Can someone please explain the difference between "due care" and "due diligence"? They seem very similar to one another and after researching more and more, I'm getting confused.
One tech book described it like this:
Due care is using reasonable care to protect the interests of an organization. Due diligence is practicing the activities that maintain the due care effort. For example, due care is developing a formalized security structure containing a security policy, standards, baselines, guidelines, and procedures. Due diligence is the continued application of this security structure onto the IT infrastructure of an organization. Operational security is the ongoing maintenance of continued due
And yet, other online resources have described it like this:
Due diligence is performing reasonable examination and research before committing to a course of action. Basically, "look before you leap." In law, you would perform due diligence by researching the terms of a contract before signing it. The opposite of due diligence might be "haphazard" or "not doing your homework."
Due care is performing the ongoing maintenance necessary to keep something in proper working order, or to abide by what is commonly expected in a situation. This is especially important if the due care situation exists because of a contract, regulation, or law. The opposite of due care is "negligence."
and still another person online phrased it as:
Due Diligence: Performing the necessary research
Due Care: Performing the actions identified as necessary from due diligence
These definitions all seem to be a little different from one another. Help?