# Security Steward Onboarding/OffBoarding ## Onboarding * Confirm the new steward agrees to keep all private information confidential to the project and not to use/disclose to their employer. * Add them to the security-stewards team in the GitHub nodejs-private organization. * Add them to the [public website team](https://github.com/orgs/nodejs/teams/website). * Ensure they have 2FA enabled in H1. * Add them to the standard team in H1 using this [page](https://hackerone.com/nodejs/team_members). * Add them as managers of the [nodejs-sec](https://groups.google.com/g/nodejs-sec/members) mailing list. ## Offboarding * Remove them from security-stewards team in the GitHub nodejs-private organization. * Remove them from public website team * Unless they have access for another reason, remove them from the standard team in H1 using this [page](https://hackerone.com/nodejs/team_members). * Downgrade their account to regular member in the [nodejs-sec](https://groups.google.com/g/nodejs-sec/members) mailing list.