User Access Reviews
Aakash Bhardwaj
Threats in cybersecurity are constantly changing, and so must we when defending against those threats. Firewalls, encryption, and intrusion detection blocks are solid components of a robust security posture, but there's one major, often overlooked layer that can greatly reduce risk from both the inside and out: User Access Review (UARs).
When we talk about user access review, it's probably safe to say you know what you're doing – it's not about "compliance," although that's a big benefit. User access review means preventing needless loss of digital assets, ensuring the integrity of data, and guarding against unauthorized access that can lead to disastrous breaches. In an increasingly connected business world where one compromised account can undo years of work, understanding user access reviews is more than a smart move – it’s critical!
This guide will get into the "why" and "how" of periodic user access reviews to equip you with the knowledge and capabilities to improve your organization's security and manage your access governance. We'll include some basic frameworks for effective user access review processes, the most effective cadence for conducting reviews, and we'll talk about how new, purpose-fitted solutions like ReShield streamline this important security component.
User Access Reviews can be the Source of Your Worst Vulnerabilities
Isn't a castle with towering, unscalable walls a dream? How about the backdoor? What if your newly purchased castle had a backdoor to the security solution, and the previous owner decided to leave out a critical lock? Too often, institutions, organizations, and enterprises are operating with these types of vulnerabilities.
Consider these examples:
Employee Turnover: When an employee leaves, is their access to every system immediately deprovisioned? In almost all circumstances, the answer is no. Access remains to some degree, resulting in ghost accounts, where malicious actors or disgruntled former employees can easily exploit access.
Role Changes: An employee changes from a sales role to marketing. Is access to sensitive sales data automatically removed and new, appropriate access provided? In most instances, when role changes happen, and given the manual-focused and arbitrary processes in place, access can be accumulated and privileges aren't removed when not necessary or don't support the current role.
Privilege Creep: For any number of reasons (specific projects, initiatives, etc.), employees procure new access; over time, permissions can pile up, resulting in potentially more access than a person's current role necessitates. This privilege creep feeds a security risk.
Shadow IT: Employees can use their own applications, cloud services, or even both to perform work-related tasks, which opens unmanaged access points that are outside your control and not in alignment with your security and privacy strategy and processes.
Insider Threats: Whether malicious or accidental, insiders are insiders regardless of their motives or intentions. Otherwise legitimate access is just as risky if the right levels of access are not actively scrutinized, managed, or reviewed.
All of these scenarios lead to a true problem: absent rigorous and periodic user access reviews, you passively increase your attack surface over time. As you expand your attack surface, you make it easier for the threat landscape to violate your organization. This isn't an absolute judgment, but solely a concern for failure, breaches, compliance violations, or reputational impacts that come from adding ghost accounts, user provisioned access to sensitive capabilities, unnecessary privilege escalations, and managing risk for your organization.
Benefits of Formal User Access Reviews
While regulatory compliance (GDPR, HIPAA, SOX, NIST, ISO 27001, etc.) is often the most visible driving force behind an organization undertaking formal UARs, the benefits serve multiple purposes, including:
1. Improved Security Posture:
Limited attack surface: When you deprovision dormant accounts, remove unnecessary privileges, and orphaned access, you reduce the potential points of entry attackers can use.
Mitigating Insider Threats: Regular reviews allow remediation of excessive access that can be abused by employees, whether accidental or forced by financial pressures or personal circumstances.
Better Data Confidentiality and Integrity: Only allowing authorized personnel access to sensitive data protects the confidentiality of the data and operations, preventing unauthorized changes.
2. Better Operational Efficiency:
Easier Access Management: A well-defined UAR process allows cleaner and more organized access controls and will make it easier to manage users' permissions.
Faster Onboarding/Offboarding: If you have clear access requirements for each role, employees entering or leaving the organization will be onboarded/offboarded faster and with less risk.
Less Overhead in IT: By finding unnecessary accounts and privileges and subsequently removing them, we also remove needless administrative work for IT Teams.
3. Better Compliance and Audit Readiness:
Provide Control Proof: We have a documented record that we are serious about access governance and control as part of our overall security practices to support successful audits.
Avoid Fines: Not protecting data from hackers was costly, and if your organization is non-compliant with new data protection regulations, there will be heavy fines waiting on your doorstep. The UAR will help you meet regulatory obligations.
Better Public Image: A strong security posture based on good access governance will increase your reputation and standing.
4. Better Risk Management:
Identifying Risky Access: UAR affords the ability to identify accounts with risky access that may include highly sensitive data or excessive privileges. Take aim and action on risks related to access with accuracy and ease.
Threats on the Horizon: By checking access quarterly, you can help notice anomalies or suspicious activity associated with access that may be impending.
Working through the User Access Review process
A periodic user access review (UAR) that is successful is not a "one-and-done" process. The process of a periodic user access review is continuous and cyclical, and it will certainly fail without appropriate planning and continuous improvement.
With that said, here is a simple overview of the various components:
Step One: Define Scope and Objectives
What will you be reviewing?
What systems, applications, and data repositories will be included in the review? Start with the most important systems with the most sensitive data, and work your way outwards.
Who will be doing it?
Establish ownership for all components of the review process – system owner, application owner, data owner, security teams, etc.
What are your objectives?
Are you trying to achieve compliance, reduce risk exposure, become more efficient, or a combination of both? Define your objectives in measurable terms.
Step Two: Identify Users and Their Access
Inventory all users:
This means all of them – employees, contractors, vendors, service accounts, etc.
Describe user access:
Document for every user, what systems, applications, and data they can access, and what level of privilege (e.g., read, write, administer, etc.). Each user will require different access to different systems, applications, and data. This can be a massive undertaking, and in parallel, may be particularly difficult in large, heterogeneous environments.
Step Three: Define Access Baselines and Policies
Role-Based Access Control (RBAC):
Keep it simple and establish standards for role classification within your organization – what access is appropriate for which role. The various roles will provide your access baseline.
Least Privilege Principle:
Access should be granted based on only the minimum required privileges to allow users to fulfill their job functions.
Segregation of Duties (SoD):
Identify conflicting interests – do not allow one person to be in control of an entire critical process.
Step Four: Conduct the Review
Certification Campaign:
This is the key component of the review. System owners or managers must review and certify access rights for those people that are their direct reports or users of their system.
Review Questions:
Be specific about what you want reviewers to identify. The reviewers should be addressing questions like:
Does this user still require that access for their current role?
Does that access meet the principle of least privilege?
Are there any outliers or suspicious access patterns?
Is this access compliant with established RBAC?
Documentation:
Maintain a readily retrievable audit record of who certified access, what was certified, when, and what was the outcome.
Step Five: Remediate and Re-mediate (The Important Step!)
Action Unauthorized Access:
This one is tricky. Unwarranted, excessive, or unauthorized access must be removed.
Automated or Manual Remediation:
Either way, depending on your capability, this may be either a manual or ideally (more to come with ReShield...) a fully automated process.
Approval Workflows:
Where possible, for sensitive access types, allow for approval workflows when making access changes.
Step Six: Monitor and Report
Continuous Monitoring:
Develop your access management tools and processes to allow continuous monitoring of user access and generally any user-related process risk that is either visible or detectable in-between formal reviews.
Reporting:
Regularly report on users' access status, review outcomes, and remedial actions taken – management and audit applicable visitors will find this information valuable.
Cadence is Key: How often should you perform periodic user access reviews?
While there is no certain answer to how often, or what the cadence should be, for periodic user access reviews, the cadence is commonly based on considerations such as:
Regulatory Obligation: Highly regulated industries (financial and healthcare) will have much stricter requirements which may have you performing these reviews every quarter or even every month for technically critical systems.
Risk Appetite: You know your organization's level of risk appetite. Thus, if your organization is comfortable with a level of risk (based on financial or legal exposure) associated with inaccurate access for an extended time, then you can also conduct your reviews less frequently.
Critical Open Access: Obviously, if you have a system that is considered critical to your organization that holds tremendously sensitive data, then the periodic review cadence on that system is going to be much shorter than for a system that is not considered critical or holds far less sensitive data.
Organizational Change: When an organization's position changes, either through M&A or significant restructuring, it's important to review your user access immediately.
Employee Turnover: You are going to want to do these more frequently if you have a high turnover rate with your employees to ensure that deprovisioning of former employees and the allotment of new permissions is performed effectively.
As general guidelines:
Annually: As a minimum period for any system.
Semi-Annually / Quarterly: For all systems with sensitive data or under strict compliance mandates.
