In which of the following categories would creating a corporate privacy policy, drafting acceptable use policies, and group based access control be classified?

In which of the following categories would creating a corporate privacy policy, drafting acceptable use policies, and group based access control be classified?

A.
Security control frameworks

B.
Best practice

C.
Access control methodologies

D.
Compliance activity