1# Security Steward Onboarding/OffBoarding 2 3## Onboarding 4 5* Confirm the new steward agrees to keep all private information confidential 6 to the project and not to use/disclose to their employer. 7* Add them to the security-stewards team in the GitHub nodejs-private 8 organization. 9* Add them to the [public website team](https://github.com/orgs/nodejs/teams/website). 10* Ensure they have 2FA enabled in H1. 11* Add them to the standard team in H1 using this 12 [page](https://hackerone.com/nodejs/team_members). 13* Add them as managers of the 14 [nodejs-sec](https://groups.google.com/g/nodejs-sec/members) mailing list. 15 16## Offboarding 17 18* Remove them from security-stewards team in the GitHub nodejs-private 19 organization. 20* Remove them from public website team 21* Unless they have access for another reason, remove them from the 22 standard team in H1 using this 23 [page](https://hackerone.com/nodejs/team_members). 24* Downgrade their account to regular member in the 25 [nodejs-sec](https://groups.google.com/g/nodejs-sec/members) mailing list. 26