ISO 17025 ve ISO 9001: Adli Bilişim Laboratuvarlarında Kalite Yönetimi Üzerine Bir İnceleme

Year 2025, Volume: 10 Issue: 1, 18 - 28, 07.03.2025

Halil İbrahim Arican , Nursel Yalçın

Abstract

ISO 17025 and ISO 9001: A Review on Quality Management in Digital Forensics Laboratories

Abstract

In order to operate effectively and efficiently, every organization needs to develop a basic management system that will enable them to achieve success. Many organizations around the world use international standards as a guide to develop their management systems. However, there are no specific standards for developing such a system for digital forensics laboratories. ISO/IEC 17025 is a general standard for testing and calibration competence in laboratories and has been adapted to accredit digital forensics laboratories. There are many uncertainties about how suitable the standard is for digital forensics laboratories, and this requires further research in the field. This standard includes the minimum Quality Management System (QMS) requirements of ISO 17025:2017, compared to ISO 9001:2015, which is designed only for (QMS).
This study focuses on two international standards that are closely related to the management systems to be established in digital forensics laboratories and suggests methodologies that can increase the effectiveness and efficiency of digital forensics laboratories. In the review, the two accreditations were reviewed in terms of their applicability to the field of digital forensics, and their similarities and limitations were compared in their context regarding QMS. Recommendations have been made about a draft standard regarding quality management that will be applied specifically to digital forensic laboratories.

Etkin ve verimli bir çalışma için her organizasyonun, başarıya ulaşmalarını sağlayacak temel bir yönetim sistemi geliştirmesi gerekmektedir. Dünya genelinde birçok organizasyon, yönetim sistemlerini geliştirmek için uluslararası standartları bir rehber olarak kullanmaktadır. Ancak, adli bilişim laboratuvarları için bu tür bir sistemi geliştirmeye yönelik özel bir standart bulunmamaktadır. ISO/IEC 17025, laboratuvarlarda test ve kalibrasyon yeterliliği için genel bir standarttır ve adli bilişim laboratuvarlarını akredite etmek için uyarlanmıştır. Standardın adli bilişim laboratuvarlarına ne derece uygun olduğu konusunda birçok belirsizlik bulunmaktadır ve bu durum, alanında daha fazla araştırma yapılmasını gerektirmektedir. Bu standart, yalnızca Kalite Yönetim Sistemi (KYS) için tasarlanmış olan ISO 9001:2015 ile kıyaslandığında, ISO 17025:2017 minimum KYS gereksinimlerini içermektedir.
Bu çalışma, adli bilişim laboratuvarlarında kurulacak olan yönetim sistemleriyle yakından ilgili iki uluslararası standarda odaklanmakta ve adli bilişim laboratuvarlarının etkinliğini ve verimliliğini artırabilecek metodolojiler önermektedir. İncelemede iki akreditasyon, adli bilişim alanına uygulanabilirliği bağlamında gözden geçirilmiş, benzerlikleri ve sınırlamaları KYS ile ilgili bağlamlarıyla birlikte karşılaştırılmıştır. Kalite yönetimi ile ilgili adli bilişim laboratuvarları özelinde uygulanacak olan bir taslak standart hakkında öneriler sunulmuştur.

Keywords

Digital forensics, Digital forensics laboratory, ISO 9001:2015, ISO/IEC 17025:2017, Standards

