Due Diligence (DD) is more specific than Due Care (DC) because DD has explicit “standards,” while DC is implicit and relies on a judge’s inner conviction per the prudent man rule.
Due Diligence (DD)
“Investigation” is a generally accepted “standard” of DD across industries. Some laws or regulations may define the standard of DD in certain subject domains. For example, the US regulation, 16 CFR § 682.3, defines the DD standard for the proper disposal of consumer information.
Generally speaking, DD emphasizes investigation as a preventive/proactive measure, establishing and maintaining the management system (policies, standards, procedures, controls, etc.) and ensuring its effectiveness.
Due Care (DC)
DC focuses on exercising best effort and reasonable care to conduct activities and take preventive, detective, corrective, or recovery actions. However, it is not easy to measure the degree of the endeavor of DC. That’s why a defender in the court has to justify he or she has exercised “due care” to the judge.
DD and DC
It’s common for CISSP aspirants to use the following mnemonics:
- DD: Do Detect
- DC: Do Correct