- Confirm the new steward agrees to keep all private information confidential to the project and not to use/disclose to their employer.
- Add them to the security-stewards team in the GitHub nodejs-private organization.
- Ensure they have 2FA enabled in H1.
- Add them to the standard team in H1 using this page.
- Add them as managers of the nodejs-sec mailing list.
- Remove them from security-stewards team in the GitHub nodejs-private organization.
- Unless they have access for another reason, remove them from the standard team in H1 using this page.
- Downgrade their account to regular member in the nodejs-sec mailing list.