Event-Driven: Major organizational changes such as employee resignations, role changes, etc., or security incident-related matters.
Real-Time / Continuous Monitoring: Ideally, begin implementing technology to monitor user access in real-time or as closer to real-time as regimes allow.
Even if you are complying with an annual review requirement, it is generally going to be more beneficial for your security posture and condition you when it comes time to conduct your annual audit review if you have performed a periodic review on your critical systems more frequently.
The Problems with Manual User Access Reviews
While the idea behind UARs is simple, executing them, especially in larger companies with complicated IT environments, can present challenges if you're reliant on manual processes. Among the challenges include:
A Long, Drawn-Out, Human-Resource Intensive Process: Manual reviews mean spreadsheets, emails, approvals, and wasting valuable resources from IT and elsewhere in the company.
Human Error-Prone: Manual processes can lead to mistakes, oversights, and inconsistency, leading to incomplete reviews.
Lack of Visibility: Getting a full, real-time view of all user access across disjointed systems is all but impossible.
Audit Trail Gaps: Keeping a strong, auditable trail of decisions made during manual reviews can be problematic.
Hard to Remediate/Access Revoked: Revoking access in multiple systems manually takes a long time, and processes can get stalled.
Scalability Issues: Manual review processes simply do not scale as your organization grows, and you won't want to try to find a solution because you won't be able to overcome the growing process; it's only going to become worse and worse.
As organizations experience some or all of these pitfalls, they get review fatigue, they struggle with policy enforcement, and over time, the organization becomes less secure. At this point, the reliance on automated technology and intelligent access governance solutions needs to become clear.
ReShield: Intelligently Automate your User Access Reviews
At ReShield, we understand the complexities and criticality of conducting periodic user access reviews. That is why we have built a best-in-class solution to take the often-difficult and overwhelming process of conducting a user access review and make it intelligent, efficient, and highly secure. By incorporating agentic AI with automation and keeping users in the loop when it comes to potentially sensitive situations, ReShield allows for ongoing automation while providing flexibility and, of course, security. This is how ReShield can help your organization perform more effective, continuous user access reviews.
Automated Cadence for Timely Reviews: ReShield's agentic AI platform automates the entire review process, so you'll never miss a deadline. The system creates user review campaigns on a frequency based on your policies, assigns reviewers, tracks user access reviews in progress, and identifies critical deadlines and pending campaigns. This focus on a process helps ensure timely and consistent reviews of access, which enhances your organization's security posture.
Intelligent Automation for Efficiency: ReShield automates more than just the timing, frequency, and assigning of reviewers. Our agentic AI learns your access behavior and, when necessary, can intervene and notify you if it identifies anomalies and even recommend an optimal access arrangement. With ReShield, the systematic guesswork of identifying and certifying access is reduced to the manual effort of accessing an access review report.
Automated Removal on Rejection: When an access is rejected (or identified, during a daily or periodic review campaign, as not needed), ReShield automates the initiation of access removal across all connected systems. This eliminates delayed, incorrect, and inefficient manual deprovisioning and reduces your risk instantly.
Seamless Remediation Workflows: ReShield can kick off remediation workflows when an access is rejected or identified as needing revision. ReShield takes you to the correct remediation workflow(s) and tracks the actions to ensure that any action is auditable and documented. If remediation is particularly complex, ReShield will suggest the necessary workflows and can even launch a workflow on behalf of your team to begin the remediation process as quickly as possible.
Human-in-the-Loop for Sensitive Decisions: Although we would like to automate as much as possible, we also appreciate the importance of human analysis and insight with regard to critical security decisions. ReShield guides the reviewer to consider sensitive access decisions before any automated action is taken. You will know the decisions are being made with human intelligence and review and can therefore exercise complete control and oversight.
Contextual Insights to Inform Better Decisions: ReShield introduces additional insights to the reviewer which amplify the quality of their decision-making:
"How many users with the same role or level have similar access?" The reviewer may want to probe outliers and consider consistency in their application of access policies by ensuring others with similar roles/level have the same access as the outlier.
"Is this access risky in such a way that I should look at it?" More simply put, ReShield's AI is alerting the reviewer to access combinations or privilege levels with disproportionate risk that may denote a security vulnerability not otherwise vetted.
