1 / 11

Accrediting 18 Digital Evidence Labs: Lessons from an ISO Accreditation Manager

Discover the journey of accrediting 18 digital evidence laboratories under ISO standards. Learn about the challenges, strategies, and lessons learned from an experienced ISO accreditation manager.

workman
Download Presentation

Accrediting 18 Digital Evidence Labs: Lessons from an ISO Accreditation Manager

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Yes it is Possible to Accredit 18 One Analyst Digital Evidence Laboratories Rhesa G. Gilliland, Assistant Laboratory Director

  2. Forensic Laboratory Services (FLS) FLS become responsible for the 18 DEU laboratories in early 2011 Laboratory Director looked for an experienced ISO accreditation manager. Enter on board October 2011

  3. Background • Laboratory Director of a ISO accredited Digital Evidence Laboratory for 4+ years • Directly involved in two rounds of ISO accreditations of the Computer Forensic area • Involved with Digital Evidence since 1997

  4. Situation • Status • 21 Analysts – 18 locations • Embedded in local division offices • Main laboratory legacy accredited • New management (two direct reports managing the 21 analysts) • Minimal policy and procedures • Deadline of 2014 to join the main lab going for ISO

  5. Where to start? • Figure out what existing practices are • Fix immediate issues • Technical reviews and Admin reviews • Commence policy writing • Create policy to align with ISO 17025 and any supplemental requirements • Dealing with distance • How were we going to do tech reviews? • Determining what is evidence

  6. Where to start? • Meetings, meetings, meetings • On-site visits • Records management • Competency Testing • Training Manual

  7. Where to start? • Explain why over and over and over again • Why are we doing this? • We were fine before! • This is taking me away from my casework! • Security • Buy in from local management/law enforcement to create an island of control in their location • Do you want to be in the Chain of Custody?

  8. Where to start? • Equipment • Getting a handle on what is considered critical • Policy says….. • Develop test plans and how to keep the records • Software • What needs to be validated (verified)? • What do we have? • Valid licensed copies? • Creating a list

  9. Struggles • Employee buy-in • Constant changing of policy and procedures • Try out something – If it doesn’t work change it • Reinforcement of process • All management must be on the same page • Interpreting what policy means! • Overthinking and adding more requirements unintentionally

  10. Lessons Learned • Use other’s policy and procedures who have gone through this and tweak to fit your organization • Finding balance • Rapid policy deployment • Effective change • More site visits by Laboratory Director/Quality Assurance Manager

  11. Questions? Rhesa G. Gilliland Assistant Laboratory Director USPIS Forensic Laboratory Services 22433 Randolph Drive, Dulles, VA 20104-1000 W – 703-406-7150 C – 240-506-3757

More Related