A data-hosting organization’s data center houses servers, applications, and data for a large number of geographically dispersed customers. Which of the following strategies would be the BEST approach for developing a physical access control policy for the organization?

A. Design single sign-on or federated access
B. Conduct a risk assessment to determine security risks and mitigating controls
C. Develop access control requirements for each system and application
D. Review customers’ security policies