trewmte wrote:
Very true jaclaz. The impact of ISO17025 is mentioned at the Peter Sommer link mentioned http://trewmte.blogspot.co.uk/2014/01/fsr-positioning-for-statutory-powers.html
Good to know that an University professor thinks very like me on the specific subject. <img src="images/smiles/icon_smile.gif" alt="Smile" title="Smile" />
Maybe it is good to remind what I believe the generic definition of (technical) norm is (or should be):
A set of rules or compulsory behaviours that betters current level of *something* (like security, safety, health, reliability, etc.) in the specific field at a reasonable cost for society.
The point here is whether these regulations will actually better *anything* in the field AND if the relative costs are "reasonable" (the cost is not only "money", but also "time needed").
I already personally see the "plainer" ISO9001 (which is/was meant for industrial processes) to have been "forced" upon many professions/trades that are inherently not "industrial" but rather "artisan" (or even "artistic") work, the much more restrictive ISO17025 cannot IMHO be fully applied to digital forensics, and - still IMHO - there is the concrete risk that in order to have it applied to a certain extent, the effect will be to slow down (or even stop) the development of "independent" or "new" tools/methods/approaches.
In industry processes tend to be both widely tested and "mature" (at the time they actually enter into the industrial manufacturing/production), digital forensics is neededly, and more so in these times of quick technological evolution/changes, to be much nearer to "research" and/or "experimentation".
jaclaz
↧