Setting up the Forensic Laboratory

Similar documents
Internal Control. Guidance for Directors on the Combined Code

Australian Bureau of Statistics Management of Business Providers

ELECTRONIC FUND TRANSFERS YOUR RIGHTS AND RESPONSIBILITIES

DOING BUSINESS WITH THE REGION OF PEEL A GUIDE FOR NEW AND CURRENT VENDORS

Teamwork. Abstract. 2.1 Overview

World Accreditation Day

LADDER SAFETY Table of Contents

SABRe B2.1: Design & Development. Supplier Briefing Pack.

professional indemnity insurance proposal form

3.3 SOFTWARE RISK MANAGEMENT (SRM)

Accreditation: Supporting the Delivery of Health and Social Care

ELECTRONIC FUND TRANSFERS YOUR RIGHTS AND RESPONSIBILITIES. l l

Qualifications, professional development and probation

Certified Once Accepted Everywhere Why use an accredited certification body?

Introduction the pressure for efficiency the Estates opportunity

ICAP CREDIT RISK SERVICES. Your Business Partner

IT Governance Principles & Key Metrics

Learning from evaluations Processes and instruments used by GIZ as a learning organisation and their contribution to interorganisational learning

ELECTRONIC FUND TRANSFERS. l l l. l l. l l l. l l l

Business schools are the academic setting where. The current crisis has highlighted the need to redefine the role of senior managers in organizations.

Corporate Governance f o r M a i n M a r k e t a n d a i M C o M p a n i e s

CERTIFICATE COURSE ON CLIMATE CHANGE AND SUSTAINABILITY. Course Offered By: Indian Environmental Society

Message. The Trade and Industry Bureau is committed to providing maximum support for Hong Kong s manufacturing and services industries.

ASSET MANAGEMENT OUR APPROACH

ELECTRONIC FUND TRANSFERS YOUR RIGHTS AND RESPONSIBILITIES. l l. l l. l l. l l

CONTRIBUTION OF INTERNAL AUDITING IN THE VALUE OF A NURSING UNIT WITHIN THREE YEARS

ELECTRONIC FUND TRANSFERS YOUR RIGHTS AND RESPONSIBILITIES. l l l. l l

The BBC s management of its Digital Media Initiative

Frequently Asked Questions

ELECTRONIC FUND TRANSFERS YOUR RIGHTS AND RESPONSIBILITIES

Human Capital & Human Resources Certificate Programs

How To Deiver Resuts

DECEMBER Good practice contract management framework

FINANCIAL ACCOUNTING

APPENDIX 10.1: SUBSTANTIVE AUDIT PROGRAMME FOR PRODUCTION WAGES: TROSTON PLC

COASTLINE GROUP HUMAN RESOURCES STRATEGY Great homes, great services, great people.

Niagara Catholic. District School Board. High Performance. Support Program. Academic

Specification of fibre raw material. For the documentation of fibre raw material:

Income Protection Solutions. Policy Wording

A Description of the California Partnership for Long-Term Care Prepared by the California Department of Health Care Services

Overview of Health and Safety in China

ELECTRONIC FUND TRANSFERS YOUR RIGHTS AND RESPONSIBILITIES. l l. l l

Strengthening Human Resources Information Systems: Experiences from Bihar and Jharkhand, India

Leadership & Management Certificate Programs

A Guide to Understanding the Implications of the Ionising Radiation (Medical Exposure) Regulations in Radiotherapy

Via Federal Express WARNING LETTER Center for Devices and Radiological Health 2098 Gaither Road Rockville. MD 20850

Oracle Project Financial Planning. User's Guide Release

Early access to FAS payments for members in poor health

endorsed programmes With our expertise and unique flexible approach NOCN will work with you to develop a product that achieves results.

INDUSTRIAL PROCESSING SITES COMPLIANCE WITH THE NEW REGULATORY REFORM (FIRE SAFETY) ORDER 2005

Program Management Seminar

Incident management system for the oil and gas industry. Good practice guidelines for incident management and emergency response personnel

1. Executive Summary: The Need for Supply-Chain Risk Management

Management Accounting

Order-to-Cash Processes

Safety Simplified TERZETTO PHARMA METRICS PVT. LTD., Contact Safety Organisation

Federal Financial Management Certificate Program

Integrating Risk into your Plant Lifecycle A next generation software architecture for risk based

DRIVING UNDER THE INFLUENCE ACT

CI/SfB Ro8. (Aq) September The new advanced toughened glass. Pilkington Pyroclear Fire-resistant Glass

Corporate Governance. f o r M a i n M a r k e t a n d a i M C o M p a n i e s

Avaya Remote Feature Activation (RFA) User Guide

Degree Programs in Environmental Science/Studies

A short guide to making a medical negligence claim

PENALTY TAXES ON CORPORATE ACCUMULATIONS

FLAC Legal Divorce v2 band_layout 1 26/06/ :01 Page 1 July 2014 divorce

Budgeting Loans from the Social Fund

Business Banking. A guide for franchises

Example of Credit Card Agreement for Bank of America Visa Signature and World MasterCard accounts

Tackling external fraud

Creative learning through the arts an action plan for Wales

APIS Software Training /Consulting

Value For Money in public sector corporate services. A joint project by the UK Public Sector Audit Agencies

Oracle. L. Ladoga Rybinsk Res. Volga. Finland. Volga. Dnieper. Dnestr. Danube. Lesbos. Auditing Oracle Applications Peloponnesus

The Productive Therapist and The Productive Clinic Peter R. Kovacek, MSA, PT

NatWest Global Employee Banking Eastwood House Glebe Road Chelmsford Essex England CM1 1RS Depot Code 028

College of Registered Psychiatric Nurses of British Columbia. Guidelines Registered Psychiatric Nurses in Independent Practice

Older people s assets: using housing equity to pay for health and aged care

Open University of Mauritius - Essentials of Occupational Safety & Health

... HSA ... Health Savings Account. Custodial. (includes self-direction)

Nordic Ecolabelling of Copy and printing paper - supplementary module

Industry guidance document Checkout workstations in retail - safe design and work practices

SNMP Reference Guide for Avaya Communication Manager

Sage Accounts Production Range

l l ll l l Exploding the Myths about DETC Accreditation A Primer for Students

A guide to listing on the London Stock Exchange

Education Quality Improvement Framework

Transcription:

Chapter 3 Setting up the Forensic Laboratory Tabe of Contents 3.1 Setting Up the Forensic Laboratory 25 3.1.1 Forensic Laboratory Terms of Reference 26 3.1.2 The Status of the Forensic Laboratory 26 3.1.3 The Forensic Laboratory Principes 26 3.1.3.1 Responsibiities 26 3.1.3.2 Integrity 26 3.1.3.3 Quaity 26 3.1.3.4 Efficiency 26 3.1.3.5 Productivity 26 3.1.3.6 Meet Organizationa Expectations 27 3.1.3.7 Heath and Safety 27 3.1.3.8 Information Security 27 3.1.3.9 Management Information Systems 27 3.1.3.10 Quaifications 27 3.1.3.11 Training 27 3.1.3.12 Maintaining Empoyee Competency 27 3.1.3.13 Empoyee Deveopment 27 3.1.3.14 Environment 27 3.1.3.15 Supervision 27 3.1.3.16 Conficts of Interest 27 3.1.3.17 Lega Compiance 27 3.1.3.18 Accountabiity 28 3.1.3.19 Discosure and Discovery 28 3.1.3.20 Work Quaity 28 3.1.3.21 Accredited Certification 28 3.1.3.22 Membership of Appropriate Organizations 28 3.1.3.23 Obtain Appropriate Persona Certifications 28 3.1.4 Laboratory Service Leve Agreements 28 3.1.5 Impartiaity and Independence 28 3.1.6 Codes of Practice and Conduct 28 3.1.7 Quaity Standards 29 3.1.8 Objectivity 29 3.1.9 Management Requirements 29 3.1.10 Forensic Laboratory Poicies 30 3.1.11 Documentation Requirements 30 3.1.12 Competence, Awareness, and Training 30 3.1.13 Panning 30 3.1.13.1 Risk Assessment and Management 30 3.1.13.2 Business Impact Anaysis 30 3.1.13.3 Lega and Reguatory Considerations 31 3.1.14 Insurance 32 3.1.15 Contingency Panning 32 3.1.16 Roes and Responsibiities 32 3.1.17 Business Objectives 32 3.1.18 Laboratory Accreditation and Certification 33 3.1.19 Poicies 33 3.1.20 Guideines and Procedures 33 Appendix 1 - The Forensic Laboratory ToR 33 The Vision 33 Scope and Objectives 33 Deiverabes 34 Boundaries, Risks, and Limitations 34 Roes, Responsibiities, Authority, Accountabiity, and Reporting Requirements 34 Stakehoders 34 Reguatory Framework 34 Resources 34 Work Breakdown Structure and Schedue 34 Success Factors 34 Intervention Strategies 34 Appendix 2 - Cross Reference Between ISO 9001 and ISO 17025 35 Appendix 3 - Confict of Interest Poicy 36 Appendix 4 - Quaity Poicy 36 3.1 SETTING UP THE FORENSIC LABORATORY This chapter is the summary of many sma eements, each of which gives guidance on areas that wi need to be considered from the panning stage onward. A of the eements discussed beow wi need to be addressed both for good management and for preparation for accreditation and certification for the Forensic Laboratory. When initiay setting up the Forensic Laboratory, there are a number of issues that wi need to be considered. Many of these have been touched on in the previous chapters, and some are expanded here, others have dedicated chapters ater in the book. Once the business case (or the equivaent if in government or aw enforcement) has been deveoped, a range of issues wi need to be addressed and these must be documented to describe the fundamenta basis on which the Forensic Laboratory is being estabished and on which it 25

26 Digita Forensics Processing and Procedures wi be run. The first issue that shoud be ceary documented is that of the Forensic Laboratory s Terms of Reference (ToR). There wi aso normay be a ToR for the project to deveop and deiver to the Forensic Laboratory, but the concepts that are given beow hod good for both cases. 3.1.1 Forensic Laboratory Terms of Reference The ToR is the document that serves as the basis of the reationship between the owning organization of the Forensic Laboratory and the team responsibe for carrying out the work. It describes the purpose and structure of the Forensic Laboratory and shows how the scope of the Forensic Laboratory wi be defined and verified. It wi aso provide the yardstick against which the success of the Forensic Laboratory wi be measured. It provides a documented basis for future decisions and for a common understanding of the scope among the stakehoders. The ToR sets out a cear path for the operation of the Forensic Laboratory by stating what needs to be achieved, by whom and when. It identifies the set of deiverabes that satisfy the requirements and the scope and any constraints shoud be set out in this document. The ToR for the operation of the Forensic Laboratory shoud be created during the eariest stages of the project for the estabishment of the Forensic Laboratory immediatey after the business case has been approved. Once the ToR has been approved, there is a cear definition of the scope of the Forensic Laboratory. The ToR wi aso identify the success factors, risks, and boundaries. The ToR needs to be written in some detai and shoud incude the foowing: vision; scope and objectives; deiverabes; boundaries, risks, and imitations; roes, responsibiities, authority, accountabiity, and reporting requirements; stakehoders; the reguatory framework; resources avaiabe; work breakdown structure and schedue; success factors; intervention strategies. A description of the ToR is given in Appendix 1. Once the ToR has been deveoped, a range of other eements that outine how the Forensic Laboratory is structured and how it wi operate need to be deveoped. 3.1.2 The Status of the Forensic Laboratory There shoud be cear statement of the status of the Forensics Laboratory. This shoud define the ownership, the services that it wi offer, the structure of the aboratory, the standards that it wi work to, and the expected customers. This shoud be prepared in some detai as it wi be the foundation for future decisions. 3.1.3 The Forensic Laboratory Principes The Forensic Laboratory sha be run in accordance with the foowing aboratory principes: 3.1.3.1 Responsibiities The Forensic Laboratory reies upon the Laboratory Manager to deveop and maintain an efficient, high-quaity forensic aboratory. The Laboratory Manager hods a unique roe in the baance of scientific principes, requirements of the Crimina Justice System, and the effects on the ives of individuas that may be subject of an investigation that reies on digita forensic evidence. The decisions and judgments that are made in the Forensic Laboratory must fairy represent a interests with which they have been entrusted. Users of the Forensic Laboratory services must be abe to rey on the reputation of the Forensic Laboratory, the abiities of their Forensic Anaysts, and the standards of the profession. 3.1.3.2 Integrity The Forensic Team must be honest and truthfu with their peers, supervisors, and subordinates. They must aso be trustworthy and honest when representing the Forensic Laboratory to outside organizations. 3.1.3.3 Quaity The Forensic Team is responsibe for impementing quaity assurance procedures which effectivey monitor and verify the quaity of the work product of their aboratories. The Forensic Laboratory compies with the requirements of ISO 9001 and ISO 17025. 3.1.3.4 Efficiency The Forensic Team shoud ensure that the Forensic Laboratory s products and services are provided in a manner which maximizes organizationa efficiency and ensures an economica expenditure of resources and personne. 3.1.3.5 Productivity The Laboratory Manager shoud estabish reasonabe goas for the production of forensic casework in a timey fashion. Highest priority shoud be given to cases which have a potentiay productive outcome and which coud, if successfuy concuded, have an effective impact on the enforcement or adjudication process.

Chapter 3 Setting up the Forensic Laboratory 27 3.1.3.6 Meet Organizationa Expectations The Laboratory Manager must impement and enforce the reevant organizationa poicies and procedures and shoud estabish additiona interna procedures designed to meet the ever-changing needs of forensic case processing. 3.1.3.7 Heath and Safety The Laboratory Manager sha be responsibe for panning and maintaining systems that reasonaby assure safety in the Laboratory as we as when the Forensics Team are in the fied. Such systems shoud incude mechanisms for input by the Forensic Team, maintenance of records of injuries, and routine safety inspections as defined by existing Heath and Safety procedures. The Forensic Laboratory compies with the requirements of OHSAS 18001. 3.1.3.8 Information Security The Laboratory Manager sha be responsibe for panning and maintaining the security of the Forensic Laboratory. Security measures shoud incude contro of access both during and after norma business hours. The Forensic Laboratory compies with the requirements of ISO 27001. 3.1.3.9 Management Information Systems The Laboratory Manager sha be responsibe for deveoping management information systems. These systems shoud provide information in a timey manner regarding current and past work carried out by the Forensic Laboratory. 3.1.3.10 Quaifications The Laboratory Manager must hire empoyees of sufficient academic quaifications or experience to provide them with the fundamenta scientific principes for work in the Forensic Laboratory and must be assured that they are honest, forthright, and ethica in their persona and professiona ife. 3.1.3.11 Training The Laboratory Manager sha provide training in the principes and the detais of forensic science as it appies to the Forensic Laboratory requirements. Training must incude handing and preserving the integrity of physica evidence. Before anaysis and casework are performed, specific training for the processes and procedures as we as for the specific toos to be utiized must be undertaken. A fu training program for a Forensic Anaysts and Investigators must be deveoped. 3.1.3.12 Maintaining Empoyee Competency The Laboratory Manager must monitor the skis and proficiency of the Forensic Anaysts on a continuing basis as we as on an annua basis as required by Human Resources procedures. The Forensic Laboratory has an ongoing program of training, awareness, and competency. 3.1.3.13 Empoyee Deveopment The Laboratory Manager must foster the deveopment of the Forensic Anaysts and Investigators for greater job responsibiity by supporting interna and externa training, providing sufficient ibrary resources to permit the Forensic Anaysts and Investigators to keep abreast of changing and emerging trends in forensic science, and encouraging them to do so. The Forensic Laboratory has an ongoing program of training, awareness, and competency. 3.1.3.14 Environment The Laboratory Manager must ensure that a safe and functiona work environment is provided with adequate space to support a the work activities required by the Forensic Laboratory. Faciities must be adequate so that evidence under the contro of the Forensic Laboratory is protected from contamination, tampering, or theft. 3.1.3.15 Supervision The Laboratory Manager must provide the Forensic Anaysts and Investigators with adequate supervisory review to ensure the quaity of their work product. The Laboratory Manager must be hed accountabe for the performance of the Forensic Anaysts and Investigators and the enforcement of cear and enforceabe processes and procedures. The Forensic Anaysts and Investigators shoud be hed to reaistic performance goas which take into account reasonabe workoad standards. The Laboratory Manager must ensure that the Forensic Anaysts and Investigators are not unduy pressured to perform substandard work through case oad pressure or unnecessary outside infuence. The Forensic Laboratory sha have in pace a performance evauation process. 3.1.3.16 Conficts of Interest The Laboratory Manager, the Forensic Anaysts, and the Investigators must avoid any activity, interest, or association that interferes or appears to interfere with their independent exercise of professiona judgment. The Forensic Laboratory Confict of Interest Poicy is given in Appendix 3. 3.1.3.17 Lega Compiance The Laboratory Manager sha estabish and pubish, with appropriate training, operationa procedures in order to meet good procedura, egisative, and good practice requirements.

28 Digita Forensics Processing and Procedures 3.1.3.18 Accountabiity The Laboratory Manager and the Lead Forensic Anayst must be accountabe for their decisions and actions. These decisions and actions shoud be supported by appropriate documentation and be open to egitimate scrutiny. 3.1.3.19 Discosure and Discovery The Forensic Laboratory records must be open for reasonabe access when egitimate requests are made by Officers of the Court or other egitimate requesters. Specific requirements are necessary for the reease of unawfu materia. 3.1.3.20 Work Quaity The Laboratory Manager must estabish a quaity assurance program. The Forensic Anaysts and Investigators must accept responsibiity for evidence integrity and security; vaidated, reiabe methods; and casework documentation and reporting. The Forensic Laboratory compies with the requirements of ISO 9001 and ISO 17025. 3.1.3.21 Accreditation and Certification The Laboratory Manager sha achieve and maintain whichever certifications and accreditation that the Top Management deem necessary. 3.1.3.22 Membership of Appropriate Organizations The Laboratory Manager sha ensure that the Forensic Team joins appropriate professiona organizations and that they are encouraged to obtain the highest professiona membership grade possibe. 3.1.3.23 Obtain Appropriate Persona Certifications The Laboratory Manager sha ensure that the Forensic Team achieves appropriate certifications of both generic and too-specific types to demonstrate their ski eves. 3.1.4 Laboratory Service Leve Agreements A Service Leve Agreement (SLA) is a part of a service contract where the eve of service that wi be provided by the digita forensics aboratory is formay defined. The SLA is sometimes used to refer to the contracted deivery time for the services offered by the Forensic Laboratory (usuay caed the Turn Round Time ) or the quaity of the work. The SLA shoud be considered from the start of the panning and deveopment process to ensure that the Forensic Laboratory wi be structured to the appropriate eve. Service providers normay incude SLAs within the terms of their contracts with customers to define the eve of service that is being provided in pain anguage using easiy understood terms. Any metrics incuded in a SLA must be measurabe and shoud be tested on a reguar basis. The SLA wi aso normay outine the remedia action and any penaties that wi take effect if the deivered service fas beow the defined standard. The SLA forms an essentia eement of the ega contract between the Forensic Laboratory and the customer. The actua structure of the SLA wi be dependent on the services offered by the Forensic Laboratory, but the genera structure of the agreement is as foows: contract; amendments; service description; service avaiabiity; reiabiity; customer support; service performance; change management procedures; security; service reviews; gossary; amendment sheet. If the Forensic Laboratory takes services from either an externa suppier (e.g., Internet Access or utiity suppier) or from the owning organization (e.g., human resources or ogistics), then suitabe SLAs wi need to be agreed with the service provider. 3.1.5 Impartiaity and Independence In order to obtain and retain accreditation to ISO 17025 (genera requirements for the competence of testing and caibration aboratories), there is a requirement for the Forensic Laboratory to be abe to show evidence that its work and resuts are free from undue infuence or pressure from customers or other interested parties and that aboratories working within arger organizations where infuence coud be appied (such as poice aboratories), are free from such infuence and are producing objective and vaid resuts. a 3.1.6 Codes of Practice and Conduct In the United Kingdom, the Forensic Reguator has produced Codes of Practice and Conduct for forensic science a. UK House of Commons, Pubications on Science and Technoogy, http://www.pubications.pariament.uk/pa/cm201012/cmseect/cmsctech/ 855/85506.htm#n129.

