What is Due diligence?

Understanding Due diligence

Actions taken by a vendor to demonstrate provide due care. Due diligence involves taking reasonable steps to identify and understand risks before making decisions or taking actions. In security contexts, it includes thoroughly investigating vulnerabilities, threats, and control effectiveness before implementing systems or entering business relationships. Due diligence is referenced in legal frameworks, standards like ISO 27001, and regulations like GDPR and HIPAA. Organizations implement due diligence through risk assessments, vendor security assessments, penetration testing, code reviews, and compliance verification. For example, before acquiring another company, an organization might perform security due diligence including infrastructure assessment, review of security incidents, compliance verification, and identification of potential security liabilities. Related terms: Risk assessment, Vendor assessment, Third-party risk management, Security assessment, Compliance verification, Reasonable care, Mergers and acquisitions.