Wide-ranging Customizations for Unique Workflows: We know every organization has its own security policy and operational workflows. ReShield has extensive customization to follow your review cadences, approval hierarchies, notification preferences, and remediation steps, essentially allowing anyone to approve access or request remediation.
Complete Audit Trail and Reporting: ReShield automatically creates an audit trail of all remediation and review activities and decisions for complete accountability. ReShield also simplifies compliance reporting to make the next audit much easier!
Making User Access Reviews a Strategic Advantage
Periodic User Access Reviews are now more than just a compliance item; they are a unique pillar of a strong cybersecurity strategy. By continually assessing and verifying user access, organizations can lower their attack surface, mitigate insider threats, and meet regulations.
While the burdens of manual reviews are real, solutions such as ReShield can further change this increasingly critical security practice. By way of significantly smarter review automation, contextualized actionable insights, and only those sensitive access decisions requiring human-in-the-loop, ReShield allows your organization to advance from being just a reactive security posture to a proactive, intelligent access governance and feedback loop.
Don't let unchecked access be your organization's Achilles' heel. Harness the power of intelligent automation and leverage periodic user access reviews as a strategic advantage in your continual fight against cyber threats.
Ready to modernize your user access review process? See how ReShield can intelligently automate your access governance, make you more secure, and simplify your compliance
![](data:image/svg+xml,<svg aria-label="Vector" display="block" role="presentation" viewBox="0 0 66 13" xmlns="http://www.w3.org/2000/svg"><g d="M 9.6 0 L 6.4 0 C 6.179 0 6 0.179 6 0.4 L 6 12.174 C 6 12.327 6.088 12.467 6.226 12.534 C 6.364 12.601 6.528 12.583 6.648 12.488 L 9.848 9.961 C 9.944 9.885 10 9.77 10 9.648 L 10 0.4 C 10 0.179 9.821 0 9.6 0 Z M 4 1.889 C 4 1.398 4.398 1 4.889 1 C 4.95 1 5 1.05 5 1.111 L 5 11.111 C 5 11.602 4.602 12 4.111 12 C 4.05 12 4 11.95 4 11.889 Z M 2 3.889 C 2 3.398 2.398 3 2.889 3 C 2.95 3 3 3.05 3 3.111 L 3 10.111 C 3 10.602 2.602 11 2.111 11 C 2.05 11 2 10.95 2 10.889 Z M 0 5.889 C 0 5.398 0.398 5 0.889 5 C 0.95 5 1 5.05 1 5.111 L 1 8.111 C 1 8.602 0.602 9 0.111 9 C 0.05 9 0 8.95 0 8.889 Z M 15.78 6.036 L 15.78 9.849 L 14 9.849 L 14 0 L 17.993 0 C 20.219 0 21.611 1.029 21.611 3.018 C 21.611 4.568 20.748 5.556 19.287 5.898 L 21.861 9.849 L 19.83 9.849 L 17.395 6.036 Z M 15.78 4.526 L 17.896 4.526 C 19.176 4.526 19.858 3.978 19.858 3.018 C 19.858 2.044 19.176 1.508 17.896 1.508 L 15.78 1.508 L 15.78 4.527 Z M 25.973 10 C 23.886 10 22.425 8.477 22.425 6.255 C 22.425 4.143 