The issue of Lab Accreditation has been raised on many lists, but I've slightly different questions to the normal ones asked.
For those of you who perform forensics, rather than data recovery, and who don't operate clean room environments, which of the following do you comply with or are Accredited to?
ISO / IEC 17020: 1998
IEC61340-5-1 & 2
As I have never heard of any of them, I guess none.
The ISO standards are designed to provide formal frameworks for quality management in laboratory environments and technical requirements for the proper operation of a testing laboratory. There are differences within the two standards for the types of work undertaken, but there is potential for overlap. EDS CLEF, a sister organisation, is an ISO/IEC 17025: 1999 Accredited Laboratory for the performance of Infosec evaluations, although the standard is probably better suited for the Accreditation of organisation testing shearing parameters in concrete blocks. ISO/IEC 17025 seems to be used a lot by people doing Asbestos inspections, but it would be equally as applicable to Forensics.
The standards are all about having documented policies, procedures and records, with reproducable and repeatable results, externally audited. To be flippant, it is ISO 9001 for people with screwdrivers, although the standards are far more onerous than ISO 9001.
ISO / IEC 17020: 1998 - General Criteria for the Operation of Various Types of Bodies Performing Inspection
ISO/IEC 17025: 1999 - General requirements for the competence of testing and calibration laboratories
EC61340-5-1 is all about electro-static discharge and countermeasures:
Technical Report IEC61340-5-1 & 2:
Protection of electronic devices from electrostatic phenomena.
What ESD protection do you take when opening up machines and handling hard drives?
Thanks for the detailed explanation Mark, I really didn't have a clue what you were talking about! I thought the correct handling of digital/electronic components was pretty much common sense, Jannet & John, A+ stuff. Use of antistatic matting and wrist straps, etc. I was unaware someone had actually formalised this with a standard. I apologise for being a bit thick, and uncorporate like 🙂
I thought the correct handling of digital/electronic components was pretty much common sense, Jannet & John, A+ stuff. Use of antistatic matting and wrist straps, etc.
It is common sense stuff 😆 , but there is an entire standard/industry built around it. On the Vogon thread we'd been talking about the power of big corporate bodies to skew the market. I guess this could be an example. If we market ourselves, even by inference, as being "more professional" or "more competent" because we can meet these standards and this is accepted, then smaller companies will need to jump through the same hoops or find another regulatory hook to hang their hats on. I was just responding on the Re: Is There a Need for Industry Control? and thinking that these threads all tie together.
Yeah, I guess I've got Corporate going through the middle of me like rock. 😀