[x] Assign this ticket to the person currently staffing the maintenance rotation.
In order to complete Darren's exit from the cloud.gov team, the assignee should complete a prescribed set of tasks that will remove any special access.
Assignee: The tasks below are organized by the role needed to complete them. If you can’t complete any of the items on your checklist personally, you are responsible for ensuring that an appropriate person does it.
For compliance we need to show that critical offboarding actions happen within 24 hours of departure; some actions below need GitHub issues comments when completed. Completing tasks before departure is good. (control PS-4: personnel termination).
[ ] Temporary federal departure: Remove them all private cloud.gov Slack channels, except #cg-priv-gov, so they may continue to receive essential team communications.
[x] Permanent departure: If the person is leaving permanently, they will be removed from all channels automatically.
[x] In the training tracker: if they're staying at TTS, move them to the "former teammates" tab; if they're leaving TTS, delete them from the spreadsheet
[x] Remove them as invitees for any meetings on the cloud.gov calendar where they are specifically named
Invites where they are listed as part of the cloud.gov invitee group will be removed when they are removed from that group by the System Owner
System Owner (or person delegated by System Owner)
The following steps must be conducted and documented within 24 hours of departure:
[x] Exit interview with supervisor (federal employees) or contract account manager / COR (contractors): Discuss with departee the following information security topics:
They are to remove any non-public cloud.gov data (e.g. keys, passwords, code, documents) from any non-GSA device
They are not to disclose any non-public cloud.gov technical practices without authorization from GSA
They will not access cloud.gov systems or services without authorization from GSA
If the System Owner cannot hold this discussion, they will communicate to GSA OHRM that the above topics need to be communicated to the leaving person.
[ ] Remove any privileges that their cloud.gov account has due to membership in the cloud.gov team (even if not in Cloud Ops), such as admin_ui.user and scim.read
[ ] Remove any Org or Space roles that their cloud.gov account holds due to membership in the cloud.gov team (for example, remove them from the cloud-gov and cloud-gov-operators organizations)
Team Member Offboarding Checklist
When do we offboard a team member?
We must offboard a team member when they are:
See our AC Policy, "When a privileged team member has been absent...".
Special Notes
Do not create this issue until the System Owner has formally authorized and requested it. You can obtain that OK by one of two ways: A:
B:
Please only use first names.
Instructions
In order to complete
Darren
's exit from the cloud.gov team, the assignee should complete a prescribed set of tasks that will remove any special access.Assignee: The tasks below are organized by the role needed to complete them. If you can’t complete any of the items on your checklist personally, you are responsible for ensuring that an appropriate person does it.
For compliance we need to show that critical offboarding actions happen within 24 hours of departure; some actions below need GitHub issues comments when completed. Completing tasks before departure is good. (control PS-4: personnel termination).
Darren
Assignee
If the person offboarding is a contractor, reach out to the COR to ensure any offboarding steps specific to their contract are being completed.
@cg-team
,@cg-operators
, and any other@cg-
teams in the Slack Team Directory using the three-dot menu (instructions)#cg-priv-gov
, so they may continue to receive essential team communications.cloud.gov
invitee group will be removed when they are removed from that group by the System OwnerSystem Owner (or person delegated by System Owner)
The following steps must be conducted and documented within 24 hours of departure:
The following do not directly impact cloud.gov security & operations and can happen later:
Engineering
The following steps must be conducted and documented within 24 hours of departure:
-- or --
aws-admin
admin_ui.user
andscim.read
cloud-gov
andcloud-gov-operators
organizations)