A large enterprise has an AWS setup which contains multiple accounts managed through AWS Organizations. The accounts are categorized into several OUs based on the company's departmental structure. The security team now wants to enforce a policy to prevent any accidental deletion of S3 buckets across all accounts. Which solution should the security team implement to meet this requirement?