Facts, Myths, and Frequently Asked Questions

Below are some commonly expressed Facts, Myths, and Frequently Asked Questions I have heard or read about that will hopefully provide clarity, expert advice, and guidance.

 

Over the years I have heard so many horror stories about the difficulties and inconveniences accreditation presents and have even participated in discussions at the national level about the appropriateness of accreditation in some forensic disciplines to include the applicability of the general ISO/IEC standards 17020 and 17025.  When asked to explain these difficulties, inconveniences, and appropriateness issues almost every answer I received could be linked back to the organization’s misinterpretation of the standard or its inappropriate application; in other words, organizations were adding more requirements to the standard than were necessary, which made them more restrictive, difficult, and inconvenient.

 

An example I like to use to highlight this is:

 

ISO STANDARD REQUIRES: You must have a piece of paper and identify its location.

AN ACCEPTABLE RESPONSE COULD HAVE BEEN: Here is my piece of paper and it is kept in the organizations administrative files

AN OVERZEALOUS RESPONSE THAT I HAVE SEEN: Here is my piece of paper, it is white in color and has blue lines evenly spaced throughout and is 8.5 x 11 inches in size. It contains the details of last year’s budget and is written in blue ink with negative number highlighted in red ink. It is kept in drawer 1 of the administrative file cabinet, which is a HON 510 Series 4 drawer vertical file cabinet, letter size, black in color, and 25” deep.  Each drawer is lockable and is separately keyed.  The keys are logged in the organizations key log, which is located in drawer 2 of the aforementioned administrative file cabinet and duplicates are sealed in labeled envelops, which are secure in the security file cabinet, which is…[I THINK YOU GET THE IDEA]

 

Clearly the overzealous response contains numerous details and applies additional requirements that are NOT REQUESTED OR REQUIRED by the ISO standard. This type of response is typical of the examples I have seen where an organization claims the accreditation standards are overly restrictive when in fact it is their misinterpretation and application of that standard that is the issue.

 

Don’t get me wrong, I too made these very same mistakes back when I started in 2004 and I blame myself for the current indecision challenges digital forensic organizations are experiencing today.  I was one of the early pioneers who helped get DEA’s Digital Evidence Laboratory accredited and I drafted similar responses into their policies and procedures with the “goal” of making it “meaningful and defensible.”  DEA’s Digital Evidence Laboratory was the first digital forensics laboratory to achieve ISO/IEC 17025 accreditation through the American Society of Crime Laboratory Directors/Laboratory Accreditation Board – International (ASCLD/LAB) closely followed by the FBI’s Digital Forensics and Multimedia Laboratory who drafted similar policies and procedures.  These two organizations are now being used as role models and it is terrifying to smaller organizations who believe this is how it needs to be done.

 

WELL I AM HERE TO TELL YOU, IT DOES NOT NEED TO BE DONE THAT WAY!

 

Back in 2014, as laboratory director for CACI’s Digital Forensics Laboratory (CDFL), I hired a Quality Assurance Manager with no forensics or ISO/IEC 17025 experience, but he had over a decade and a half of experience working with ISO 9001, ITIL, and CMMI.  His first task was to familiarize himself with our ISO/IEC 17025 compliant Quality Management System.  After he reviewed, my very DEA/FBI-esk quality assurance manual he proceeded to tear it apart and bled all over it!  It took me a week to recover as I thought I had a perfectly drafted document – boy was I wrong. 🙂  Once I completed reviewing his suggested modifications, I began to see that he was right and we proceeded to remove the unneeded information, which cut the size of our manual down considerably.  We received high praise from our accrediting body assessor, who said, “it was very clear, concise, and easy to follow” and even received zero non-conformities during the last three consecutive surveillance visits and counting.  BEST DECISION I MADE!

 

It is the knowledge and experience that we will pass on to you making you just as successful!

 

 

Did you find this FAQ helpful?
0
0

Comment on this FAQ

This site uses Akismet to reduce spam. Learn how your comment data is processed.

ANSWER: Accreditation is a means of determining the technical competence of testing, calibration and medical laboratories to perform specific types of testing, measurement and calibration. It provides formal recognition that laboratories are competent, impartial and independent, therefore providing a ready means for customers to identify and select reliable testing, measurement and calibration services that are able to meet their needs.

 

For additional information please read: The advantages of being Accredited  (https://ilac.org/publications-and-resources/ilac-promotional-brochures/)

Did you find this FAQ helpful?
0
0

Comment on this FAQ

This site uses Akismet to reduce spam. Learn how your comment data is processed.

ANSWER: NO – The terms “accreditation” and “certification” are sometimes used interchangeably, however, they are not synonymous.1

 

Accreditation is used to verify that laboratories have an appropriate quality management system and can properly perform certain tests, calibrations, or inspections according to their scopes of accreditation.1

 

Certification is used for verifying that personnel have adequate credentials (i.e., skill) to practice certain disciplines, as well as for verifying that processes, systems, products, or events meet certain requirements.1

 

The difference between the two seemingly similar definitions lies in the fact that in the first case, the formal recognition of competence is based on proven technical knowledges and therefore requires the consultation of a technical expert for the scope to be accredited, while the second case primarily involves ensuring conformity with a given norm, e.g. a management system or a product.2

 

Accreditation therefore relates to specific technical tasks such as those of a testing or calibration laboratory, or of a certification or inspection body, for which specific norms set out the required degree of competence.2

 

