Which security measure is not an organizational level security measure?

A.
Carrying out background investigations on new personnel

B.
Implementing Role Based Access Control

C.
Setting up a security awareness program

D.
Setting up an information security policy document

Explanation: