello there,

This is my 1st post here so please bare with me. I am currently undertaking a final year research project looking into the effects of ISO 17025 on digital forensic SME's (Small to medium enterprises). As we know ISO 17025 isn't best suited to the digital forensics practises due to it's cost, timescale and shear volume of commitment needed, something which a small company with less than 25 employees do not have. This issue has been seen before with ISO 27001 for Information Security and it's outcome was the Cyber Essentials scheme, a £300 30 question self-certified award. Do we see this as being a possibility for ISO 17025?
Another angle I am researching is should there be 2 levels to the ISO, for example law enforcement dealing with high crime cases like murder, drugs etc; have a higher more comprehensive level to private companies dealing with smaller crimes only such as intellectual property or counterfeit goods.
I am collecting primary research from both public and private bodies of all sizes who have already achieved the award or are currently undertaking it however alternative views/comments would be greatly appreciated.
Many thanks for your time.

 
Posted : 06/03/2018 6:10 pm
(@merriora)
Posts: 44
Eminent Member
 

We recently had an in-depth forum discussion regarding ISO 17025 - Yay or Nay?

https://www.forensicfocus.com/Forums/viewtopic/t=16267/

Did you have a chance to take a look at this thread?

Please be sure to post your final project once complete. This is an interesting topic.

 
Posted : 06/03/2018 7:26 pm
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 

This issue has been seen before with ISO 27001 for Information Security and it's outcome was the Cyber Essentials scheme, a £300 30 question self-certified award. Do we see this as being a possibility for ISO 17025?

IF something like that will happen it will represent a total negation of anything done this far and a direct slap on the face to both the ISO17025 norm (which when/if applied to the intended target of "testing and calibration laboratories" is not as bad as it is depicted) and to all the good people that spent a lot of time and money to actually simil-implement[1] 😯 it.

Another angle I am researching is should there be 2 levels to the ISO, for example law enforcement dealing with high crime cases like murder, drugs etc; have a higher more comprehensive level to private companies dealing with smaller crimes only such as intellectual property or counterfeit goods.

Nice idea, though you will have to add civil, (non-criminal) cases, a third, lower level or possibly a completely separated one.

jaclaz

[1] Meaning that there is IMHO no real way to actually implement it correctly and fully in a digital forensics laboratory, unless of course times and costs are doubled or tripled (or more) and lesser/inferior results are accepted.

 
Posted : 06/03/2018 8:03 pm
Share: