Before implementing instant messaging within an organization using a public solution, which of the following should be in place to mitigate data leakage risk?

A. An access control list
B. An acceptable usage policy
C. An intrusion detection system (IDS)
D. A data extraction tool