During an incident, which of the following entities would MOST likely be contacted directly by an organization's incident response team without management approval?

A. Industry regulators
B. Technology vendor
C. Law enforcement
D. Internal audit