When determining a customer’s security requirements using the security site survey from the Steps for Success methodology, which three of these should be included in the customer’s security policy and procedures? (Choose three.)

A.
third-party due diligence policy review

B.
security personnel policy

C.
encryption policy

D.
remote access policy

E.
application change control policy