From f883bf3d128a408bb5b9cd76962893a09285a94c Mon Sep 17 00:00:00 2001
From: Michael Dawson <mdawson@devrus.com>
Date: Thu, 9 Dec 2021 17:12:43 -0500
Subject: [PATCH] doc: add security steward on/offboarding steps

Signed-off-by: Michael Dawson <mdawson@devrus.com>

PR-URL: https://github.com/nodejs/node/pull/41129
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
---
 .../security-steward-on-off-boarding.md       | 23 +++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100644 doc/guides/security-steward-on-off-boarding.md

diff --git a/doc/guides/security-steward-on-off-boarding.md b/doc/guides/security-steward-on-off-boarding.md
new file mode 100644
index 00000000000000..19c058f1696bc8
--- /dev/null
+++ b/doc/guides/security-steward-on-off-boarding.md
@@ -0,0 +1,23 @@
+# Security Steward Onboarding/OffBoarding
+
+## Onboarding
+
+* Confirm the new steward agrees to keep all private information confidential
+  to the project and not to use/disclose to their employer.
+* Add them to the security-stewards team in the GitHub nodejs-private
+  organization.
+* Ensure they have 2FA enabled in H1.
+* Add them to the standard team in H1 using this
+  [page](https://hackerone.com/nodejs/team_members).
+* Add them as managers of the
+  [nodejs-sec](https://groups.google.com/g/nodejs-sec/members) mailing list.
+
+## Offboarding
+
+* Remove them from security-stewards team in the GitHub nodejs-private
+  organization.
+* Unless they have access for another reason, remove them from the
+  standard team in H1 using this
+  [page](https://hackerone.com/nodejs/team_members).
+* Downgrade their account to regular member in the
+  [nodejs-sec](https://groups.google.com/g/nodejs-sec/members) mailing list.