When developing an information security policy, what is the FIRST step that should be taken?

A.
Obtain copies of mandatory regulations.

B.
Gain management approval.

C.
Seek acceptance from other departments.

D.
Ensure policy is compliant with current working practices.