What security element must an organization have in place before it can implement a security audit an

What security element must an organization have in place before it can implement a
security audit and validate the audit results?

A.
an Incident Response Team

B.
firewalls

C.
network access control

D.
a security policy

E.
a Security Operations Center