There is a growing trend of forensic organizations becoming accredited. This trend is for a variety of reasons, including state requirements, a means for receiving grants, or an organization’s desire to demonstrate that the work they perform is repeatable, reliable, defensible, and performed by competent staff. Once a forensic organization decides they want to become accredited, regardless of the reason, the next step is to determine which accreditation standard is right for them and their different units.
Currently, ISO/IEC 17025 is the most common accreditation standard that forensic organizations choose to comply with, but ISO/IEC 17020 is also an option depending on what disciplines are performed. Each standard is unique and meant for a specific purpose, but it will ultimately be up to the organization to determine whether ISO/IEC 17025 or ISO/IEC 17020 is better suited for their disciplines or if both standards should be utilized.
Testing versus Inspection
ISO/IEC 17025:2017 is the accreditation standard for testing laboratories. It includes requirements common to many ISO standards for management system documentation, document and records control, internal audits, and management reviews. Because ISO/IEC 17025 is specific to testing, the standard also addresses the technical capabilities of the laboratory, including measurement traceability, equipment calibration and maintenance, staff competence, and reporting. Testing would include activities of qualitative or quantitative analysis to identify characteristics of an item, such as dimension, physical structure, or elemental structure. Example disciplines that fit under this standard are forensic biology, toxicology, and controlled substances.
For organizations not performing testing, the ISO/IEC 17020:2012 standard may be more appropriate. This standard is for organizations who perform inspections. Inspection is defined as “the examination of a product, process, service, or installation or their design and determination of its conformity with specific requirements or, on the basis of professional judgment, with general requirements.” This can include numerous activities including the examination of a crime scene and collection of evidence, the evaluation of the crime scene – such as with shooting reconstruction or blood pattern analysis – and also activities such as examination of software and other digital items. ISO/IEC 17020 also includes management system requirements, but emphasizes the need for inspectors or examiners to be highly trained, experienced, and knowledgeable of the items, places, or processes they are inspecting.
The standard also calls attention to the use of “professional judgment” to make determinations. This idea of professional judgment of the inspector and their level of skill and experience is a key factor that separates inspection from testing. In ISO/IEC 17020, the inspector is considered the main resource. As such, the standard includes additional requirements for continuing training, education, and witnessing of inspectors to ensure that the professional judgment of the inspector is maintained and supported. One particular requirement specifies that the organization’s procedures for training include “continuing training to keep pace with developing technology and inspection methods.” One could view this as being similar to the equipment requirements in ISO/IEC 17025 and just as equipment must be calibrated and maintained, the inspector and their knowledge must be maintained under the ISO/IEC 17020 standard via continuing training and education. With that said, if an organization is performing an examination of an item and highly skilled, knowledgeable experts are needed to perform professional judgments as part of the examination and reporting, ISO/IEC 17020 may be the more appropriate standard. Example disciplines that could benefit from this standard are crime scene investigation, digital forensics, and even latent prints.
The following table summarizes the key differences between both international standards:
As stated earlier, crime scene investigation is a great example of a forensic discipline that could benefit greatly from ISO/IEC 17020 accreditation. Let’s start off by defining crime scene investigation. First, a crime scene is any physical scene, anywhere, that may provide potential evidence to an investigator. Crime scene investigation, or examination, refers to an examination where forensic or scientific techniques are used to preserve and gather physical evidence of a crime. In order to locate evidence, one could say the investigator inspects the crime scene, as they must use their professional judgment to determine what tools, techniques, and processes to utilize in order to locate, gather, and preserve evidence. While crime scene investigation and analysis can be considered a sampling activity accredited under ISO/IEC 17025 and assessed to the ISO/IEC 17025:2017 Section 7.3 “Sampling” requirements, there are other activities performed by the crime scene unit that also require review. These include scene evaluation, documentation, and reconstruction. These typically include an evaluative step by the scene examiners taking into account their professional expertise and judgment on the extent of the scene, documentation of the scene, methods for collection that will yield the best results, and appropriate packaging to prevent loss and degradation among other decisions and judgments made. The use of these judgments is where ISO/IEC 17020 comes in.
Digital forensics is another example of a forensic discipline that could benefit greatly from ISO/IEC 17020 accreditation. Digital forensics is the “use of proven scientific methods in the seizure and processing of evidence that is stored in digital or can readily be converted to digital form. This can involve computers, mobile communication devices, digital storage media, internet and network transaction, digital image, analog images, and audio data.” In digital forensics, the electronic device or media in question is considered the crime scene and just like with crime scene investigation, the examiner’s expertise and professional judgment are important in determining which processes to use in order to obtain evidence and yield the best results.
Dual Accreditation
For forensic organizations that are currently accredited to ISO/IEC 17025 for forensic biology, controlled substances, digital forensics, crime scene investigation, and latent prints, for example, the idea moving their digital forensics, crime scene investigation, or even latent prints units to fall under an accreditation to ISO/IEC 17020 may seem like a great idea, but overwhelming. Dual accreditation to both standards would offer a more full-coverage option to ensure that the accreditation is valuable and appropriate for confirming that the work done by the organization is repeatable, reliable, defensible and performed by competent staff. At the same time, though, the idea of dual accreditation can seem daunting. With the 2005 version of ISO/IEC 17025, it would have been tricky operating under the two different standards due to the structural and requirement differences; however, with the release of the 2017 version of ISO/IEC 17025, there is now a great deal of commonality between the two standards as they are now similar in structure and have more crossover between requirements. This allows for forensic organizations to gain accreditation to both standards where needed with less effort than before. In cases where a final determination cannot be made, A2LA will be more than happy to assist the organization in identifying what options are available and making the best choice for their facility and management structure. Also, A2LA WorkPlace Training, A2LA’s preferred training vendor, offers IACET-accredited training courses for ISO/IEC 17025 and ISO/IEC 17020.
In conclusion, with the growing trend of accreditations in the forensic industry, the need for an organization to determine which accreditation standard will work best for them is a common question. ISO/IEC 17025 is for testing laboratories and focuses on equipment, the calibration and maintenance of said equipment, sampling, the setup of the laboratory, measurement uncertainty, and metrological traceability. ISO/IEC 17020 is for inspection bodies and focuses on the inspectors and their professional judgment. For the forensic organizations with disciplines such as forensic biology, toxicology, and controlled substances, ISO/IEC 17025 is the appropriate standard. For the forensic organizations that utilize crime scene and digital forensic units, there is a choice. ISO/IEC 17020 was originally seen as the appropriate standard for these types of activities; however, in the past few years it became acceptable in the industry for these activities to fall under ISO/IEC 17025 accreditation. For organizations that have a combination of the above disciplines, dual accreditation to both standards would offer a more full-coverage option, but the choice is ultimately up to the organization.
For more information about forensic laboratory accreditation, visit A2LA.org/accreditation/forensics or contact A2LA at info@A2LA.org.