A company's compliance team has identified a security vulnerability in the organization's network. The team has presented this finding to the risk management team, who, in turn, creates a response plan to address the vulnerability. What is the next best step in the process based on this scenario?
A. The risk management team presents the response plan to the board of directors.
B. The compliance team creates policies to prevent future vulnerabilities.
C. The governance team approves and codifies the response plan in policy documents.
D. The technical team immediately implements the response plan.