The GitLab Procurement Team

Maintained by:

What is Procurement?
What is the Procurement Process at GitLab?
- Shared Goals
- Metrics
  - Vendor cost avoidance
  - Percent (%) of vendor spend on Purchase Order
When do I start the Procurement Process?
How do I start the Procurement Process?
What are other Services Procurement Supports?
New Zip tool launched 2023-02-01 for all Purchase Requests!
When does procurement negotiate my contract and how long does that take?
How do I create a Purchase Request in Zip?
How long does it take to approve my Zip Purchase Request?
What if I have an Urgent Request?
How do I increase the dollar amount for an existing PO?
What are the exceptions to the PO Policy?
Helpful Documents and Templates
- Contract Templates
- Documentation

What is Procurement?

Procurement is the process of selecting vendors, strategic vetting, selection, negotiation of contracts, and the actual purchasing of goods. Procurement acquires all the goods, services, and work that is vital to GitLab.

What is the Procurement Process at GitLab?

Anytime a purchase is being made on behalf of GitLab that does not qualify as a personal expense, or meet the list of exceptions, a Zip Request must be submitted and fully approved BEFORE a purchase and/or work can begin.

Exceptions to the PO policy include, but are not limited to, purchases under $5,000 USD.

Shared Goals

Procurement is a cross-functional team that supports GitLab as a public company. We have four key objectives monitored in the following ways:

Risk Management and Compliance
- Reported and monitored via internal and external audit which gets reported to our shareholders.
Digital Automation and Efficiency
- Reported via annual cost avoidance and year over year savings
Strategic Partnership and Department Spend Reviews
- Reported through the twice annual NPS survey
Responsible Sourcing and Diversity
- Monitored via Coupa Supplier Onboarding

Metrics

Vendor cost avoidance

Monitor the cost avoidance achieved through the procure to pay process. Cost Avoidance is the savings achieved off of the initial vendor proposal price. Note this is not directly tied to budget.

Aligns with the following core business objectives:

Control spend and build a culture of long-term savings on procurement costs.
Streamline the purchasing process.
Minimize financial risk.

Percent (%) of vendor spend on Purchase Order

Percentage of all vendor spend for any department that is purchased via PO.

Aligns with the following core business objectives:

SOX Compliance.
Streamline the purchasing process.

When do I start the Procurement Process?

Before agreeing to any business, legal and/or pricing terms with a supplier, whether in conversation or email
Immediately when you receive a contract and/or quote for new and/or recurring business
- If you have received a contract from a supplier, tell them you will send to your procurement team for review
When you have narrowed down your RFP to the final 1-2 suppliers

How do I start the Procurement Process?

Create a Purchase Request in Zip
If unsure where to begin, tag the @procurement_team in the #procurement slack channel

What are other Services Procurement Supports?

Includes RFP Templates, scorecards and Vendor Guidelines for doing business with GitLab:

Home Office and Supplies Individual Use Software Vendor Selection Process Vendor Guidelines Non-Disclosure Agreement (NDA) Charitable Contributions Demo/Trial Agreements

New Zip tool launched 2023-02-01 for all Purchase Requests!

Reasons why we chose Zip and the Business Case can be found here.

When does procurement negotiate my contract and how long does that take?

The procurement team negotiates SaaS contracts >$25K, and one-time contracts > $100K.
Plan on the negotiation, review and approval cycle to take 3-4 weeks. Large and/or complex contracts can take longer to negotiate and finalize.
If this step is not taken, purchase orders will not be approved until procurement is able to negotiate.

How do I create a Purchase Request in Zip?

If purchasing Home Office Equipment and/or Software for your individual work use <$5K USD, see Other Services Process since a Zip Purchase Request is not required in these instances.

Step 1: Obtain Zip Access

Login to Zip via your Okta home page.
If you need Zip access, see How to access Zip.
Review Zip training materials:
- Zip End Users Guide

Step 2: Submit your Zip Request

On the Zip homepage, click “New Requests” in the top right corner of the webpage. From there, you will have the option to request a Purchase, NDA, or Change Request, which will prompt you to fill in all the details about your purchase.

