Information systems related due care dictates appropriate data security due diligence activities. Interpretively, an entity’s information systems should represent resources committed to collecting data, processing transactions, and communicating operational results within defined legal limits. An entity’s management, through deployed governance, “must ensure due diligence is exercised by all individuals involved in the management, use, design, development, maintenance or operation of information systems.” Therefore, managerial due care and due diligence enables compliance with IAP legal requirements. Managerial due care redresses activity responsibility, whereby due diligence includes continuously promoting compliance. For instance, IAP legal compliance procedures should be set by top management and continually promoted by example.
Davis, Robert E. IT Auditing: IT Governance. Mission Viejo, CA: Pleier Corporation, 2006. CD-ROM.
ISACF. Framework. In COBIT: Governance, Control and Audit and Related Technology. 3rd ed. Rolling Meadows, IL: ISACF, 2000.