An IT strategy committee has reviewed an audit report indicating sales employees are using personal smartphones to conduct corporate business. Although the committee appreciates the business benefits, it is also concerned with the security risk. To deliver the business benefit, the committee’s FIRST recommendation should be to:

A. update the corporate security policy to include personal devices.
B. document procedures for securing personal devices.
C. improve training courses on securing corporate information.
D. perform a risk assessment on personal device data protection.