To help ensure the organization’s information assets are adequately protected, which of the following considerations is MOST important when developing an information classification and handling policy?
A . The policy has been mapped against industry frameworks for classifying information assets.
B . The policy is owned by the head of information security, who has the authority to enforce the policy.
C . The policy specifies requirements to safeguard information assets based on their importance to the organization.
D . The policy is subject to periodic reviews to ensure its provisions are up to date.
Answer: D