Subscribe to receive more articles like this: Print/digital | Webfeed (RSS)

By: John J. Barbara  
Issue: June/July 2007

Previous columns discussed implementing an overall Quality Assurance Program (QAP) for a Computer Forensics Section. Two essentials of an effective QAP are the Quality Manager (QM) and a documented Quality Assurance Manual (QAM). Of all the duties and responsibilities assigned to the QM, probably none is more important than developing and/or maintaining a QAM and ensuring compliance with its requirements. A suggested detailed outline for a QAM was presented in a previous column. It consisted of six distinct parts: (1) Introduction, (2) Quality Assurance, (3) Personnel Training and Certification, (4) Special Procedures, (5) Glossary, and (6) Appendix. This column will focus upon the structure for writing the policy statements contained in a QAM.

It is an easy task to list appropriate policy statements to include in a QAM. The difficult part is detailing their contents. For consistency purposes, they need to be organized and written in the same manner using one standardized style. Since there really is no universally accepted style for policy statements, the QM has to determine what to include or exclude. In some situations, existing departmental regulations may mandate the style for policy statements. If so, the QM would have no choice but to follow its requirements. Where no such constraints exist, the QM should consider the following points for the content of policy statements:

1. Policy Name
2. Policy Number
3. Subject
4. Purpose
5. Document Control: Approved By/Date, Revised Date/Revision Number
6. Responsible Authority
7. Related Standards/Statutes/References
8. Scope
9. Policy Statement
10. Procedure

One of the policy statements in the “Introduction” part of the aforementioned QAM included position descriptions. A position description for a QM that incorporates all of the above listed points can be downloaded here.

Depending upon section and/or agency requirements, the QM may not need to include all of the listed points in policy statements. Some points could possibly be grouped together. Others could be references to detailed documents maintained elsewhere within the section or agency. That is acceptable as long as they are readily available to the examiners and others that would have a need to review them (management, inspectors, assessors, etc.). The next column will continue discussing Quality Assurance Practices.

I welcome your comments and questions. Contact the Digital Insider at: digitalinsider@forensicmag.com

John J. Barbara is a Crime Laboratory Analyst Supervisor with the Florida Department of Law Enforcement (FDLE) in Tampa, FL. An ASCLD/LAB inspector since 1993, John has conducted inspections in several forensic disciplines including Digital Evidence. John is the General Editor for the “Handbook of Digital & Multimedia Evidence” to be published by Humana Press in 2007.