A bottom-up approach begins by defining operational-level requirements and policies, which are
derived and implemented as the result of risk assessments. Enterprise-level policies are
subsequently developed based on a synthesis of existing operational policies. Choices A, C and
D are advantages of a top-down approach for developing organizational policies. This approach
ensures that the policies will not be in conflict with overall corporate policy and ensure
consistency across the organization.