Due diligence is the systematic process of investigating and evaluating risks regarding business partners, transactions or activities before formalizing a commitment.
Due diligence is a key requirement of ISO 37001 (anti-bribery) and ISO 37301 (compliance). It involves evaluating corruption, money laundering, sanctions or other compliance risks associated with third parties the organization relates to. Its depth must be proportional to the identified risk level.
No. It also applies in information security (supplier assessment in ISO 27001), privacy (data processors in ISO 27701) and mergers and acquisitions.
It is a serious nonconformity in ISO 37001. Additionally, it exposes the organization to significant legal, reputational and financial risks.
Need an assessment in this area?