03.06.19
NHS Counter Fraud: Who cares about ISO 17025:2005?
Source: NHE May/June 2019
We do, writes Nikki Crook, technical lead of the NHS Counter Fraud Authority’s (NHSCFA) Forensic Computing Unit (FCU).
I work for the NHSCFA, which is leading the fight against NHS fraud at the national level. Our dedicated FCU supports our National Investigation Service with all their investigations. These are typically sensitive, higher value and more complex frauds against the NHS, which may also be “cross-border”, impacting on a number of different NHS bodies.
Our FCU provides a comprehensive and professional forensic computing service to recover digital evidence for use in criminal, civil and disciplinary proceedings. It also provides these forensic services to NHS Scotland’s Counter Fraud Service, NHS Wales’ Counter Fraud Service, the Department of Health & Social Care’s Anti-Fraud Unit, NHS England, and all Local Counter Fraud Specialists. The FCU has two laboratories: in London and Newcastle.
It is not as if we had a choice in whether or not to obtain accreditation to ISO 17025:2005. The establishment of the Forensic Science Regulator (FSR) in 2007 came with the introduction of quality standards with which all forensic laboratories must comply. The FSR made it mandatory that all digital forensic laboratories were to be accredited to ISO 17025:2005 – general requirements for the competence of testing and calibration laboratories.
The standard enables laboratories to demonstrate that they operate competently and generate valid results, thereby promoting confidence in their work nationally and, most importantly, in court: “UKAS accreditation not only provides authoritative assurance of the technical competence of a laboratory to undertake specified analyses, but also reviews particular aspects relevant to the Criminal Justice System, for example, continuity of evidence, management of casefiles, storage of exhibits.”
Back in December 2017 the FCU submitted its documentation for assessment to the United Kingdom Accreditation Service (UKAS) who made assessment visits to both laboratories in August and September 2018. As a result, UKAS identified 64 findings and improvement suggestions, all of which were successfully addressed and involved months of intensive auditing and collaborative working across the organisation.
On 29 March 2019, around three years after the work began to obtain it, the FCU was delighted to receive notification that our application for accreditation had been successful. This has required a great amount of resource and time both from within the FCU and wider organisation, including the implementation of over 100 controlled documents regulating and quality checking every aspect of the FCU’s activities and the continuous auditing of them.
We are one of only 13 organisations with digital forensic capability in the UK who are accredited for the imaging and analysis of computer hard drives. Having two accredited forensic laboratories is a prize that makes all that hard work worth it. We were confident in our work previously – but getting this big tick for our processes and staff from an independent and exacting third party is a boost. That we are officially suitable, fit for purpose and competent adds weight to every witness statement and testimony required for court. It means any defence expert would be able to follow the processes defined by the FCU and use the same software to produce the same results.
The time will come when the FSR gets statutory powers to enforce this accreditation, and the many laboratories without it will no longer be able to operate; fortunately the FCU will not be one of them.
That doesn’t mean the FCU can sit back and relax. We must now continue the good work and extend the scope of accreditation to comply with the latest version of the ISO standard, and maintain compliance with the FSR’s rigorous Codes of Practice; all while providing ‘business as usual’ that meets the very high expectations of our users.
ISO 17025:2005 is playing an important part in the fight against NHS fraud.