(v1.0 – May 2017) Policy to determine the business requirements for the control of access to information.