23.872 2.51 25.904 2.51 C 28.018 2.51 29.145 4.088 29.145 6.063 L 29.145 6.612 L 24.025 6.612 C 24.151 7.846 24.902 8.601 25.973 8.601 C 26.794 8.601 27.448 8.189 27.671 7.449 L 29.104 7.984 C 28.589 9.246 27.434 10 25.974 10 Z M 25.89 3.896 C 25.027 3.896 24.36 4.403 24.109 5.377 L 27.462 5.377 C 27.448 4.582 26.947 3.896 25.89 3.896 Z M 29.633 8.477 L 30.885 7.49 C 31.316 8.19 32.151 8.656 33 8.656 C 33.71 8.656 34.363 8.409 34.363 7.764 C 34.363 7.147 33.751 7.078 32.596 6.845 C 31.442 6.612 30.12 6.324 30.12 4.787 C 30.12 3.471 31.289 2.51 32.972 2.51 C 34.252 2.51 35.393 3.073 35.922 3.868 L 34.795 4.87 C 34.377 4.225 33.682 3.855 32.875 3.855 C 32.193 3.855 31.748 4.156 31.748 4.636 C 31.748 5.158 32.276 5.254 33.195 5.446 C 34.433 5.706 35.991 5.967 35.991 7.613 C 35.991 9.067 34.641 10 32.986 10 C 31.636 10 30.286 9.465 29.633 8.477 Z M 37.273 9.85 L 37.273 0 L 38.943 0 L 38.943 3.416 C 39.446 2.828 40.186 2.496 40.96 2.51 C 42.49 2.51 43.409 3.553 43.409 5.103 L 43.409 9.849 L 41.739 9.849 L 41.739 5.583 C 41.739 4.691 41.378 4.047 40.459 4.047 C 39.708 4.047 38.943 4.595 38.943 5.624 L 38.943 9.85 Z M 45.085 1.687 L 45.085 0 L 46.81 0 L 46.81 1.687 Z M 46.783 2.647 L 46.783 9.85 L 45.113 9.85 L 45.113 2.647 Z M 51.626 10 C 49.539 10 48.078 8.477 48.078 6.255 C 48.078 4.143 49.525 2.51 51.556 2.51 C 53.671 2.51 54.798 4.088 54.798 6.063 L 54.798 6.612 L 49.678 6.612 C 49.803 7.846 50.554 8.601 51.626 8.601 C 52.446 8.601 53.1 8.189 53.323 7.449 L 54.756 7.984 C 54.241 9.246 53.086 10 51.626 10 Z M 51.542 3.896 C 50.68 3.896 50.012 4.403 49.762 5.377 L 53.114 5.377 C 53.1 4.582 52.6 3.896 51.542 3.896 Z M 57.72 0 L 57.72 9.85 L 56.05 9.85 L 56.05 0 Z M 62.23 10 C 60.184 10 59.016 8.299 59.016 6.255 C 59.016 4.211 60.184 2.51 62.23 2.51 C 63.176 2.51 63.871 2.88 64.33 3.416 L 64.33 0 L 66 0 L 66 9.85 L 64.33 9.85 L 64.33 9.095 C 63.871 9.63 63.176 10 62.23 10 Z M 64.372 6.05 C 64.372 4.691 63.593 3.95 62.563 3.95 C 61.353 3.95 60.699 4.883 60.699 6.255 C 60.699 7.627 61.353 8.56 62.563 8.56 C 63.593 8.56 64.373 7.805 64.373 6.475 L 64.373 6.049 Z" fill="transparent" height="12.574162748448197px" id="QLfKMvzoW" width="65.99999884033204px"><path d="M 3.6 0 L 0.4 0 C 0.179 0 0 0.179 0 0.4 L 0 12.174 C 0 12.327 0.088 12.467 0.226 12.534 C 0.364 12.601 0.528 12.583 0.648 12.488 L 3.848 9.961 C 3.944 9.885 4 9.77 4 9.648 L 4 0.4 C 4 0.179 3.821 0 3.6 0 Z" fill="rgb(0, 117, 255)" height="12.57416274844826px" id="eDniqsBDd" transform="translate(6 0)" width="4px"/><path d="M 0 0.889 C 0 0.398 0.398 0 0.889 0 C 0.95 0 1 0.05 1 0.111 L 1 10.111 C 1 10.602 0.602 11 0.111 11 C 0.05 11 0 10.95 0 10.889 Z" fill="rgb(0, 200, 255)" height="11px" id="vpxu5xc_q" transform="translate(4 1)" width="1px"/><path d="M 0 0.889 C 0 0.398 0.398 0 0.889 0 C 0.95 0 1 0.05 1 0.111 L 1 7.111 C 1 7.602 0.602 8 0.111 8 C 0.05 8 0 7.95 0 7.889 Z" fill="rgb(0, 