Latest update from the UK regulator
Any thoughts on the newsletter yesterday ?, much to take in. More to come on small operators but little actual hard stuff.
Laughable as usual.
How many different ways, over how many different years, are they going to rephrase "we know it's a big problem for anyone bar the big labs or government funded bodies to realistically do the accreditation....but despite this we're going to insist they're accredited".
It would have been better to state forensic units of under 10 or 20 examiners are exempt from this process until such time as we can propose a sensible way forward.
Of course they won't do that, because that would go against the false mantra of ISO17025 meaningfully improving quality in digital forensics, and that smaller units are all in the "wild west" (or other similarly prejudicial phrases).
@rich2005 "I have yet to address the concerns of smaller forensic units." well, that's pretty honest at least.
@pbeardmore It is indeed...but I'm (sadly) hoping for a bit more than honesty, and instead the tiniest bit of substance to address the issue, rather than treating it as an afterthought, which it clearly still is.
@rich2005 yes, but I am surprised, considering he has been in place since May last year, to go "on the record" re smaller providers and admit the situation in such a binary way (forgive the pun)
@pbeardmore It does at least give something to refer to in that regard:
"more discussion and support is needed regarding smaller forensic units"
"I have yet to address the concerns of smaller forensic units"
"it is clear there will need to be an imaginative approach to setting requirements"
The regulator also says "I look to work closely with...practitioners in this area on developing requirements and I am grateful for the positive approach and suggestions made"
However, if the regulator wants wider engagement, they should scrap the current position of declarations of non-compliance. Put smaller providers back in a state of compliance, such that they can publicly engage with the regulator, and then devise a way forward.
Right now, people won't want to engage, from the position of non-compliance they've unfairly been placed in, or plaster that all over their work (for obvious reasons when it comes to court).
We were a small company supplying specialised services to pretty well every Police Service in the UK and many abroad in the field of payment card and banking crime.
We were able to supply this service free of charge as we were completely funded and supported by the banking community for almost 20 years.
It was very fast and very efficient - computer examination, analysis and immediate data extraction was done within 12 hours so suspects could be interviewed and remanded rather than being released - "pending investigation" - to then run away.
Even Teresa May said she liked it and wanted to see more examples of this Police and Private sector partnership.
We knew just about everything that was going on in our specialist field but after ISO17025 we just closed down all operations in the UK.
I still get calls from Officers in the UK expressing frustration that they cannot get expertise in the UK any more in this area and they are now just not bothering to investigate crimes in this field.
Its a bit like Brexit really - lots of supermarket shortages and no visible benefits.
Posted from a southern European Country.