So I have come across a testing issue that has been bothering me and found a little conflict:
The Sybex online glossary (and book) state:
Due Care: The steps taken to ensure that assets and employees of an organization have been secured and protected and that upper management has properly evaluated and assumed all unmitigated or transferred risks. due diligence The extent to which a reasonable person will endeavor under specific circumstances to avoid harming other people or property.
Due diligence: The extent to which a reasonable person will endeavor under specific circumstances to avoid harming other people or property
The (ISC)2 practice test Iphone app test question shows the following test question:
So my question at this point what is correct answer? This is very discouraging through my studying.
@iluom Mouli, good try at putting some order to the question, however, instill read some linguistic ambiguity to your and all previous replies in this thread.
I am convinced that @rslade Grandpa Rob had it right: The question itself is a BAD QUESTION because it tries to differentiate two legal terms in the context of non-lawyers. Subsequent posts in the thread demonstrate that there is no consistent difference between the terms in either legal or general public references.
This is the clearest definition I have seen on this thread regarding due care and due diligence so far. Due care is what you do, it is action where as due diligence is the paperwork you erect about your actions which includes the policies, written procedures or plan that prove you exercise due care. Example: making regular backups and restores to test and ensure these backups are good and sound is due care while a a written backup and restore policy, the steps aka procedures you use you to perform these backups and restores represente due diligence and you can bring these documents with you in the board room when you speak with the organization's lawyer 😉