Due Diligence - Definition: The ongoing effort to systematically identify, evaluate, and mitigate risks while ensuring compliance with legal, regulatory, and ethical standards. - Focus: Proactive and preventative measures. Key Activities examples: - Establishing and maintaining security policies and procedures. - Conducting regular risk assessments. - Ensuring vendor compliance and monitoring supply chain Risk Training employees on security and compliance requirements. - Performing audits and reviews to identify vulnerabilities and inefficiencies. Due diligence demonstrates that the organization has taken "proactive steps" to protect its assets and meet obligations. Itโs about creating a strong security posture before issues arise. Due Care - Definition: Taking the right actions in response to specific situations to protect the organization and its stakeholders. - Focus: "Reactive measures and responses". Key Activities Examples: - Applying security patches promptly when vulnerabilities are discovered. Responding to incidents with appropriate measures. - Following the organizationโs policies and procedures during a crisis. Making decisions that reflect responsibility and caution to avoid negligence. Due care emphasizes responsible actions taken during or after a situation to minimize harm or risk. Relationship Between Due Diligence and Due Care Summary - Due diligence is Proactive and preventative measures establishing and maintaining a foundation of good practices, policies, and controls. - Due care is Reactive measures and responses applying those practices responsibly in day-to-day operations and specific incidents.