You are contracted for designing an e$-$commerce software application that will cater to customers in Europe.

Compliance with the European Union's General Data Protection Regulation $($GDPR$)-$ a data privacy regulation, is mandatory, as itv data of European Union residents.

The software must also be complaint with the Payment Card Industry Data Security Standard $($PCI DSS$)$ industry standard as it wills s certain payment card $($debit$/$credit card$)$ data.

In addition to these, certain security policies such as minimum password length and complexity must be enforced.

Which of the following Secure SDLC practices in the Initiation phase can help in the above? $($Choose the most appropriate option$).$

Conduct security trainings

Establish security and privacy requirements

Attack surface analysis

Avoid components with known privacy valnerabilities

Information preservation and media sanitization before disposal