CYFOR Blog

CYFOR are proud to announce that preliminary ISO 17025 accreditation has been achieved.

ISO 17025 is an international quality standard for establishing requirements for the competence of testing and calibration laboratories (including digital forensic laboratories) and is awarded by the United Kingdom Accreditation Service (UKAS). It is employed by laboratories to develop their management system for quality, body, and technical operations.

CYFOR’s ISO 17025 accreditation was awarded by UKAS. UKAS are appointed by the government to assess and grant accreditation to organisations that provide services including certification, testing, inspection, and calibration. After a comprehensive assessment by UKAS in June 2021 CYFOR have recently been informed that ISO 17025 accreditation has formally been achieved.

This provides CYFOR with the first steps to a comprehensive ISO 17025 accreditation portfolio and ensures the ongoing competency of the digital forensic laboratory to ensure reliable and accurate results in line with official guidance provided by ILAC G19 (Modules in a Forensic Science Process) and the Forensic Science Regulator’s (FSR) Code of Practice. The ISO 17025 accreditation is limited to those activities demonstrated in the UKAS Schedule of Accreditation, however, it provides clients with an assurance on the transparency of our investigations and confidence in CYFOR to provide a high level of service in everything we do. It is also the first step to further accreditations to be gained and sets CYFOR in good stead to widen the scope in the coming months and years.

In addition to the granting of ISO17025 accreditation for methods detailed in CYFOR’s ISO 17025 schedule of Accreditation CYFOR are pleased to announce that they have also attained accreditation in line with the Forensic Science Regulator’s (FSR) Code of Practice. This achievement will ensure CYFOR’s future as a leading provider of digital forensic services under the rules stipulated by these accreditations.

This accreditation not only provides authoritative assurance of the technical competence of a digital forensic laboratory to undertake specified analyses; but also reviews aspects relevant to the Criminal Justice System, such as continuity of evidence, management of case files, and storage of exhibits.

Gaining ISO 17025 accreditation is an important milestone for CYFOR and will further strengthen our position as a leader in Digital Forensics. We believe it is the correct time to become accredited as we continue to strive towards excellence. I would also like to personally thank the CYFOR team for their dedication and hard work in achieving this goal.

CYFOR Commercial Director – Lawrie Perret-Hall 

CYFOR’s ISO 17025 Accreditation Process

The accreditation process involved a team of assessors who were given access to CYFOR’s Quality Management System (QMS) in January 2021 to ensure that the Quality Manual and all supporting documentation covers the necessary requirements of ISO/IEC 17025, the FSR Codes, and the additional expectations covered in ILAC G19; the aim of which was to ensure that CYFOR has clear technical policies in place supported with effective procedures.

In June 2021, CYFOR’s underwent a four-day assessment process that involved an information security assessment, comprehensive document review, assessment of internal audits, alongside method witnessing of key methods used within the laboratory. This included the physical capture and preservation of data from hard disk drives, solid-state drives, m2.SATA drives, memory cards, and USB flash drives using forensic Imaging tools.  The assessment also included a thorough information security assessment over a two-day period of the Digital Forensic laboratory and associated infrastructure.

CYFOR’s ISO 17025 schedule of Accreditation

CYFOR’s other ISO accreditations

CYFOR is certified compliant with  BS EN ISO9001:2015 Quality Management Systems, which ensures the business remains customer-focused, drives continuous improvement, and provides a high level of service to our clients from initial enquiry through to invoicing.

CYFOR are also certified to BS EN ISO27001:2013 Information Security Management. This provides assurances that robust physical and environmental controls are in place to safeguard client data from potential cyberattacks whilst ensuring long term business continuity.

In addition to ISO certifications, CYFOR holds Cyber Essentials Plus accreditation; an assurance framework that demonstrates a commitment to significantly reducing an organisation’s cyber security vulnerability.