Which of the following is the BEST approach to identify noncompliance issues with legal, regulatory, and contractual requirements?

A. Vulnerability assessment
B. Risk assessment
C. Business impact analysis (BIA)
D. Gap analysis