117, 255)" height="8px" id="zrDMDG6rG" transform="translate(2 3)" width="1px"/><path d="M 0 0.889 C 0 0.398 0.398 0 0.889 0 C 0.95 0 1 0.05 1 0.111 L 1 3.111 C 1 3.602 0.602 4 0.111 4 C 0.05 4 0 3.95 0 3.889 Z" fill="rgb(0, 200, 255)" height="4px" id="k04AzW6af" transform="translate(0 5)" width="1px"/><path d="M 1.78 6.036 L 1.78 9.849 L 0 9.849 L 0 0 L 3.993 0 C 6.219 0 7.611 1.029 7.611 3.018 C 7.611 4.568 6.748 5.556 5.287 5.898 L 7.861 9.849 L 5.83 9.849 L 3.395 6.036 Z M 1.78 4.526 L 3.896 4.526 C 5.176 4.526 5.858 3.978 5.858 3.018 C 5.858 2.044 5.176 1.508 3.896 1.508 L 1.78 1.508 L 1.78 4.527 Z M 11.973 10 C 9.886 10 8.425 8.477 8.425 6.255 C 8.425 4.143 9.872 2.51 11.904 2.51 C 14.018 2.51 15.145 4.088 15.145 6.063 L 15.145 6.612 L 10.025 6.612 C 10.151 7.846 10.902 8.601 11.973 8.601 C 12.794 8.601 13.448 8.189 13.671 7.449 L 15.104 7.984 C 14.589 9.246 13.434 10 11.974 10 Z M 11.89 3.896 C 11.027 3.896 10.36 4.403 10.109 5.377 L 13.462 5.377 C 13.448 4.582 12.947 3.896 11.89 3.896 Z M 15.633 8.477 L 16.885 7.49 C 17.316 8.19 18.151 8.656 19 8.656 C 19.71 8.656 20.363 8.409 20.363 7.764 C 20.363 7.147 19.751 7.078 18.596 6.845 C 17.442 6.612 16.12 6.324 16.12 4.787 C 16.12 3.471 17.289 2.51 18.972 2.51 C 20.252 2.51 21.393 3.073 21.922 3.868 L 20.795 4.87 C 20.377 4.225 19.682 3.855 18.875 3.855 C 18.193 3.855 17.748 4.156 17.748 4.636 C 17.748 5.158 18.276 5.254 19.195 5.446 C 20.433 5.706 21.991 5.967 21.991 7.613 C 21.991 9.067 20.641 10 18.986 10 C 17.636 10 16.286 9.465 15.633 8.477 Z M 23.273 9.85 L 23.273 0 L 24.943 0 L 24.943 3.416 C 25.446 2.828 26.186 2.496 26.96 2.51 C 28.49 2.51 29.409 3.553 29.409 5.103 L 29.409 9.849 L 27.739 9.849 L 27.739 5.583 C 27.739 4.691 27.378 4.047 26.459 4.047 C 25.708 4.047 24.943 4.595 24.943 5.624 L 24.943 9.85 Z M 31.085 1.687 L 31.085 0 L 32.81 0 L 32.81 1.687 Z M 32.783 2.647 L 32.783 9.85 L 31.113 9.85 L 31.113 2.647 Z M 37.626 10 C 35.539 10 34.078 8.477 34.078 6.255 C 34.078 4.143 35.525 2.51 37.556 2.51 C 39.671 2.51 40.798 4.088 40.798 6.063 L 40.798 6.612 L 35.678 6.612 C 35.803 7.846 36.554 8.601 37.626 8.601 C 38.446 8.601 39.1 8.189 39.323 7.449 L 40.756 7.984 C 40.241 9.246 39.086 10 37.626 10 Z M 37.542 3.896 C 36.68 3.896 36.012 4.403 35.762 5.377 L 39.114 5.377 C 39.1 4.582 38.6 3.896 37.542 3.896 Z M 43.72 0 L 43.72 9.85 L 42.05 9.85 L 42.05 0 Z M 48.23 10 C 46.184 10 45.016 8.299 45.016 6.255 C 45.016 4.211 46.184 2.51 48.23 2.51 C 49.176 2.51 49.871 2.88 50.33 3.416 L 50.33 0 L 52 0 L 52 9.85 L 50.33 9.85 L 50.33 9.095 C 49.871 9.63 49.176 10 48.23 10 Z M 50.372 6.05 C 50.372 4.691 49.593 3.95 48.563 3.95 C 47.353 3.95 46.699 4.883 46.699 6.255 C 46.699 7.627 47.353 8.56 48.563 8.56 C 49.593 8.56 50.373 7.805 50.373 6.475 L 50.373 6.049 Z" fill="rgb(255, 255, 255)" height="10px" id="uSPVddIXO" transform="translate(14 0)" width="51.99999884033203px"/></g></svg>)