Purchase Request

General Information

Description & Category
- Provide a brief description of your purchase and be sure to select the correct category and subcategories as needed.
- “New” purchase would be any product or service that is brand new. “Renewal” would be any renewals or add-ons with an existing vendor.
Will a virtual card be used to pay this vendor?
- This applies to instances where the supplier only accepts online credit card payments. More info on allowed uses here (link to new Virtual Card page)
- If yes, select “Yes,” fill in the supplier contact information, and proceed with the request.
Vendor Name and Primary Contact
- If an existing vendor or you are unsure, start typing the vendor name in Zip. If vendor exists, Zip will populate it in the dropdown. You can then select the existing Primary Vendor Contact or select ‘Add new contact’ and complete the the contact information
- If New Vendor:
  - Review Vendor Selection Process and ping the #procurement slack channel if you would like support choosing a new vendor and/or executing an RFP.
  - When you fill in the details of your Zip request, you will be asked to fill in the supplier name. If this supplier is not already in our system, you will need to click the “add new” option once you type in the supplier name. Please be sure to fill in all details so that the procurement team can add the supplier to Coupa. While we use Zip internally now, Coupa will still be the tool used to pay our suppliers.
  - After you’ve submitted your request for a new supplier, the procurement and AP teams will review and approve within 1-2 business days.
  - If you need this escalated:
    - Tag the procurement team in the #procurement slack channel
    - Include link to the new supplier request and reason for escalation
    - Once the procurement team approves, the supplier will receive an onboarding email from Coupa requesting them to complete the onboarding process. This includes providing tax and banking information that only the supplier can provide.

TIPS to streamline approval process

To help expedite the review and approval of your purchase request, be prepared to provide the following information in your Zip Request. If you don't know all of this information yet or are wanting support to negotiate that's ok!

Spend Information:
- Provide all of the spend details including required budget amount, contract term, and line item details.
- The Line Item Breakdown should match the line items on the Order Form/Contract and should be entered separately for each year of the contract if a multi-year term.
- The sum of the Line Items must equal the amount entered for budget.
- Check the boxes of the supporting documentation received. You will upload these in the Documents section at the end of the request process
IT & Security Information:
- Complete the Data Information section. Depending on your selection(s), additional required questions will appear.
  - If any data will be shared, a Vendor Security Review will be completed. The vendor will receive an email communication from ZenGRC requesting information regarding their security protocols.
  - Be as specific as you can about the type of data the vendor and/or system will have access to, and specifics about how they will receive that data. Failure to complete this section accurately will delay the review and approval of your request.
  - If any data will be shared, the Vendor will need to sign our DPA and SCC’s as directed by federal and global requirements.
    - TIP: To increase speed of approval send your supplier contact DPA and SCC’s for signature right away. Also alert them to the request from ZenGRC for security completion. Let them know review and approval can't begin without these pieces.
Documents & Surveys:
- For any software renewal/add-on that is based on usage (e.g. user quantities), a usage report is required for Procurement’s review. This can be uploaded in the Documents section under ‘Please attach any additional files for reference’ at the end of the request process.
  - Based on the usage report, Procurement will review the request to increase, decrease, or hold quantities flat.
- Upload any contracts and/or quotes you've received.
  - Draft contracts are okay. Make note of any terms and/or pricing still being finalized- this can be done in the Comments section once you submit your request.

Step 4: Monitor Progress in Zip

You can check the status of your Zip request at any time by looking at the approval flow chart in the “Overview” section of the request.

