UKAS accreditation of forensic organisations meeting the requirements of the Forensic Science Regulator’s Codes of Practice and Conduct (FSR CoPC)
Issue 7 of the Forensic Science Regulator’s ‘Codes of Practice and Conduct for Forensic Science Providers and Practitioners in the Criminal Justice System’ FSR-C-100 (The Codes) has recently been published.
The most significant change in this new version of ‘The Codes’ is the inclusion of additional expectations with respect to Electronic Information Security as detailed in Section 23.3. These expectations were previously specified in the Regulatory Notice 02/2020 published on the 1st August 2020.
Issue 7 of ‘The Codes’ became effective on the 22nd March 2021, and Footnote 19 in the document indicates that organisations are expected to phase in changes into their quality management systems within 3 months of publication i.e. by the 22nd June 2021.
To allow organisations some additional time to generate evidence of the effective implementation of any changes to their systems and, therefore, to be able to demonstrate compliance with the requirements, UKAS will start assessing against this new version of The Codes from the 26th July 2021.
However, in order for each organisation to demonstrate that they have reviewed their systems against the additional requirements and identified any changes that may be required, irrespective of when their next routine UKAS assessment is planned to take place, UKAS requires all organisations that currently have ‘The Codes’ included on their schedule of accreditation to complete and return a Gap Analysis and Declaration of Compliance Form.
The Gap Analysis will be available from the UKAS website from the end of April, with an expectation that it will be completed and returned to UKAS, along with the related Declaration of Compliance Form, by the 22nd June 2021.
More detailed instructions relating to the completion and submission of the Gap Analysis are available on the Gap Analysis document.
The initial review of the Gap Analysis by UKAS will require 0.25 days of effort to be charged to each organisation. Where the need for any additional effort is identified through this initial review it will be charged on a case by case basis, for example, to raise and review any related findings.
In order that continued compliance to ‘The Codes’ can be verified an Information Security Technical Assessor will be included on the assessment team at an organisation’s next routine UKAS assessment. The additional effort required to assess the new expectations within The Codes will vary between organisations and, therefore, will be determined on a case by case basis.
In the future, as has been the case with this revision, it is anticipated that when there are updates to ‘The Codes’ UKAS will start to assess against the revised version four months after the date that the publication becomes effective, or as requested by the Forensic Science Regulator.
If you have any queries regarding the above, please contact your Assessment Manager.
To download a PDF version click here.