Skip to main content

Leavers Guide

When CP team members leave, follow this guide, and log completion in a ticket.

Revoking Access

Digital Services

Equipment Return (including MacBook) and Accounts Closure

Only use this bundle to return, Digital MacBook’s and WTP devices. Leaver Bundle – Digital

This is usually raised by the line manager for civil servants.

  • Note - It is no longer possible to transfer a leaver’s documents, etc. to another person as part of the leaver’s process please transfer any documents to a suitable place before they leave.

  • Note - If the leaver has created any slack apps, these will need to be transferred to someone else in the team.

Contact #digital-it-forum channel for any queries

Slack account deactivation

Cloud Platform maintain a list of webhooks for Alertmanager Notifications - Incoming Webhooks. When the slack account is deactivated, these webhooks will still be active. Hence, no action is needed.

Some apps that member installed which require member-specific permissions may be atomatically deactivated. Check in advance, if the leaver has installed any such apps and if so, transfer them to someone else in the team by creating a ServiceNow order: Slack tasks for the D&T Workspace Also make sure there is atleast one other member who is a collaborator for the app.

AWS Accounts

  • Purge them from AWS accounts:

    • moj-cp
    • mojdsd
    • Cloud Platform Ephemeral Test
    • Cloud Platform Transit Gateways

    To login, use the SSO links above, or use the AWS console

  • Remove them from cloud-platform-terraform-awsaccounts-iam

  • Remove them from cloud-platform eks cluster

  • Search for the leavers username in Github - ministryofjustice organisation and delete any such entries, which may include Repos outside of the Cloud Platforms team e.g. dso-infra-azure-ad.

Please note, for Repos not owned by the Cloud Platforms Team both approval and PR merge will need to be done by a member of the relevant team.

Other 3rd Party Accounts access removal

Below are the list of 3rd party accounts that need to be removed when a member leaves the team. Contact #ask-operations-engineering channel requesting the removal

“Hi team, please can you close the access for a CP leaver from all the accounts supported by your team, thanks”

  1. Request Password Management removal - 1Password

  2. Auth0 justice-cloud-platform

  3. Auth0 moj-cloud-platforms

  4. Pagerduty

  5. DockerHub MoJ teams

  6. Pingdom

  7. 1Password

  8. Sentry

  9. MoJ Github Organisation

  10. GitHub Projects

  11. Remove them from the PagerDuty support rota (if applicable)

10.Remove them from platforms@digital.justice.gov.uk Google Group

The following link from the Operations Engineering legacy page lists the services ‘not’ supported by the team

(https://cloud-optimisation-and-accountability.justice.gov.uk/documentation/operations-engineering-legacy/operations-engineering-user-guide/quicklinks/we-dont-do-that.html#services-we-don-39-t-manage)

Line manager actions

Complete the Leavers Checklist for Managers

This page was last reviewed on 5 August 2025. It needs to be reviewed again on 5 February 2026 by the page owner #cloud-platform .
This page was set to be reviewed before 5 February 2026 by the page owner #cloud-platform. This might mean the content is out of date.