The Procurement Team

1. You are here:
2. Finance
3. The Procurement Team

Maintained by:

On this page

• Purchasing Policy and Team
  • Why Procurement?
  • How do I contact procurement?
  • When should I contact procurement?
• Procurement toolkit
• Procurement Main Objectives
• Procurement Performance Indicators
• Frequently asked questions
  • What if the Vendor I am working with doesn't require a contract?
• Important Considerations
  • Vendor Code of Ethics
  • Modern Slavery and Human Trafficking Compliance Program
    • Risk Areas and Markets
    • Actions to Address Modern Slavery Risks
    • Assessment of Effectiveness
    • Compliance Program Approval
• Related Docs and Templates
  • Contract Templates
  • Documentation

Purchasing Policy and Team

The mission of the procurement team at GitLab is to be a trusted business partner at driving business value through external partnerships.

Why Procurement?

• Team members can purchase goods and services on behalf of the company in accordance with the Signature Authorization Matrix and guide to Spending Company Money.
• However, all purchases made on behalf of GitLab that are not a personal expense, must first be reviewed by procurement, then signed off by key members of the leadership team.
• Approved Purchase Request Issues are required for all third party purchases being made on behalf of GitLab that aren't considered a personal reimbursable expense.
• This ensures the organization can appropriately plan for spend and assess supplier risk.

Exceptions to this are:

1. Last minute un-planned onsite event needs such as food and rental transactions needed for event.
2. One-time field marketing and event purchases less than $10K such as booth rentals, AV equipment, catering, etc.
   • In this instance, the vendor can invoice GitLab in Tipalti, and AP will route approvals based on the matrix

How do I contact procurement?

• If you have a general question or are looking for direction, use the #procurement slack channel.
• Attend the Procurement Office Hours available on the GitLab Team Calendar.
• Create a purchase request issue based on your need.

When should I contact procurement?

• See the purchase request process for when to contact procurement and how to open a purchase request issue.

Procurement toolkit

Procurement Main Objectives

Procurement operates with three main goals

1. Cost Savings
2. Centralize Spending
3. Compliance

Procurement Performance Indicators

Process of measurement in progress.

Response times to initial requests for review <= 2 business days

• Monthly average response time to new procurement purchase request issues within 2 business days. Issues with missing or incomplete information will be rejected after two consecutive attempts to follow up with the issue creator.

Administer, maintain, and manage the procurement purchase request issue tracker (daily, ongoing) <= 2 business days

• Triage and assign issues in the procurement issue board within 2 business days of receipt.

Ensure all contracts have the correct approvals in place before signed = 100%

• Verify the correct approvers have approved all purchase requests according to the Authorization Matrix before the contract is signed.

Ensure all fully executed vendor contracts are posted to ContractWorks = 100%

• Upload all fully executed agreement to ContractWorks for accurate recording. Legal team will assign terms and fields.

'Turn-Around' times <= 3 business days

• Monthly average response times within purchase request issues for proposal updates, commercial constructs, procurement questions, etc.

Frequently asked questions

What if the Vendor I am working with doesn't require a contract?

1. GitLab requires a Vendor Contract even if your vendor doesn't.
2. The Vendor Contract approval process is designed to protect both you and the GitLab and the vendor.
3. In this event legal can and will provide contract terms to govern the transaction based on the level of risk.
4. Open the appropriate vendor contract request to initiate the process

Important Considerations

Vendor Code of Ethics

All vendors that GitLab does business with, must legally comply with the Supplier Code of Ethics. When having discussions with your vendor regarding the contract, make them aware of this requirement.

Modern Slavery and Human Trafficking Compliance Program

GitLab condemns exploitation of humans through the illegal and degrading practices of human trafficking, slavery, servitude, forced labor, forced marriage, the sale/exploitation of children and adults and debt bondage (“Modern Slavery”). To combat such illegal activities, GitLab has implemented this Modern Slavery and Human Trafficking Compliance Program.

Risk Areas and Markets

While Modern Slavery can occur in any country and in any market, some regions and sectors present higher likelihood of vioaltions. Geographies with higher incidents of slavery are India, China, Pakistan, Bangladesh, Uzbekistan, Russia, Nigeria, Indonesia and Egypt. Consumer sectors such as food, tobacco and clothing are high risk sectors; but Modern Slavery can occur in many markets.*
(*According to Source: Statista, Walk Free Foundation, https://www.statista.com/chart/4937/modern-slavery-is-a-brutal-reality-worldwide/)

Actions to Address Modern Slavery Risks

All vendors, providers and entities providing services or products to GitLab (“Vendors”) are expected to comply with GitLab’s Partner Code of Ethics which specifically addresses Modern Slavery laws. Compliance with the Partner Code of Ethics will be included in Vendor contracts and/or purchase orders going forward. Existing Vendor contracts will be updated with the appropriate language upon renewal.

Those entities who are of higher risk or whom GitLab suspects may be in violation of Modern Slavery laws, may be required to complete an audit. Audits may be presented in the form of a questionnaire or may be an onsite visit. Any known or suspected violations will be raised to Legal and/or Compliance. Failure to comply with Modern Slavery laws will result in a termination of the relationship and GitLab retains all rights in law and equity.

Vendors understand and agree that violations of Modern Slavery laws may require mandatory reporting to governing authorities. GitLab has discretion if and how to best consult with Vendors for purposes of Modern Slavery reporting. GitLab is sensitive to and will take into consideration, the relationship and the risk profile of Vendor to ensure that Modern Slavery risks have been appropriately identified, assessed and addressed and that the Vendor is aware of what actions it needs to take.

Assessment of Effectiveness

GitLab will review its Modern Slavery and Human Trafficking Compliance Program on an annual basis or sooner if it is determined there is increased exposure or concerns with overall compliance. The Program may be amended from time to time by GitLab, to ensure compliance with the most current Modern Slavery laws and regulations.

Compliance Program Approval

GitLab’s Executive Team reviewed and approves this Modern Slavery and Human Trafficking Compliance Program.

Related Docs and Templates

Contract Templates

• Mutual Non-Disclosure Agreement (NDA)
• Logo Authorization Template
• Data Processing Agreement
• US-based Contractor Agreement Master agreement for a subcontractor performing internal services directly to GitLab
• APAC Contractor Agreement Same as above for APAC
• MPS Subcontractor Agreement Master agreement for subcontractor performing services for the GitLab Customer

Documentation

• Uploading Third Party Contracts to ContractWorks
• Company Information - general information about each legal entity of the company
• Trademark - information regarding the usage of GitLab's trademark
• Authorization Matrix - the authority matrix for spending and binding the company and the process for signing legal documents