In 2011, the Forensic Science Regulator set out deadlines for accreditation of digital forensics Laboratories in “Codes of Practice and Conduct for forensic science providers and practitioners in the Criminal Justice System”. In short, to provide forensic science services to the Criminal Justice System, digital forensics Laboratories, whether public, police or commercial must be accredited to ISO/IEC 17025.
ISO/IEC 17025 is the main standard used by testing and calibration laboratories all over the world. It was not initially designed to cover Digital Forensics and we understand that adapting to meet the requirements seems like a daunting prospect. So we thought that you might like to share in our experiences as we strive to become one of the first ISO accredited Digital Forensics Laboratories in our area of work. So here’s part one of Our Accreditation Journey as recounted by ‘Forensic Phill’ Hatton our Senior Digital Forensics Practitioner.
Achieving this accreditation will continue to provide the confidence, trust and reassurance to all Arcanum Digital Forensics customers that our Digital Forensics Laboratory is technically proficient and able to produce precise and accurate test and calibration data. While Arcanum Digital Forensics have a number of steps still to take to achieve this accreditation, a lot of work has been happening behind the scenes. Consequently we are confident that our quality management system and processes are good enough to have submitted our application to begin the accreditation process and have been informed that a pre-assessment visit by UKAS, the United Kingdom Accreditation service, is planned in August.
The journey towards this point can be traced back to six years ago when, having performed an internal review process to capture what our actual procedures were, we realised that our existing Standard Operating Procedures (SOPs) were somewhat behind the times. So we developed a complete new set of SOPs which we have continued to revise and develop on an ongoing basis. These and our parent company’s ISO 9001 Quality Management policies have provided us with a good starting point for our ISO 17025 processes.
We also had a first attempt at validating our hard drive imaging process. Now we are effectively at Mk 3. Looking back at it now, although the processes were valid, it looked very thin. Our current validation exercises are designed to be code compliant but, more significantly, have given us a much greater understanding of how some of our tools actually work, and in some cases an understanding of their limitations as they sometimes don’t quite do what we expected! As a laboratory there is still more to do and certainly none of us are underestimating the size of the task ahead, especially with mobile telephones, but we now have a validation process that seems to work well.
Importantly, we have tried to embrace ISO/IEC 17025 rather than treat it as a “tick box” exercise. By this, we mean that rather than just have the badge on display, we are determined that the process will genuinely improve our product, provide a better service to our customers and result in a more orderly and less stressful existence for the lab staff!
While there is still a long way to go, the initial work has resulted in some noticeable improvements in the ways we operate and a much more scientific approach to our work. Digital forensics is an investigative process in a way that some other forensic disciplines are not, or at least not to the same degree, but that should not affect the rigor with which we approach casework. And I’m pleased to say that, while I will probably never wear a white lab coat I do feel much more like a forensic scientist now than I did a few years ago.
We’ll let you know how we get on in August. And in the meantime, if you have questions or comments on the way we are tackling accreditation, we’d be delighted to hear from you.