Journal & Conference Proceeding Publications

ID Code : CSC 0051
Title : Harmonising ISO/IEC 27001 and ISO.IEC 17025 Implementation in the Digital Forensics Department, CyberSecurity Malaysia: A Case Study
Author/s : Sarah Khadijah Taylor & Mohd Zabri Adil Talib
Abstract :

Aimed at providing quality and impartial service, the Digital Forensics Department (DFD) of CyberSecurity Malaysia (CSM) decided, in January 2007, to obtain accreditation from an accreditation body, American Society for Crime Lab Director/Laboratory Accreditation Board (ASCLD/LAB) for its forensics services. The project was scheduled to be delivered in November 2011. The accreditation from ASCLD/LAB was based on the ISO/IEC 17025 General Requirements for the Competence of Testing and Calibration Laboratories and ASCLD/LAB’s own Supplemental Requirements [1]. In the same year, CSM had successfully been certified with ISO/IEC 27001 Information Security Management System. The scope of the certification covered all departments under the CSM. DFD had to conform to both ISO standards, ISO/IEC 27001 as well as ISO/IEC 17025, if they were to succeed in obtaining the accreditation. This was a challenge to DFD because it seemed like a far-fetched task. The questions that arose at that time were:

  1. Can DFD create policies and procedures that are not conflicting with both ISO standards?
  2. How many audits does DFD need to go through every year?
  3. Will the decision to be accredited in ISO/IEC 17025 affect the current implementation of the ISO/IEC 27001 certification?

In this article, we will share with the readers the methods of harmonising the implementation of both standards.

Publication : Forensic Asia (Issue 6), Asian Forensic Science Network
Year Published : December 2014 / December 2015
PDF / Official URL : PDF