Chapter 3 Setting up the Forensic Laboratory 29 providers and practitioners in the Crimina Justice System. These Codes of Practice and Conduct were the first stage in the deveopment of a singe quaity standards framework for forensic science for use in the Crimina Justice System to repace the ad hoc approach to standards that had been used in the past. These Codes of Practice and Conduct were buit on the internationay recognized good practice of ISO 17025 as the preferred standard for forensic science aboratories. An appendix to these Codes of Practice and Conduct provides guidance to dea with the specific requirements for the providers of forensic science services at scenes of incidents based on ISO 17020 (genera criteria for the operation of various types of bodies performing inspection). This standard for inspection bodies is graduay being adopted across Europe as the most appropriate standard for crime scene investigations. The requirements that are described in the Codes of Practice and Conduct and the associated appendices are targeted at three eves: the organization: to outine what is required of it, particuary from the management, with regard to quaity assurance and compiance. Most forensic services are suppied by peope working in organizations and the organizationa cuture with regard to quaity is a major factor. Accountabiity for quaity rests with the management, and each organization is required to nominate a senior manager as the accountabe person ; the practitioner: to outine the professiona standards to which they are expected to perform; and the scientific methodoogy: to ensure that the methodoogy is robust and wi reiaby produce, and continue to produce, vaid resuts. These Codes of Practice and Conduct were deveoped so that they can be appied to a organizations and practitioners whose primary roe is the provision of forensic services into the Crimina Justice System in Engand and Waes. Whie these Codes of Practice and Conduct were designed for the UK community, they are based on sound principes and internationa standards, are a good guideine and a basis for codes of practice for other regions, and have been adopted by the Forensic Laboratory. 3.1.7 Quaity Standards Quaity standards in forensic science are essentia to ensure that the highest possibe standards are maintained by the Forensic Laboratory as a suppier of forensic services. This shoud incude resourcing, training, equipment, processes, and integrity benchmarks such as accreditation. Uness these standards are maintained, there is an increased possibiity that those guity of crimes may not be brought to justice or that those who are innocent may be convicted. Quaity standards in forensic science are best attained through accreditation to the internationa standard ISO 17025, which buids on the oder ISO 9001 standard. However, on its own, ISO 17025 wi not guarantee quaity, as it does not cover areas ike setting of the Forensic Laboratory strategy for a case, or the interpretation of the resuts, or the presentation of the evidence in the Court. A cross reference between ISO 9001 and ISO 17025 is given in Appendix 2. This ceary shows a cose correation, but ISO 17025 has more technica competences in it than ISO 9001. 3.1.8 Objectivity A professiona Forensic Anayst or Investigator, when providing any service, must determine whether there are any threats to compiance with the fundamenta principe of objectivity. These threats wi normay resut from the Forensic Anayst, Investigator (or the Forensic Laboratory itsef) having interests in, or a reationship with any member of the Cient organization. An exampe of a famiiarity threat to objectivity coud be created from a famiy or cose persona or business reationship. Independence of thought is necessary to enabe the professiona Anayst or Investigator to express a concusion, without bias, confict of interest, or undue infuence from others. The existence of threats to objectivity when providing any professiona service wi depend upon the specific circumstances of the engagement and the nature of the work. A professiona Forensic Anayst or Investigator must evauate the significance of any threats and, when necessary, ensure that suitabe measures are taken to eiminate threats or reduce them to an acceptabe eve. Exampes of the types of measures that may be considered incude the foowing: advising the management of the Forensic Laboratory of the potentia threat; the Forensic Anayst or Investigator removing themseves from the case; the Forensic Laboratory having in pace suitabe peer review and supervisory procedures; terminating the reationship that gives rise to the threat. If the measures that have been put in pace to eiminate or reduce threats to an acceptabe eve are not effective, the Forensic Laboratory management must either decine or terminate the contract with the customer. The Forensic Laboratory Confict of Interest Poicy is given in Appendix 3. 3.1.9 Management Requirements There are many ways in which management requirements can be expressed. The Forensic Laboratory has impemented an Integrated Management System (IMS) based on the Pubicy Avaiabe Specification 99 (PAS 99). Fu detais of the IMS are given in Chapter 4.

30 Digita Forensics Processing and Procedures This has aowed the Forensic Laboratory to impement the foowing ISO standards: ISO 15489 Information and documentation Records management; ISO 17020 Conformity assessment Requirements for the operation of various types of bodies performing inspection; ISO 17025 Genera requirements for the competence of testing and caibration aboratories; ISO 22301 Societa security Business continuity management systems; ISO 27001 Information technoogy Security techniques Information security management systems Requirements; ISO 9001 Quaity management systems Requirements; OHSAS 18001 Occupationa Heath and Safety Management Systems; In-house digita forensic procedures. 3.1.10 Forensic Laboratory Poicies In order to assure the integrity of their resuts, the Forensic Laboratory must have appropriate poicies in pace. The impementation of these poicies wi be in the form of practices and procedures that define how the Forensic Laboratory wi operate to meet the reevant good practice and forensic science and quaity standards. The constant deveopments in technoogy mean that there is an ongoing need to update the poicies in order to meet changing aws and reguations in order to prevent unfairness and wrongfu conviction. The Forensic Laboratory poicies must ensure the integrity of any resuts produced. The main purpose of poicies within the Forensic Laboratory is to assure the integrity of resuts and to prevent miscarriages of justice. There are many exampes of mistakes within aboratories. One exampe is the anaysis of the data in the Casey Anthony tria in Juy 2011, when the number of times that she had accessed the internet to search for the word Choroform was initiay reported as 84 times but was ater found to be ony one time. b,c Another exampe is the CD Universe case where the evidence was compromised because the chain of custody was not propery estabished. d Poicies are aso necessary to ensure that the empoyees within the Forensic Laboratory receive and are abe to maintain a suitabe eve of training b. Forensic Data Recovery, Digita Evidence Discrepancies Casey Anthony Tria, Juy 11, 2011, http://wordpress.badeforensics.com/? p¼357. c. The State v. Casey Anthony: Anaysis of Evidence from the Case, Juy 18, 2011, http://statevcasey.wordpress.com/tag/digita-forensics/. d. CD Universe evidence compromised, http://www.zdnet.com/news/cduniverse-evidence-compromised/96132. and certification, and they shoud aso address funding eves and the poicy on investigation of aegations of misconduct or negigence. The poicies shoud aso contain sections on the code of ethics and the reevant standards and reguations. 3.1.11 Documentation Requirements The reevant standards impemented within the Forensic Laboratory wi dictate much of the required documentation for everyday operations. Documented procedures are incuded in the reevant chapters in this book. 3.1.12 Competence, Awareness, and Training A management standards have requirements for competence, awareness, and training. A Forensic Laboratory empoyees must aso be aware of cient requirements and the reevance of their activities. They shoud understand how their actions contribute to achieving the Forensic Laboratory s Quaity Poicy and objectives. This is normay achieved by awareness training, performance reviews, and empoyee participation in interna audit processes. Top Management shoud define the necessary skis, experience, and training required for each roe and identify the records of education, training, skis, and experience that need to be maintained. The Forensic Laboratory Quaity Poicy is given in Appendix 4. 3.1.13 Panning There are a number of actions that need to be taken throughout the panning process. These incude the foowing: 3.1.13.1 Risk Assessment and Management A fundamenta eement of the panning process is the Risk Assessment. The objective of the Risk Assessment is to discover and document the current risks and threats to the business and to identify and impement measures to mitigate or reduce the risks that carry the highest probabiity of occurring or the highest impact. This Risk Assessment document shoud give guidance on how to conduct the Risk Assessment and aso how to evauate and anayze the information that is coected. It shoud aso contain guidance for the organization on how to impement strategies to manage the potentia risks. Risk Management in the Forensic Laboratory is covered in Chapter 5. 3.1.13.2 Business Impact Anaysis The Risk Assessment is ony one part of an overa Business Assessment. The Business Assessment is divided into

