Team members can purchase goods and services on behalf of the company in accordance with the Signature Authorization Matrix and guide to Spending Company Money. However, all purchases being made on behalf of GitLab that are not a personal expense, must first be reviewed by procurement, then signed off by a member of the executive team. This ensures GitLab can appropriately plan for spend and assess vendor risk.
What if the Vendor I am working with doesn't require a contract?
Even if your vendor doesn't need a contract, a Vendor Contract Issue is still required under Requesting Procurement Services below.
The Vendor Contract approval process is designed to protect both you and the GitLab and the vendor.
In this event we can and will provide terms to govern the transaction based on the level of risk.
Prior to Contacting Procurement
Prior to engaging Procurement, please review the below guidelines:
Review the market capabilities defined by your overall spend before selecting your vendor.
All vendors must adhere to the GitLab Partner Code of Ethics. Inform your vendor(s) it is mandatory they contractually adhere to this if they would like to do business with us. (Note these are typically not required in event related agreements unless the vendor is providing services).
Identify your bid requirements based on your estimated spend:
$0-$100K: No bid
$101K - $250: 2-3 Bids
Greater than $250K: RFP
Open a vendor contract approval issue based on the choices under Requesting Procurement Services. Do this BEFORE agreeing to any business and/or pricing terms.
Requesting Procurement Services
Start working with the Procurement team by opening a vendor contract approval issue based on the type of purchase below. Procurement will not approve the request if the request is incomplete and/or missing information.
Contact Procurement directly in Slack via #procurement if you have any questions.
1: Purchase Type: Software or vendor that will process GitLab data
Open a Vendor Contract Approval issue with this template to begin the process.
Create this issue BEFORE agreeing to business terms and/or pricing.
It is preferred we negotiate the best pricing up front to keep our ongoing costs to a minimum across our long-term relationships with vendors.
If you have a field marketing or event contract where confidential data will be shared, use the above template.
A video tutorial of the issue creation process can be found HERE
Examples for this template type include marketing events, programs, sponsorships, catering, hotels, swag and services that do NOT involve the processing or sharing of data.
If you will be sharing confidential data with the vendor, please use the template under Purchase Type #1 above.
A video tutorial of the field marketing and events issue creation process can be found HERE
Deep Dive on the Vendor Contract Issue Process
Procurement will not approve a contract issue until all other approvals have been received to validate the appropriate approval process and policies have been followed. In the event procurement approves an issue prior to other approvals in an attempt to avoid being the source of a backlog, procurement will comment in the issue that their approval is "subject to remaining approvals". At this point it is the responsibility of the issue owner to follow the remaining process to obtain contract signature.
Legal Engagement for Vendor Contracts
Legal is responsible for reviewing vendor contracts and will adhere to legal playbook.
A contract cannot be signed until it has been approved by the legal team. Once the legal team approves the contract, legal will upload the contract with the approval stamp. Contracts will not be signed unless the legal approval stamp is included.
The Security Compliance team needs 3 business days to complete this review from the time they receive all necessary documentation from the vendor
A contract cannot be signed until it has been approved by the security team. Once the security team approves the vendor and/or identifies gaps in the vendor's security practices for negotiation, security will provide their approval in the issue.
Consult the Data Classification Policy to understand whether your contract will need security review. Any contracts that will share RED or ORANGE data will need security approval prior to signing. Additionally, an annual reassessment of vendor's security posture is performed as part of the contract renewal.
Complete a Data Protection Impact Assessment; please note that this will be done in partnership with GitLab's Data Protection Officer and reviewed by Security Compliance during the Security Review.
Capacity & Back Log
In the event you have an issue that hasn't received a prompt response from procurement, requestor should tag Aleshia Hansen in the #procurement Slack channel and provide:
Link to the Vendor Contract Approval issue; and
In the event the procurement team is out of office (as highlighted in PTO calendar or Slack), and the matter is time sensitive, requestor should
contact #legal channel in Slack and provide:
Link to Vendor Contract Approval Issue; and
Reason for escalation, with timeline for requirement(s)
Legal will assign a team member to approve the procurement portion of the issue.
Vendors & GitLab
Vendors will be required to create an account within Tipalti in order to receive payment.
Vendor Performance Issues
If there are performance and/or quality issues from an existing third-party vendor, procurement can support the resolution and/or re-evaluation of a replacement vendor.
Please log an issue and assign a.hansen for next steps.
Deliver quantified savings of > $3,000,000 over a rolling 12 month period.
Cost savings are achieved through the procure to pay process.
Savings are calculated as the savings achieved by comparing the initial vendor proposal price to the final purchase price.
In the event of a contract renewal, in addition to the above, savings can also be calculated as the savings achieved by comparing the previous cost per unit (eg. user, business metric, etc.) to the final cost per unit.
Savings negotiated at the cost per unit level are also cost savings to be calculated as savings.
Note these savings are not directly tied to budget.
Aligns with the following core business objectives:
Control spend and build a culture of long-term savings on procurement costs.