Buyer Review: Procurement is checking to ensure all request details are complete and accurate. This will also include setting up any new suppliers in Coupa, which may take several days depending on the response time of the vendor.
Security/Privacy/Legal/Buyer Negotiation: These steps can occur concurrently, and each team will conduct their review at the same time to reduce overall approval times.
Final Buyer Review and Create Coupa Purchase Request (PR): Procurement will double check all request details and activate the Zip<>Coupa integration to create the Coupa request. Coupa requests now only require FP&A and management hierarchy approvals. The Zip requester will not need to take any action in Coupa.
Coupa Approval and Execute Contract: Once Coupa approvals are complete, Procurement will send any relevant contracts for signature via DocuSign; signatories are determined by GitLab’s authorization matrix. Once the contract is fully executed by both parties, the procurement team will approve the Zip & Coupa Request, fully approving the Purchase Request and simultaneously releasing the Coupa Purchase Order (PO) to facilitate supplier payment.

Step 5: Congratulations on your Purchase Order (PO)!

Once the PO is generated, GitLab has officially placed an order for your purchase!! You may now begin work and/or obtaining the products/services.
The supplier will receive a copy of the PO order and number at the email address they supplied for Accounts Payable.
The supplier will receive communication from Coupa indicating how to make payment one of two ways:
- Directly in their Coupa portal
- Send invoice to ap@gitlab.com with PO number included on the invoice
- Failure to follow these instructions will delay payment
- Invoices uploaded to Coupa by a GitLab team member are not routed for payment.
If your request was new software, update the tech stack after the Zip Request is fully approved and the contract signed.

Congratulations and thank you for following this process to support GitLab as a public company!

How long does it take to approve my Zip Purchase Request?

As a general rule, plan on 5 Business Days to approve your Purchase Request for an existing supplier with standard terms, conditions, and low risk.

If your request requires negotiation, a vendor security review, and/or legal revisions, this will take longer as noted below.

Please plan accordingly and open your Zip Purchase Request allowing the cross-functional teams enough time to complete the review

If your request meets any of the below criteria, add the additional time noted for the activity to the 5 day baseline above:

New Supplier Onboarding: 2-3+ Days

This is entirely dependent upon the suppliers response time.
Once supplier information has been submitted in Zip and the Procurement team sets the vendor up in Coupa, the supplier receives an email from Coupa requesting banking and tax information to facilitate payment.
The procurement team cannot complete this on the supplier’s behalf since we do not know this information. If we did, it would be a violation of SOX Compliance guidelines.
If your supplier isn’t onboarded after 2 days, contact your supplier directly requesting they do so ASAP since their contract cannot be reviewed or approved until this is completed. Carbon copy procurement@gitlab.com

In the event two or more of the below activities are required, they will happen in parallel to one another:

Negotiation: 1-3 Weeks

Required for: SaaS contracts >$25K, and one-time contracts >$100K.
Turn time is based on the level of negotiation required and the suppliers willingness to meet budget and benchmark indicators.

Security Review: 4-14 Days

This activity cannot begin until after the supplier completes the security/privacy questionnaire and supplies their security documentation. Oftentimes, it can take a week for the supplier to respond and complete the requested materials. The SLA begins once that is completed.
Time before this activity can begin is entirely dependent upon the supplier's response time and maturity of security protocols.
Security Third Party Risk Management review is required for: All SaaS purchases, and other purchase types where the supplier will have access to orange and/or red data (excluding field marketing events).
TIP: To increase speed of approval, upload any security compliance documentation (such as the SOC-2 report) to the Coupa Request and notify your supplier contact they will be receiving a request from ZenGRC for completion ASAP.

Legal Review: 3 Days - 3+ Weeks

Note: The amount of time for review, and to reach execution, is based on the details below. Use these SLA's as guidelines, noting that each contract review process is unique and if additional terms, requirements, and/or risks are identified the timeline for completion may be extended

Existing Vendors: 3-5 Days
- If new terms, and/or risks are introduced or required, this may take longer.
- Any delays from the supplier, will delay final approvals.
New Vendors: 1-3+ weeks
- If vendor doesn't readily accept the GitLab standard terms, additional rounds of red-lines and negotiations may be required, extending this SLA.
- Whenever possible, the legal team hopes to achieve red-lines–to be provided back to the vendor–no later than five (5) business days after being assigned.

