What is Due care?

Understanding Due care

A legal concept pertaining to the duty owed by a provider to a customer. Due care refers to the level of judgment, care, prudence, and activity that would reasonably be expected under particular circumstances. In information security, it involves taking necessary precautions to protect systems and data from foreseeable threats. Failure to exercise due care may constitute negligence. The concept of due care is referenced in legal frameworks and standards like ISO 27001 and NIST CSF. Organizations demonstrate due care through security policies, controls, risk assessments, staff training, and maintaining awareness of threats and vulnerabilities. For example, a cloud service provider demonstrates due care by implementing appropriate security measures, staying current with security patches, conducting regular security testing, and maintaining compliance with relevant standards. Related terms: Due diligence, Reasonable care, Negligence, Liability, Standard of care, Legal duty, Compliance.