Public Services > Justice

Digital forensic standards revamp on track despite industry cost fears

Neil Merrett Published 06 June 2017

Forensic Science Regulator says survey concerns of practitioners have been considered as part of wider work on developing new best practice to prevent avoidable quality failures


The UK’s Forensic Science Regulator (FSR) is pushing forward with support for new lab standards that will be a core requirement for practitioners working in the criminal justice sector by October amidst some wider stakeholder concerns about their cost effectiveness.

The ISO 17025 standard, devised on the back of consultations with specialists including those providing digital forensics functions such as computer and device examination, will come into force later this year.

However, a recent survey of some 180 practitioners has raised concerns about the potential impact of the new standards on their work, which includes studying geolocation and communications data.

Writing about the findings on social media this month, Peter Sommer, professor of digital forensics at Birmingham City University, said that the Forensic Science Regulator had intended for the standards to be a requirement for anyone working in the criminal justice system.

Any contract undertaken for the police or Crown Prosecution Service (CPS) will be expected to be in compliance with the standards from October this year, but examiners were seen as having deep worries over the provisions, according to the survey findings.

Particular concern was noted about the fees and preparation costs for examiners to gain and work to the certification, particularly considering reductions to police and CPS budgets.  Sommer argued that the findings highlighted fears that the certification costs could come at the expense of work to obtain vital evidence. By contrast, existing good practice guidance and UK Criminal Procedure Rules were seen as already meeting needs for quality digital forensic practice.

“The ISO 17025 is a laboratory calibration standard and appears to work well for labs working with DNA, blood, paint and fibre fragments etc. But digital forensics is different: a PC or smartphone is a whole scene of crime and examinations involve not only the uncovering files and artefacts but interpreting them. ISO 17025 rightly expects high standards of rigour in testing and documenting forensic tools and their associated procedures,” wrote Sommer.

“But digital forensics must track the incredible speed of change of hardware, operating systems, application programs, social media and messaging services. This speed is often faster than the rate at which exhaustive testing can take place. Will we let bad guys go free because of an absence of an ISO 17025 compliance certificate, even if prosecution and defence experts agree?”

The Forensic Science Regulator noted that the survey's responses had been considered as part of wider consultations and work to define the standards in recent years.   However, it is understood that there were no plans to change the incoming regulation and its requirements, which will be kept under review as a matter of policy.

In a statement, the regulatory body said that the standard followed “extensive consultation” with specialists and practitioners, while claiming real benefits had been realised for those who had already gained the accreditation.

“Achieving this standard is crucial as the regulator has previously identified examples of quality failures which could have been avoided,” said a statement from the FSR.

“We are continuing to engage with the industry, and the regulator has run a number of different programmes with both practitioners and the NPCC to help them achieve the new standards.”

In the FSR’s 2016 annual report, published in January, Forensic Science Regulator Dr Gillian Tully noted that the National Police Chiefs’ Council (NPCC) had been engaging with the regulatory body itself and other stakeholders to push for broader adoption of the standards.

While the NPCC had been seeking support for resources to help build knowledge and skills to understand the standard, Tully did note concerns in the report about ensuring broad compliance.

“This is very welcome, but the current progress of many organisations means that, even with additional intervention, it is highly unlikely that they will meet the requirement for accreditation of digital forensic activities by October 2017,” she said at the time.

“This means that for a substantial proportion of digital evidence produced after that date, disclosure of non-compliance will be required.”

The United Kingdom Accreditation Service (UKAS), recognised by the government as the national body to assess world against international standards, works with the Forensic Science Regulator to ensure the effectiveness of the required benchmarks for service providers.

Having been responsible for the accreditation of digital forensic services on a voluntary basis over a number of years, UKAS maintained that ISO 17025 was needed by practitioners.

"The specific quality assurance mechanism covering work entering the criminal justice system and timescales of implementation are set by the Forensic Science Regulator," said a spokesperson for the organisation.

"However, UKAS believes that ISO 17025 is the most appropriate accreditation standard for digital forensics and has not received any formal concerns on the effectiveness of the standard through its work with digital forensic service providers, the FSR and NPCC."

Related articles:

Met closes in on digital forensics procurement choice

Home Office details further £26m in police innovation funding

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.