Ron is the IT director at a medium-sized company. He frequently gets requests from employees who want to select customized mobile devices. He decides to allow them to purchase their own devices. Which type of policy should Ron implement to include the requirements and security controls for this arrangement?
A. Privacy.
B. Bring Your Own Device (BYOD).
C. Acceptable use.
D. Data classification.