How should management obtain assurance that employees are complying with the organization’s security policy?
A. Regularly conduct independent reviews of employees’ security practices.
B. Routinely survey staff so that information related to security practices can be submitted anonymously.
C. Rely on exception reports to identify errors.
D. Enforce a policy that requires all employees to sign a statement that they will adhere to the organization’s security policies.