Many ISO standards include guidance on how to demonstrate a product, person, service or system meets the requirements contained within a standard. How the assessment of conformity is performed-and by whom-can have a significant impact on the level of confidence buyers and regulators place on the assessment results.3

 

In some cases, the supplier may offer a first-party statement of compliance. In others, the buyer conducts his or her own second-party assessment of conformity. Yet another option is to engage a third party that is recognized as being independent of both the provider and intended user.3

 

Please visit the following links for additional resources and information about these conformity assessment terms:

 

  1. (2017, January). Accreditation vs. Certification. Retrieved from https://www.nist.gov/nvlap/accreditation-vs-certification
  2. Directorate of Accreditation Frequently Asked Questions. Retrieved from http://dpa.gov.al/en/faq/what-is-difference-between-accreditation-and-certification
  3. Roger Muse. (2008, June). What’s in a Name: Accreditation vs. Certification?. Retrieved from https://www.qualitymag.com/articles/85483-what-s-in-a-name-accreditation-vs-certification

 

Did you find this FAQ helpful?
0
0

Comment on this FAQ

This site uses Akismet to reduce spam. Learn how your comment data is processed.

ANSWER: It is meant for forensic facilities and NOT for forensic practitioners

 

There seems to be a lot of confusion on this topic, especially in some forensic disciplines.  I have read numerous articles and have been involved in several conversations, which usually revolve around someone’s opinion of “what is more important:” 1) the knowledge, skills, and abilities (KSA) of the forensics practitioner and their ability to get their work into court; or 2) their being accredited.

 

For starters, forensic practitioners are NOT accredited; forensic organizations, facilities, laboratories, etc. are.  Forensic practitioners are certified.

 

Forensic accreditation is organization based and addresses the operational and technical competency of the forensic facility and its ability to manage its administrative and technical operations in a manner that will allow it to produce consistent and reliable results.  

 

Forensic certification is individual based and focuses on a forensic practitioners individual KSAs to perform the work itself to include ensuring its sufficiency for acceptance into court.  Forensic practitioner certifications usually fall into three basic categories: 1) Networks and Computer Hardware (e.g., CompTIA A+, Network+, Security+, CISSP, CCNA, etc.); 2) Vendor Neutral (e.g., CFCE, CCE, GCFE, GCFA, GNFA, etc.); and 3) Vendor Specific (e.g., EnCE, ACE, CCME, etc.)

 

What makes this topic interesting is that most forensic practitioners work for an organization so; you would think the organization’s reputation is just as important as the practitioner’s.

 

 

Did you find this FAQ helpful?
0
0

Comment on this FAQ

This site uses Akismet to reduce spam. Learn how your comment data is processed.

ANSWER: If you are considering seeking accreditation for your facility, the first thing you’ll need to do is contact the appropriate accreditation body to see whether they can accredit your range of testing, calibration or measurement services.  Most accreditation bodies can provide comprehensive accreditation for:

  • facilities undertaking any sort of testing, product or material evaluation, calibration or
    measurement;
  • private or government laboratories;
  • one-person operations or large multi-disciplinary organizations;
  • remote field operations and temporary laboratories.

 

For additional information please read page 7: The advantages of being Accredited  (https://ilac.org/publications-and-resources/ilac-promotional-brochures/)

Did you find this FAQ helpful?
0
0

Comment on this FAQ

This site uses Akismet to reduce spam. Learn how your comment data is processed.

ANSWER: NO. Laboratories can have either all or part of their testing and calibration activities accredited.

 

For additional information please read page 8: The advantages of being Accredited  (https://ilac.org/publications-and-resources/ilac-promotional-brochures/)

 

Did you find this FAQ helpful?
0
0

Comment on this FAQ

This site uses Akismet to reduce spam. Learn how your comment data is processed.

ANSWER: A thorough evaluation of all the elements of a laboratory that contribute to the production of accurate and reliable test data.  The evaluation process can take one to several days, and involves the use of discipline specific technical assessors who evaluate the specific types of testing or measurement being performed. The assessment criteria are based on the international standard ISO/IEC 17025, which is used for evaluating laboratories throughout the world.

 

For additional information please read page 8: The advantages of being Accredited  (https://ilac.org/publications-and-resources/ilac-promotional-brochures/)

Did you find this FAQ helpful?
0
0

Comment on this FAQ

This site uses Akismet to reduce spam. Learn how your comment data is processed.

ANSWER: It depends on your level of ISO accreditation knowledge and your ability to develop and manage an ISO level quality management system.

 

Preparing an organization for ISO accreditation can be a daunting task especially if you are not familiar with ISO standards, their interpretation, and implementation.  Significant time and effort can be spent learning and properly applying the requirements, which can be frustrating further delaying the process.  In situations where a lack of understanding is the challenge, it could take numerous resources several months, if not years, to prepare for accreditation.  In many cases, a lack of understanding is not the only challenge; the size of the organization or facility to be accredited can also delay the process, but only because of the additional work needed to ensure all aspects are addressed.  

 

I have read numerous articles that referenced program development times ranging from 1 – 3 years  for a new “from scratch” program.  At the top end, an organization could spend upwards of 6,000 hours and over $275,000 for a single employee to build out the program with no real assurance it will get them ISO accredited.

 

Based on those numbers and if you do not have the needed ISO accreditation knowledge or the ability to develop and manage an ISO quality management system, then you should probably consider hiring a forensic ISO accreditation consultant.

Did you find this FAQ helpful?
0
0

Comment on this FAQ

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Load More