Role-Based Access Control (RBAC) is the correct answer because it allows for permissions to be associated with roles and then users are assigned to those roles. This means that access to resources is based on the role an employee holds within the organization, which aligns well with the enforcement of company policies. For example, only employees with the role of 'Financial Analyst' would have access to sensitive financial records, enforcing policy through predefined roles.

Discretionary Access Control (DAC) relies on the resource owner to make decisions about access, which could lead to less consistent enforcement of company-wide policies. Mandatory Access Control (MAC) uses classifications and clearances and is not necessarily policy-driven, which may not align with the organization's need to manage access based on company policies. Attribute-Based Access Control (ABAC) considers multiple attributes and could be suitable but is more complex to manage than RBAC for this specific scenario where policy enforcement based on roles is desired.