While preparing for an audit of information security controls in the environment, an analyst outlines a framework control that has the following requirements: ✑ All sensitive data must be classified. ✑ All sensitive data must be purged on a quarterly basis. ✑ Certificates of disposal must remain on file for at least three years. This framework control is MOST likely classified as: 

Answer options:

A. prescriptive
B. risk-based
C. preventive
D. corrective

A