Chapter 3 Setting up the Forensic Laboratory 31 two parts, the Risk Assessment and a Business Impact Anaysis (BIA). The Risk Assessment is intended to measure the present risks and vunerabiities to the business s environment, whie the BIA evauates the probabe osses that coud occur as a resut of an incident. To maximize the vaue of a Risk Assessment, a BIA shoud aso be competed. A BIA is an essentia eement of an organization s business continuity pan. The BIA shoud incude an assessment of any vunerabiities and pans for the deveopment of strategies to minimize risk. The BIA describes the potentia risks to the organization studied and shoud identify the interdependencies between the different parts of the organization and which are the critica eements. For exampe, the Forensic Laboratory may be abe to continue to operate more or ess normay if the pumbing system faied but woud not be abe to function if the network faied. As part of a business continuity pan, the BIA shoud identify the probabe costs associated with faiures, such as oss of cash fow, cost of faciity repair, cost of equipment repacement, overtime payments to address the backog of work, oss of profits, etc. A BIA report shoud quantify the importance of the individua eements of the Forensic Laboratory and suggest appropriate eves of funding for measures to protect them. Potentia faiures shoud be assessed in terms of the financia cost and the impact on ega compiance, quaity assurance, and safety. Business Continuity is covered in Chapter 13. 3.1.13.3 Lega and Reguatory Considerations The investigation of crimes invoving digita media and the examination of that digita media in most countries are covered by both nationa and internationa egisation. In crimina investigations, nationa aws normay restrict how much information can be seized and under what circumstances it can be seized. For exampe, in the United Kingdom, the seizure of evidence by aw enforcement officers is governed by the Poice and Crimina Evidence Act (1984) and the Reguation of Investigatory Powers Act (2000) (RIPA). The Computer Misuse Act (1990) provides egisation regarding unauthorized access to computer materia, and this can affect the Investigator as we as the crimina and is a particuar concern for civi investigators who have more imitations on what they are aowed to do than aw enforcement officers. In the United States, one of the pieces of egisation that the investigator must be aware of is the rights of the individua under the Fourth Amendment, which imits the abiity of government agents to search for and seize evidence without a warrant. The Fourth Amendment states: The right of the peope to be secure in their persons, houses, papers, and effects, against unreasonabe searches and seizures, sha not be vioated, and no Warrants sha issue, but upon probabe cause, supported by Oath or affirmation, and particuary describing the pace to be searched, and the persons or things to be seized. According to OLE, e the Supreme Court stated that a seizure of property occurs when there is some meaningfu interference with an individua s possessory interests in that property, United States v. Jacobsen, 466 U.S. 109, 113 (1984), and the Court has aso characterized the interception of intangibe communications as a seizure. See Berger v. New York, 388 U.S. 41, 59 60 (1967). Furthermore, the Court has hed that a search occurs when an expectation of privacy that society is prepared to consider reasonabe is infringed. Jacobsen, 466 U.S. at 113. OLE goes on to state that A search is constitutiona if it does not vioate a person s reasonabe or egitimate expectation of privacy. Katz v. United States, 389 U.S. 347, 361 (1967) (Haran, J., concurring). Another piece of egisation in the United States is the Patriot Act, which provides aw enforcement agents with an increased abiity to use surveiance toos such as roving wiretaps. The Patriot Act introduced important changes that have increased the prosecutoria power in fighting computer crimes. The Patriot Act references the Computer Fraud and Abuse Act (18 U.S.C. } 1030) with both procedura and substantive changes. There were aso changes to make it easier for aw enforcement to investigate computer crimes. Aso reevant piece of egisation in the United States is with regard to border searches. According to the Supreme Court, routine searches at the border do not require a warrant, probabe cause, or even reasonabe suspicion that the search may uncover contraband or evidence. Simiar to the UK s RIPA, since 1968, in the United States, the Wiretap Statute (Tite III), 18 U.S.C. }} 2510 2522 has been the statutory framework used to contro the rea-time eectronic surveiance of communications. When aw enforcement officers want to pace a wiretap on a suspect s phone or monitor a hacker breaking into a computer system, they have to do so in compiance with the requirements of Tite III. The statute prohibits the use of eectronic, mechanica, or other devices to intercept a private wire, an ora, or eectronic communication between two parties uness one of a number of statutory exceptions appies. Tite III basicay prohibits eavesdropping (subject to certain exceptions and interstate requirements) by anyone, everywhere in the United States. e. Hagen E., Searching and Seizing Computers and Obtaining Eectronic Evidence in Crimina Investigations Computer Crime and Inteectua Property Section Crimina Division Pubished by Office of Lega Education, Executive Office for United States Attorneys.

