diff --git a/doc/guides/security-steward-on-off-boarding.md b/doc/guides/security-steward-on-off-boarding.md new file mode 100644 index 00000000000000..19c058f1696bc8 --- /dev/null +++ b/doc/guides/security-steward-on-off-boarding.md @@ -0,0 +1,23 @@ +# Security Steward Onboarding/OffBoarding + +## Onboarding + +* Confirm the new steward agrees to keep all private information confidential + to the project and not to use/disclose to their employer. +* Add them to the security-stewards team in the GitHub nodejs-private + organization. +* Ensure they have 2FA enabled in H1. +* Add them to the standard team in H1 using this + [page](https://hackerone.com/nodejs/team_members). +* Add them as managers of the + [nodejs-sec](https://groups.google.com/g/nodejs-sec/members) mailing list. + +## Offboarding + +* Remove them from security-stewards team in the GitHub nodejs-private + organization. +* Unless they have access for another reason, remove them from the + standard team in H1 using this + [page](https://hackerone.com/nodejs/team_members). +* Downgrade their account to regular member in the + [nodejs-sec](https://groups.google.com/g/nodejs-sec/members) mailing list.