[ ] ASoC - ask in #sos-asoc to remove user from "IBM DevOps Services" group
[ ] Slack channels -Remove from private slack channels
[ ] Box folders -Remove from Box folders (Example WW CD Team , DevOps Insights Dev , SRE-devops-services, Any squad specific folders ) Follow this for Transfer of Ownership incase needed
[ ] Aha! - when the intranet ID is removed from BluePages, the user should be removed from Aha. If you want to be sure, you can contact an admin in #bigblue-aha-liaison Slack channel to remove from the account.
Assess if the leaver had access to any shared accounts or credentials, in which case immediately trigger their rotation/change, and document in this issue the list of impacted accounts/credentials.
[ ] Revoke & Rotate IAM keys and IAM serviceIDs Check items user had access to by checking the IAM Inventory Link
IAM Service ID : Update owner/rotator to new owner/rotator in IAM Config and raise pull request. Daily automation will run and update the Inventory
IAM key : - Follow the Link and update owner/rotator in the file here
[ ] Revoke & Rotate non-IAM keys : Check items user had access to by checking
the non-IAM Inventory
Update owner/rotator in here and raise pull request. Daily automation will run and update the non-IAM Inventory
[ ] Rotate secrets to data stores/services the employee had access to in Vault
List of people with Access can be seen here
If person User - revoke access
If Person is Owner in Vault - all keys must be rotated. (* HOW ?)
[ ] Rotate secrets to data stores/services the employee had access to in KeyProtect (* HOW ?)
Make sure the leaver cleans up any personal cloud resources (i.e., personal cloud account and any related cloud resource)
[ ] Follow this [runbook] ()
If the individual worked on Financial Services Cloud, report termination of that individual to their upline manager on the last day worked.
[ ] Send email to Upline manager and capture screenshot.
Retain access to organizational information and information system-related property (e.g. hardware authentication tokens, keys, identification cards, etc.) and list in this issue the items that have been returned by the individual leaving IBM.
-[ ] Follow the Country specific Checklist which is provided for off-boarding .
Refer the Offboarding Runbook
Link to CISO Ticket : https://github.ibm.com/ibmcloud/ciso-compliance-offboarding/issues/
Service Team : Access To Be Revoked Checklist
Terminate/revoke any authenticators/credentials associated with that individual on the last day worked
-[ ] Remove all access from AccesHUB for the following
ccs-newrelicThycotic - Link (* HOW ?)
#sos-asocto remove user from "IBM DevOps Services" groupAssess if the leaver had access to any shared accounts or credentials, in which case immediately trigger their rotation/change, and document in this issue the list of impacted accounts/credentials.
[ ] Revoke & Rotate IAM keys and IAM serviceIDs Check items user had access to by checking the IAM Inventory Link
IAM Service ID : Update owner/rotator to new owner/rotator in IAM Config and raise pull request. Daily automation will run and update the Inventory
IAM key : - Follow the Link and update owner/rotator in the file here
[ ] Revoke & Rotate non-IAM keys : Check items user had access to by checking the non-IAM Inventory
[ ] Rotate secrets to data stores/services the employee had access to in Vault
[ ] Rotate secrets to data stores/services the employee had access to in KeyProtect (* HOW ?)
Make sure the leaver cleans up any personal cloud resources (i.e., personal cloud account and any related cloud resource)
If the individual worked on Financial Services Cloud, report termination of that individual to their upline manager on the last day worked.
Retain access to organizational information and information system-related property (e.g. hardware authentication tokens, keys, identification cards, etc.) and list in this issue the items that have been returned by the individual leaving IBM. -[ ] Follow the Country specific Checklist which is provided for off-boarding .