A company is looking to implement a new policy to strengthen its security posture regarding the management of employee access. Which of the following policies BEST defines the responsibilities and expected behavior of both the users and IT staff in creating, distributing, and managing user access to the company's system and network resources?
Access Control Policy
Change Management Policy
Acceptable Use Policy
Data Classification Policy