Types of Vendors

Net New:
- These require the most amount of time as GitLab will be establishing (for the first time) terms and conditions which will govern the use of the products and/or services being procured.
- Negotiations can vary from 1 week to multiple months based on the level of detail and modifications required to reach executable terms.
Renew / Upsell:
- These generally require much less time as existing terms are in place which will underline the products and/or services being offered.
- That being said, in the event GitLab where to add a new product and/or service (from an existing Vendor) additional cycles may be required in order to create amendment(s) to the existing agreement.
One-time Transaction:
- These generally require much less time as existing terms are in place which will underline the products and/or services being offered.

Types of Agreements (generally broken into three (3) categories)

Software (SaaS & On-Prem): Requires the most rigorous review to ensure the rights and obligations placed upon GitLab are, (i) reasonable given the Software being provided, and (ii) align with GitLab contracting and industry standards.
Professional Services / Training: Requires detailed review to ensure intellectual property ownership aligns with our intentions, as well as, reasonable obligations being placed upon GitLab.
Marketing / Events: Generally, requires the least amount of time to review as the obligations are standardized given the event in question and program provided. Details regarding events may include negotiations with regards to Force Majeure, cancellation (including penalty), and ensuring the terms of the Agreement align with those of the requesting GitLab Team Members.

Additional Details

As discussed above, the turnaround time for the review of an Agreement is contingent on many factors. The goal of the legal team is to review and provide red-lines as thoroughly and promptly as possible.
The ability for GitLab to process and work efficiently through an agreement negotiation relies on the vendor, and vendor counsel, to respond promptly to GitLab red-lines and comments.

What if I have an Urgent Request?

If you are unable to plan and have a legitimate reason to escalate a purchase request, follow the process below.

Post in #procurement slack channel request for escalation with:
- Link to your Zip Request
- Date needed
- Specific and quantifiable impact to the business if date is missed.
  - "Supplier wants it signed today" does not qualify as a reason for escalation and these requests will be denied.
  - "Price will increase $45K if not signed by Friday" or "Material negative brand impact if not signed by Friday due to missed PR deadlines" are specific, tangible, business impacts that will be reviewed.
Truly urgent and business critical requests will be evaluated, please note these are disruptive to our workflow and our ability to meet SLA's for requests opened on time.
We may or may not be able to accommodate your urgent request based on the risk and bandwidth available.
When you know you have a critical request with a deadline, enter the request into Zip 1-2 weeks prior to needing approval to avoid needing escalation. Do this even if the contract isn’t final yet to help expedite the process.

How do I increase the dollar amount for an existing PO?

If you have a PO with an existing supplier and the cost has increased, you can update the existing PO for the new dollar amount.
When you log into Zip and select “New Request,” you will see an option to “Request a Change (amend contract or PO change)”
Fill in all the required information and the Procurement team will amend the PO in Coupa on your behalf.
Attach supporting documentation from the supplier for the change in amount. This could be a SOW, Change Request, and/or Order Form based on the purchase type.
This will require the same approvals as a net new request.

What are the exceptions to the PO Policy?

Exceptions to the PO Policy are:

Purchases under $5K
Charitable Contributions (Donations)
Computer/Hardware Advances (if unable to be paid through Payroll Dept)
Interview Candidate Reimbursement
Legal Fees
Audit, Tax, and Insurance Fees
Benefits, PEO Providers and Payroll
AR/Customer Refunds
Board of Director Payments
Financing, Banking and Investing (incl interest, debt, FX, fees)
Corporate Credit Card
Urgent Payments not included on list above (approval required from VP, Corporate Controller and/or PAO)

Helpful Documents and Templates

Contract Templates

Documentation

Non-Disclosure Agreement (NDA) Process
Uploading Third Party Contracts to ContractWorks
Company Information - general information about each legal entity of the company
Trademark - information regarding the usage of GitLab's trademark
Authorization Matrix - the authority matrix for spending and binding the company and the process for signing legal documents