# Due Care vs Due Diligence Backlink: [[Domain 1 - Index]] **Definition:** Due care is acting reasonably to protect assets; due diligence is the continuous activity to maintain and verify protections. ## Key Facts - Due care: “prudent person” standard; visible actions (policies, training). - Due diligence: ongoing monitoring, risk assessments, audits, vendor reviews. - Reduces negligence claims and legal liability. - Documented evidence (minutes, reports, metrics) demonstrates both. - Applies to third parties (onboarding, oversight, offboarding). - **Verify:** check official (ISC)² CBK and current exam outline. >[!tip] **Exam Relevance** - Identify actions showing due care vs. due diligence - Liability minimization and negligence avoidance >[!note] **Mnemonic** - “Care = create; Diligence = do.” ### Example Q: Annual risk assessment is? A: Due diligence. ## Revision Checklist - [ ] Define both precisely - [ ] List 3 examples of each - [ ] Explain link to negligence - [ ] Include vendor lifecycle oversight ## Related [[Security Governance]] · [[Risk Management Process]] · [[Third-Party and Supplier Risk Management]] · [[Security Metrics, KPIs, and KRIs]] · [[Service Level Agreements and Contracts]] #cisSP #domain-1 #concept