32 Digita Forensics Processing and Procedures In the United States, the Eectronic Communications Privacy Act (ECPA) paces imitations on the abiity of Investigators to intercept and access potentia evidence. In Europe, Artice 5 of the European Convention on Human Rights gives simiar privacy imitations to the ECPA and imits the processing and sharing of persona data both within the EU and with other countries outside the EU. The Convention on Cybercrime (ETS No. 185), aso known as the Budapest Convention on Cybercrime, is an internationa treaty that was created to try to address the harmonization of nationa aws reating to computer crime and Internet crimes in order to improve the investigative techniques and increase cooperation between nations. The Convention was adopted by the Committee of Ministers of the Counci of Europe on November 8, 2001 and was opened for signature in Budapest, ater that month. The convention entered into force on Juy 1, 2004 and by the end of 2010, 30 states had signed, ratified, and acceded to the convention. These incuded Canada, Japan, the United States, and the Repubic of South Africa. A further 16 countries have aso signed the convention but not yet ratified it. The Convention is the ony binding internationa instrument deaing with cybercrime. The Internationa Organization on Computer Evidence is an organization that was estabished in 1999 and has been working to estabish compatibe internationa standards for the seizure of evidence to guarantee the abiity to use digita evidence coected by one state in the Courts of another state. In civi investigations, the reevant aws of many countries restrict the actions that the Investigator can undertake in an examination. Reguations that are in pace with regard to network monitoring and the accessing of persona communications or data stored in the network exist in many countries, and the rights of an individua to privacy is sti an area which is sti subject to decisions in the Courts. This is intended ony to highight the range of aws and reguations that the Investigator wi need to be aware of and that the Forensics Laboratory wi need to ensure that have been taken into account when deveoping the guideines for operationa processes and procedures. 3.1.14 Insurance The Forensic Laboratory must reguary review its insurance coverage to ensure that it is appropriate for the types of insurance required in the jurisdiction and at a eve commensurate with the business undertaken, specific contractua requirements, and the number of empoyees. 3.1.15 Contingency Panning This is activity that is undertaken to ensure that suitabe and immediate steps can be taken by management and staff in the event of an emergency. The main objectives of contingency panning are to ensure the containment of the incident and to imit any damage or injury or oss and to ensure the continuity of the key operations of the organization. The contingency pan identifies the immediate actions that shoud be taken and aso the onger-term measures for responding to incidents. The process of deveoping the contingency pan invoves the identification of critica resources and functions and the estabishment of a recovery pan that is based on the ength of time that the enterprise can operate without specific functions. The pan wi be a iving document and wi need to be continuousy updated to keep pace with changes in reguations, the environment, and the work taking pace within the Forensic Laboratory. The contingency pan wi need to be documented in straightforward terms and tested at reguar intervas to ensure that it is effective and that a of the parties invoved understand their roes and responsibiities. Contingency pans are part of business continuity panning. Business Continuity is covered in Chapter 13. 3.1.16 Roes and Responsibiities The roes of a Forensic Laboratory empoyees must be defined together with the responsibiities that are reated to that roe. Specific job roes are given in the reevant chapters reating to the impemented management systems. 3.1.17 Business Objectives It is common for business objectives to be set in financia terms; however, not a objectives have to be expressed in these terms. Ideay objectives shoud adhere to the SMART acronym, which describes five characteristics: S Specific; M Measurabe; A Achievabe; R Reaistic; T Time Bound. Objectives coud incude the foowing: desired throughput and profit eves; amount of income generated; vaue of the business or dividends paid to sharehoders; quaity of customer service; innovation.

Chapter 3 Setting up the Forensic Laboratory 33 3.1.18 Laboratory Accreditation and Certification Accreditation is something that the Forensic Laboratory wi normay aspire to achieve at the eariest opportunity. The most widey recognized accreditation is ISO17025. Once accreditation has been achieved, the activities of the Forensic Laboratory wi be monitored on a periodic basis by the reevant accreditation body. Once it has been achieved, the Forensic Laboratory must compy with specific criteria reating to the aboratory s management and operations, personne, and physica pant in order to maintain its accreditation. The criteria and standards address the areas of aboratory administrative practices, procedures, training, evidence handing, quaity contro, anaysis protocos, testimony, proficiency testing, personne quaifications, space aocation, security, and a number of other topics. The issue of aboratory accreditation and certification is deat with in much greater detai in Chapter 19. 3.1.19 Poicies The Forensic Laboratory has deveoped poicies that contain cear statements covering a of the major forensic issues, incuding subcontracting; contacting aw enforcement; carrying out monitoring; and conducting reguar reviews of forensic poicies, guideines, and procedures. At the top eve, the Forensic Laboratory s poicies must ony aow authorized personne to carry out their tasks which may incude monitoring systems and networks and performing investigations. The Forensic Laboratory may aso need a separate poicy to cover incident handers and other forensic roes. There is a requirement for the poicies to be reviewed and updated at frequent intervas because of changes in technoogy or changes to aws and reguations, as we as to take account of new court ruings. The Forensic Laboratory case handing poicies must aso be consistent with other poicies, incuding poicies reated to privacy. 3.1.20 Guideines and Procedures The Forensic Laboratory has deveoped and maintains guideines and procedures for carrying out a tasks reating to processing forensic cases and management systems. These sha be based on the parent organizations poicies (if there is a parent organization), consistent with them and a appicabe aws. The Forensic Laboratory s forensic guideines sha incude genera guideines for investigations and sha aso incude step-by-step procedures for performing the routine tasks, such as the imaging of a hard disk or the capturing of voatie data from ive systems. The reason for deveoping these guideines and procedures is that they wi hep to ensure that there is consistency in the way in which materia is processed. This wi ead to good practices and a consistent approach to tasks within the Forensic Laboratory and wi ensure that the cases are a processed to the same standard whether it is anticipated that they wi go to the Court or not. It wi aso ensure that evidence coected, for exampe, for a case that starts off as an interna discipinary action into computer misuse, can be used if it discovered that there was a more serious crime that may ead to a prosecution. By using guideines and poicies to ensure consistency, the integrity of any data that is used or resuts that are created can be demonstrated. The guideines and procedures wi support the admissibiity of any evidence produced in the aboratory into ega proceedings. If tasks are outsourced to externa third parties, the way in which the Forensic Laboratory engages with the third party and the way in which they are engaged and the materia that is provided to them and recovered from them sha be described in the guideines and poicies. Normay, when a third party carries out work in behaf of the Forensic Laboratory, the contract with the third party wi require that they adhere to the Forensic Laboratory s handing and processing standards. The process of outsourcing is covered in Chapter 14. Once the guideines and procedures have been deveoped, it is important that they are reguary reviewed and maintained so that they remain accurate and represent the current aws, technoogy, and good practice. The frequency with which they are reviewed and updated wi be determined by Top Management and shoud be reguar but may aso be infuenced by changes in the reevant aws or technoogies. APPENDIX 1 - THE FORENSIC LABORATORY TOR THE VISION A short statement, normay of one or two paragraphs, which expains the mandate given to the team and defines the reason for the Forensic Laboratory s creation and its purpose. SCOPE AND OBJECTIVES It is essentia to define the scope of the work that is to be conducted by the Forensic Laboratory. The ToR shoud specify the work to be undertaken and the types of deiverabes from this work. It shoud aso give timescaes for the production of deiverabes.