References

• Advisera “Clause-by-clause explanation of ISO 9001:2015”. Advisera, 2016. [Online] Available: https://newiso9001.files.wordpress.com/2016/12/clause_by_clause_ explanation_of_iso_9001_2015_en.pdf
• Al Hanaei, E. H., and Rashid, A. (2014). DF-C2M2: A capability maturity model for digital forensics organisations. In 2014 IEEE Security and Privacy Workshops (pp. 57-60). IEEE. Doi: 10.1109/SPW.2014.17
• Armstrong, C. (2012) “Including Stakeholders Perspective in Digital Forensics Programs”. IEEE. 2012 45th Hawaii International Conference on System Sciences, January 2012, Maui, HI, USA., DOI: https://doi.org/10.1109/HICSS.2012.321
• Christensen A.M., Crowder C.M., Ousley S.D. and Houck M.M. (2014) Error and its meaning in forensic science. J Forensic Sci. 2014 Jan;59(1):123-6. doi: 10.1111/1556-4029.12275. Epub 2013 Sep 23. PMID: 24111751.
• Cochran, C. (2015). ISO 9001: 2015 in plain English. Paton Professional.
• Doyle, S. (2018). Quality management in forensic science. Academic Press. FSR “Codes of Practice and Conduct – for forensic science providers and practitioners in the Criminal Justice
• System”. Forensic Science Regulator. Issue 5, 2020. [Online] Available: https://assets.publishing.service.gov.uk/government/uploads/system/ uploads/attachment_data/file/880708/Codes_of_Practice_and_Conduct_-_Issue_5.pdf (Accessed: 18.11.2024).
• Gotzamani, K. D., and Tsiotras, G. D. (2001). An empirical study of the ISO 9000 standards’ contribution towards total quality management. International Journal of Operations & Production Management, 21(10), 1326-1342. doi: 10.1108/EUM0000000005972
• Guo, H., and Hou, J. (2018). Review of the accreditation of digital forensics in China. Forensic sciences research, 3(3), 195. doi:10.1080/20961790.2018.1503526
• Haluszka, E., and Mansour, A. (2023). A Comparative Review of ISO Standards for Digital Forensics Laboratory Accreditation. doi:10.13140/RG.2.2.13619.40480
• Hankins, R., Uehara, T., and Liu, J. (2009, July). A comparative study of forensic science and computer forensics. In 2009 Third IEEE International Conference on Secure Software Integration and Reliability Improvement (pp. 230-239). IEEE. doi: 10.1109/SSIRI.2009.42
• Hatto, P. (2013). European Commission, Directorate-General for Research and Innovation, Hatto, P. (2013) Standards and standardisation : a practical guide for researchers. Publications Office. https://data.europa.eu/doi/10.2777/10323
• Houck, M. M., McAndrew, W. P., Porter, and Davies, B. (2015) “A Review of Forensic Science Management Literature”, Forensic Science Review, 27(1), pp. 54-68, Central Police University Press,Taiwan,2015,[Online]Available: https://www.researchgate.net/publication/301692395_A_Review_of_Forensic_Science_Management_Literature (Accessed: 18.11.2024).
• Hoyle, D. (2017). ISO 9000 Quality Systems Handbook: Updated for the ISO 9001-2018 Standard. Routledge.
• Hykš, O., and Koliš, K. (2014). Development of the Digital Forensic Laboratory Management System Using ISO 9001 and ISO/IEC 17025. IDIMT–Interdisciplinary Information Management Talks. Linz: Trauner Verlag, 87-94. ISO 9001: 2015, Quality management systems, Requirements, 2015. Retrieved from https://www.iso.org/standard/62085.html (Accessed: 07.05.2024).
• ISO/IEC 17025:2017 General Requirements for the Competence of Testing and Calibration Laboratories, 2017. Retrieved from https://www.iso.org/standard/66912.html (Accessed: 07.05.2024).
• Graves, M. W. (2014) “Digital Archeology: The Art and Science of Digital Forensics”. Pearson Education Inc., New York, 2014.
• Marshall, A. M., and Paige, R. (2018). Requirements in digital forensics method definition: Observations from a UK study. Digital Investigation, 27, 23-29. https://doi.org/10.1016/j.diin.2018.09.004
• Medić, S., Karlović, B., and Cindrić, Z. (2016). New standard ISO 9001: 2015 and its effect on organisations. Interdisciplinary Description of Complex Systems: INDECS, 14(2), 188-193. https://doi.org/10.7906/indecs.14.2.8
• Miguel, A. L. R., Moreira, R. P. L., and Oliveira, A. F. D. (2021). ISO/IEC 17025: History and introduction of concepts. Química Nova, 44, 792-796. doi:10.21577/0100-4042.20170726
• Nelson, B., Phillips, A., and Steuart, C. (2010). Guide to computer forensics and investigations (p. 720). Course Technology Cengage Learning.
• Pollitt, M., Caloyannides, M., Novotny, J., and Shenoi, S. (2004). Digital forensics: Operational, legal and research issues. Data and applications security XVII: status and prospects, 393-403. doi: https://doi.org/10.1007/1-4020-8070-0_28
• Rowlingson, R. (2004) “A Ten Step Process for Forensic Readiness”, International Journal of Digital Evidence, 2(3), Taylor and Francis, UK, 2004.
• Schmuck, R. (2021). Comparison of the ESG Guidelines Used in the European Higher Education Sector with the Principles of the ISO 9001: 2015 Quality Management Standard. Quality-access to success, 22(181).
• Sommer, P. (2018). Accrediting digital forensics: what are the choices?. Digital Investigation, 25, 116-120. Dpi: https://doi.org/10.1016/j.diin.2018.04.004
• Stores “Compare ISO 9001:2015 to ISO 17025:2017”, 17025 Store. [Online] Available: https://17025store.com/iso-17025 standards/what-is-iso-17025/compare-iso-90012015-to-iso 170252017/ (Accessed: 18.11.2024).
• Sunde, N. and Dror, I. E. (2019) “Cognitive and Human Factors in Digital Forensics: Problems, Challenges, and the Way Forward”, Digital Investigation, Vol 29, pp. 101-108, Elsevier, UK, June 2019, DOI: https://doi.org/10.1016/j.diin.2019.03.011
• TS EN ISO/IEC 17025 Deney ve kalibrasyon laboratuvarlarının yetkinliği için genel gereklilikler, 2017. Retrieved from https://intweb.tse.org.tr/Standard/Standard/Standard.aspx? (Accessed: 07.05.2024).
• Veber, J. and Klíma, T. (2014). Influence of Standards ISO 27000 Family on Digital Evidence Analysis. Proceedings of the 22nd Interdisciplinary Information Management Talks, 103-114.
• Watson, D. L. and Jones, A. (2013). Digital forensics processing and procedures: Meeting the requirements of ISO 17020, ISO 17025, ISO 27001 and best practice requirements. Newnes.