A company has set a policy that employees will be required to report any observed or suspected security issues. Which control type has the company implemented?

Security controls are safeguards or countermeasures that an organization implements to avoid, detect, counteract, or minimize security risks to organizational assets. The three control types are administrative controls, technical controls, and physical controls. Administrative controls consist of procedures and policies that an organization puts into place when dealing with sensitive information.