When determining a customer’s security requirements using the security site survey from the steps for success methodology， which three of theses should be included in the customer’s security policy and procedures？（）

• A、Third-party due diligence policy review
• B、Remote Access Policy
• C、Encryption Policy
• D、Application change control policy
• E、Security Personnel policy