34 Digita Forensics Processing and Procedures DELIVERABLES The deiverabes of the Forensic Laboratory shoud be defined. This shoud not ony incude the outcome of the investigations but aso the interna deiverabes such as accounts, audits, and test resuts and reports. BOUNDARIES, RISKS, AND LIMITATIONS This section describes where the process/system/operation of the Forensic Laboratory starts and ends. A statement of the authority deegated to the Forensic Laboratory to impement change and any powers given to it shoud be incuded. It is in this section that the systems, poicies, procedures, reevant egisation, etc., shoud be mentioned. The risks shoud aso be detaied. ROLES, RESPONSIBILITIES, AUTHORITY, ACCOUNTABILITY, AND REPORTING REQUIREMENTS The Forensic Laboratory poicy shoud ceary define the roes and responsibiities of a peope working within the Forensic Laboratory. It sha detai the roes, responsibiities, and functions of each empoyee and ceary define the authority that is associated with each of the roes. It shoud aso define the accountabiity associated with each of the roes and the reporting requirements for each roe and task. It sha incude the actions to be performed during both routine work activities and an incident. The poicy sha ceary indicate who is responsibe for, and authorized to contact which interna teams and externa organizations and under what circumstances. STAKEHOLDERS It is important to identify the main stakehoders and their interests, roes, and responsibiities. The stakehoders wi incude the representatives of the owning organization, Forensic Laboratory empoyees, Cients and may extend to other parties who have an interest in the efficient running of the Forensic Laboratory. REGULATORY FRAMEWORK The ega, institutiona, and contractua framework for the operation of the Forensic Laboratory needs to be stated. This shoud incude reguations of regiona bodies such as the European Union, Federa (Nationa), State (Provincia), or Municipa Governments, and any egisation or poicies and practices that pertain to parent corporations, partnerships, etc. RESOURCES The resources identified shoud incude rea estate, empoyees, equipment, and support services. The eements that need to be considered wi incude the foowing: administrative support; avaiabe budget; empoyees; materias and suppies; other supporting functions (e.g., security); resources avaiabe and how they are to be accessed; information processing equipment (business and forensic); training requirements and how this wi be provided. WORK BREAKDOWN STRUCTURE AND SCHEDULE The work breakdown structure is a ist of tasks that require action. When the individua tasks are considered together with reevant dependencies and timeines are introduced, then the schedue is created. The work that is to be undertaken by the Forensic Laboratory is broken down into smaer and smaer tasks that eventuay become the work breakdown structure. Additiona detais of task durations and dependencies wi be required to aid in the buiding of the schedue. SUCCESS FACTORS Success Factors (SFs), aso sometimes referred to as Critica Success Factors, are the measure of those factors or activities required for ensuring the success of the Forensic Laboratory. They are used to identify a sma number of key factors that the Forensic Laboratory wi need to focus on to be successfu. SFs are important as they are things that are capabe of being measured and because of this they get done more often than things that are not measured. Each SF shoud be measurabe and associated with a target goa. Primary measures that shoud be incuded are aspects such as success eves for areas such as the number of jobs processed in the month and number of hours spent on each task. SFs shoud be identified for any of the aspects of the business that are identified as vita for defined targets to be reached and maintained. SFs are normay identified in such areas as aboratory processes, staff and organization skis, toos, techniques, and technoogies. SFs wi inevitaby change over time as the business undertaken by the aboratory changes. INTERVENTION STRATEGIES These shoud cover the contingency pans for any emergency and shoud define what constitutes an emergency.

Chapter 3 Setting up the Forensic Laboratory 35 APPENDIX 2 - CROSS REFERENCE BETWEEN ISO 9001 AND ISO 17025 ISO 9001 ISO 17025 Cause 1 Cause 1 Cause 2 Cause 2 Cause 3 Cause 3 4.1 4.1, 4.1.1, 4.1.2, 4.1.3, 4.1.4, 4.1.5, 4.2, 4.2.1, 4.2.2, 4.2.3, 4.2.4 4.2 1 4.2.2, 4.2.3, 4.3.1 4.2.2 4.2.2, 4.2.3, 4.2.4 4.2.3 4.3 4.2.4 4.3.1, 4.12 5.1 4.2.2, 4.2.3 5.1 a) 4.1.2, 4.1.6 5.1 b) 4.2.2 5.1 c) 4.2.2 5.1 d) 4.15 5.1 e) 4.1.5 5.2 4.4.1 5.3 4.2.2 5.3 a) 4.2.2 5.3 b) 4.2.3 5.3 c) 4.2.2 5.3 d) 4.2.2 5.3 e) 4.2.2 5.4.1 4.2.2 c) 5.4.2 4.2.1 5.4.2 a) 4.2.1 5.4.2 b) 4.2.1 5.5.1 4.1.5 a), 4.1.5 f), 4.1.5 h) 5.5.2 4.1.5 i) 5.5.2 a) 4.1.5 i) 5.5.2 b) 4.11.1 5.5.2 c) 4.2.4 5.5.3 4.1.6 5.6.1 4.15 5.6.2 4.15 5.6.3 4.15 6.1 a) 4.10 6.1 b) 4.4.1, 4.7, 5.4.2, 5.4.3, 5.4.4, 5.10.1 ISO 9001 ISO 17025 6.2.1 5.2.1 6.2.2 a) 5.2.2, 5.5.3 6.2.2 b) 5.2.1, 5.2.2 6.2.2 c) 5.2.2 6.2.2 d) 4.1.5 k) 6.2.2 e) 5.2.5 6.3.1 a) 4.1.3, 4.12.1.2, 4.12.1.3, 5.3 6.3.1 b) 4.12.1.4, 5.4.7.2, 5.5, 5.6 6.3.1 c) 4.6, 5.5.6, 5.6.3.4, 5.8, 5.10 6.4 5.3.1, 5.3.2, 5.3.3, 5.3.4, 5.3.5 7.1 5.1 7.1 a) 4.2.2 7.1 b) 4.1.5 a), 4.2.1, 4.2.3 7.1 c) 5.4, 5.9 7.1 d) 4.1, 5.4, 5.9 7.2.1 4.4.1, 4.4.2, 4.4.3, 4.4.4, 4.4.5, 5.4, 5.9, 5.10 7.2.2 4.4.1, 4.4.2, 4.4.3, 4.4.4, 4.4.5, 5.4, 5.9, 5.10 7.2.3 4.4.2, 4.4.4, 4.5, 4.7, 4.8 7.3 5, 5.4, 5.9 7.4.1 4.6.1, 4.6.2, 4.6.4 7.4.2 4.6.3 7.4.3 4.6.2 7.5.1 5.1, 5.2, 5.4, 5.5, 5.6, 5.7, 5.8, 5.9 7.5.2 5.2.5, 5.4.2, 5.4.5 7.5.3 5.8.2 7.5.4 4.1.5 c), 5.8 7.5.5 4.6.1, 4.12, 5.8, 5.10 7.6 5.4, 5.5 8.1 4.10, 5.4, 5.9 8.2.1 4.10 8.2.2 4.11.5, 4.14 8.2.3 4.11.5, 4.14, 5.9 8.2.4 4.5, 4.6, 4.9, 5.5.2, 5.5.9, 5.8, 5.8.3, 5.8.4, 5.9 8.3 4.9 8.4 4.10, 5.9 8.5.1 4.10, 4.12 8.5.2 4.11, 4.12 8.5.3 4.9, 4.11, 4.12 Continued

36 Digita Forensics Processing and Procedures APPENDIX 3 - CONFLICT OF INTEREST POLICY This poicy describes the Forensic Laboratory Confict of Interest Poicy for a work undertaken, incuding digita forensics, genera management consutancy, and reguatory work. There is no right or wrong approach to handing potentia conficts of interest. Utimatey, the issue is about the appication of common sense within a egisative, reguatory, contractua, or ethica framework. The key principes to any effective poicy are as foows: Define a confict of interest in reation to the Forensic Laboratory: Woud there have to be some persona financia or other interest for a Forensic Laboratory empoyee for a confict of interest to be considered, or woud historica connection to the beneficiary of a decision be sufficient to trigger the procedures; Consider the future ikeihood of such conficts: Is the confict of interest ikey to be exceptiona in which case the empoyee s membership of the decision-making body is unprobematic, or woud it be so frequent that it might be best to consider aternative membership of the counci; Agree the method of decaring an interest: This may be a written decaration competed annuay before undertaking a task (project, case, etc.) or may be prior to a meeting, etc.; Agree the method of addressing the confict: Again, there are numerous ways of addressing a confict of interest. The empoyee in question might absent themseves competey from a consideration or they may participate in the discussion but not the decision. Each case wi be decided on the factors invoved; It is the Forensic Laboratory s poicy to have an open, transparent, fair, objective, customer-focused, yet accountabe process for any possibe confict of interest. The Forensic Laboratory owes contractua duties, as we as a duty of care, to a of its Cients, and this must be observed and compied with, as we as be seen to be observed and compied with; The aim of this poicy is to protect the Forensic Laboratory and a empoyees from the appearance of an impropriety; At the start of any the Forensic Laboratory case or assignment, the empoyees invoved must consider the scope of the assignment and consider if they have now, in the past, or in the foreseeabe future, any possibe conficts of interest reating to the assignment. These may arise from such issues as: persona, or famiia invovement, with someone who is invoved in the management of the contract of the assignment; persona, or famiia invovement, with someone who is the subject of a forensic case or assignment; a breach of the code of ethics of any professiona organization of the organization that any empoyee on the case or assignment may beong to or be bound by; the offer (or acceptance) of any inducement; hospitaity; or gift that may impair, imit the extent, rigor, or objectivity in the performance of the assignment, case, or project; having a financia interest in the outcome of the case or assignment; impaired decisions or actions that may not be in the best interest of the Forensic Laboratory s Cient or the Court; a perception that the Forensic Laboratory or its empoyees are acting impropery because of a perceived confict of interest. Where a possibe confict is identified after the start of any assignment, it must be brought to the attention of the Laboratory Manager, who has accountabiity and responsibiity for Compiance and Governance, as soon as is practicaby possibe, and within 24 hours at the maximum. As soon as the confict is identified, the empoyee shoud excuse themseves from any decision taking unti the confict has been resoved. In some cases, it wi be necessary for the empoyee to excuse themseves from any work on the case or assignment. This is specificay the case for forensic work and may be appicabe in other assignments, as identified. In some cases, a Decaration of Interest Form wi be required to be executed before each assignment, and in other cases, an annua (or reguar) decaration wi be required. Where a confict is decared to the Laboratory Manager, they wi take such action as they see fit to both decare and resove the confict. This may (and probaby wi) invove communication with the other parties in the case or assignment. A discussions and decisions sha be regarded as records and be retained and secured appropriatey. A possibe or actua conficts of interest sha be investigated thoroughy, quicky, impartiay, and a reevant parties sha be advised of the outcome. A review of a conficts and possibe conficts is undertaken at Management Reviews. This poicy is issued and maintained by the Laboratory Manager, who aso provides advice and guidance on its impementation and ensures compiance. A the Forensic Laboratory empoyees sha compy with this poicy. APPENDIX 4 - QUALITY POLICY The Forensic Laboratory is committed to good quaity practice. The objective for a empoyees is to perform their

Chapter 3 Setting up the Forensic Laboratory 37 activities in accordance with the Forensic Laboratory standards to ensure that a the products and services provided meet those standards and meet or preferaby exceed the Cient s expectations. Management strives to underine this approach in a their day-to-day activities. Quaity at the Forensic Laboratory is measured by Key Performance Indicators (designated as Quaity Objectives) which Top Management review and set each year to ensure that the Forensic Laboratory and its empoyees attain quaity standards, and to ensure continuous improvement of the defined Quaity Objectives. Quaity is the responsibiity of a empoyees. Each empoyee sha ensure that they are famiiar with those aspects of the Forensic Laboratory s poicies and procedures that reate to their day-to-day work and understand how their contribution affects the Forensic Laboratory s products and services. The Key Performance Indicators which define the Forensic Laboratory Quaity Objectives are set out in Panning within the Business in Chapter 6, Section 6.2.2.1. The scope of the Quaity System impemented at the Forensic Laboratory is the whoe of the digita forensics operations undertaken. It is the Forensic Laboratory s poicy to: ony purchase from approved suppiers, who sha be reguary audited, this incudes a outsourcing partners (Chapter 14); hande a Cient feedback, incuding compaints, in an effective and efficient manner and use them as input to continuousy improve the Forensic Laboratory s products and services (Chapter 6, Section 6.14); ensure that a agreed Cient requirements are met; impement a process of continuous improvement (Chapter 4, Section 4.8 and Appendix 14); ensure that a empoyee training needs are identified at a Training Needs Anaysis as part of the empoyee s annua appraisa process or as required (Chapter 4, Section 4.6.2 and Chapter 18, Section 18.2.2). Where a Cient requests that the Forensic Laboratory conform to their own Quaity System, the Forensic Laboratory sha appy this system as described in Chapter 6. This poicy is issued and maintained by the Quaity Manager who aso provides advice and guidance on its impementation and ensures compiance. A the Forensic Laboratory empoyees sha compy with this poicy.

Intentionay eft as bank

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information