Due diligence

Due diligence is a term used for a number of concepts involving either the performance of an investigation of a business or person, or the performance of an act with a certain standard of care. It can be a legal obligation, but the term will more commonly apply to voluntary investigations. Some common examples of due diligence in various industries include:

As a concept in civil litigation
Due diligence in civil litigation (also known as due care) is the effort made by an ordinarily prudent or reasonable party to avoid harm to another party. Failure to make this effort may be considered negligence. This is conceptually distinct from investigative due diligence, involving a general obligation to meet a standard of behaviour. Quite often a contract will specify that a party is required to provide due diligence.

As a criminal defense
In criminal law, due diligence is the only available defense to a crime that is one of strict liability (i.e. a crime that only requires an actus reus and no mens rea). Once the criminal offense is proven, the defendant must prove on the balance of probabilities that they did everything possible to prevent the act from happening. It is not enough that they took the normal standard of care in their industry - they must show that they took every reasonable precaution.

Information Security Due Diligence
Information security due diligence is often undertaken during the information technology procurement process to ensure risks are known and managed, and during mergers and acquisitions due diligence reviews to identify and assess the business risks.

External Resources

 * Information Security Due Diligence Checklist
 * Urs+Nahum's Security Checklist - getting ready for due diligence