search

thoughtbot / thoughtbot.social

Fork of Mastodon code for thoughtbot customizations
https://joinmastodon.org
GNU Affero General Public License v3.0
2 stars 2 forks source link

What is our offboarding policy? #7

Open nickcharlton opened 3 months ago

nickcharlton commented 3 months ago

When team members leave the company, or no longer wish to have an account on thoughtbot.social, what should we do?

nickcharlton commented 3 months ago

As we use Google SSO for signing in, if a team member leaves the company, they will no longer be able to access the account.

Options:

  1. We can deactivate/suspend people's accounts when they leave,
  2. We could delete people's accounts,
  3. Team members can move their account elsewhere,
  4. Do nothing

Questions:

  1. How do we track when someone leaves? Should a task be added to the People Team's offboarding list?
  2. Where should this be documented?
  3. If a team member is locked out before being able to make a decision, can we still do anything?
cpytel commented 3 months ago

I think we could do something like what we do for 1password:

A week before someone leaves, a Hub ticket is created for them reminding them to double check their 1password account to make sure that they don't have any personal items in their thoughtbot vault because they will lose access to it after their last day. The person then does that and marks the ticket as complete. If the person doesn't do it, we make sure to remind them before their last day.

In this case, we'd create a ticket reminding them that they should move their account elsewhere if they want to preserve it after they leave. After someone leaves, if they had an account and it wasn't migrated, then Operations can deactivate the account.