Which of the following needs be established FIRST in order to categorize data properly?

A. A data protection policy
B. A data classification framework
C. A data asset inventory
D. A data asset protection standard