diff --git a/ROLLING OVER.md b/ROLLING OVER.md
index ad714836..32a58fd4 100644
--- a/ROLLING OVER.md	
+++ b/ROLLING OVER.md	
@@ -1,10 +1,41 @@
-Export any reports you want to keep.
+# Rolling over for a new conference
 
-Take a database dump:
+This website collects a limited amount of personally identifiable information for the purposes of organizing a conference. In the interests of security, we've chosen to reset the site for each conference to limit the amount of information that could potentially ever be exposed in the event of a vulnerability.
+
+
+## Step 1: Take a snapshot of the public conference site
+
+Method described here:
+
+https://f.sfconservancy.org/Conservancy/2024.fossy.us/src/branch/main/README.md
+
+
+## Step 2: Download any reports for archive use
+
+This might include the attendees, talks proposed and speakers.
+
+
+## Step 3: Take a database backup
+
+This is useful in case we miss something. Run:
 
     fab download-postgres-db
 
-Remove all accounts, tickets, invoices, talks, etc. I used the commands below, but this may be simpler to achieve by selecting the relevant users in the Django Admin, selecting "Delete" and letting the cascading deletes deal with it.
+
+## Step 4: Delete any uploaded files/reports
+
+On the server, run:
+
+    rm -rf /srv/symposion_app/site_media/*
+
+
+## Step 4: Reset the database
+
+Remove all accounts, tickets, invoices, talks, etc.
+
+Probably the easiest approach is to select and delete all non-staff "User" records via Django Admin and letting the cascading deletes handle any relationships. 
+
+I've previously also used the commands below:
 
 ```
 $ sudo -u postgres psql symposion