A higher standard of due care

In the United States, the standard of "due care" has risen dramatically since events such as the Sept. 11 attacks, the collapse of Enron, and the Iraq war. Greater consequences from risk events have led to increased control requirements and, subsequently, a higher standard of what truly constitutes due care. Cyber-security, bio-terrorism, and other threats have raised "proficiency" and "assurance" thresholds as well. Regulatory authorities - such as the U.S. Department of Homeland Security and the Securities and Exchange Commission - are also raising the standard. The Sarbanes-Oxley Act of 2002 and Federal Information Security Management Act, for example, demand much higher levels of organizational vigilance and professional attestation. To meet today's due care standards, organizations need to ensure that those who perform attestation work possess the right level of expertise. Superficial training and token credentials hardly seem adequate for the threats facing today's organizations. It is not sufficient to merely comply with established laws and requirements or give cursory treatment to risk areas. The security and overall health of the organization demand a much higher standard.