diff --git a/fast/CLEANUP.md b/fast/CLEANUP.md
index edc93f04..3f9b230a 100644
--- a/fast/CLEANUP.md
+++ b/fast/CLEANUP.md
@@ -23,13 +23,13 @@ terraform destroy
 ```
 
 
-# Stage 2 (Security)
+## Stage 2 (Security)
 ```bash
 cd $FAST_PWD/02-security/
 terraform destroy
 ```
 
-# Stage 2 (Networking)
+## Stage 2 (Networking)
 ```bash
 cd $FAST_PWD/02-networking-XXX/
 terraform destroy
@@ -37,7 +37,7 @@ terraform destroy
 
 There's a minor glitch that can surface running terraform destroy, where the service project attachments to the Shared VPC will not get destroyed even with the relevant API call succeeding. We are investigating the issue, in the meantime just manually remove the attachment in the Cloud console or via the gcloud beta compute shared-vpc associated-projects remove command when terraform destroy fails, and then relaunch the command.
 
-# Stage 1 (Resource Management)
+## Stage 1 (Resource Management)
 Stage 1 is a little more complicated because of the GCS Buckets. By default terraform refuses to delete non-empty buckets, which is a good thing for your terraform state. However, it makes destruction a bit harder
 
 
@@ -52,8 +52,10 @@ done
 terraform destroy
 ```
 
-# Stage 0 (Bootstrap)
-You should follow these steps carefully because we can end up destroying our own permissions. We also have to remove several resources (GCS buckets and BQ datasets) manually.
+## Stage 0 (Bootstrap)
+***You should follow these steps carefully because we can end up destroying our own permissions. As we will be removing gcp-admins group roles, where your user belongs, you will be required to grant organization admin role again ***
+
+We also have to remove several resources (GCS buckets and BQ datasets) manually.
 
 ```bash
 cd $FAST_PWD/00-bootstrap/