Your CISO requires business data to be stored in specific geographic locations for regulatory compliance. You have determined that the in-scope services are covered by Google Cloud's data residency capabilities, the data will remain in specified locations within the same organization, the folder structure can span multiple data residency locations, and projects are aligned to specific locations. You plan to use the Resource Location Restriction organization policy for granular control. At which level in the resource hierarchy should you set this constraint?