The GitLab Procurement Team

Maintained by:

What is Procurement?
What is the Procurement Process at GitLab?
- Shared Goals
When do I start the Procurement Process?
How do I start the Procurement Process?
What are other Services Procurement Supports?
When does procurement negotiate my contract and how long does that take?
How do I create a Purchase Request in Coupa?
How long does it take to approve my Coupa Purchase Request?
What if I have an Urgent Request?
How do I increase the dollar amount for an existing Coupa PO?
What are the exceptions to the PO Policy?
Helpful Documents and Templates
- Contract Templates
- Documentation

What is Procurement?

Procurement is the process of selecting vendors, strategic vetting, selection, negotiation of contracts, and the actual purchasing of goods. Procurement acquires all the goods, services, and work that is vital to GitLab.

What is the Procurement Process at GitLab?

Anytime a purchase is being made on behalf of GitLab that does not qualify as a personal expense, or meet the list of exceptions, a Coupa Purchase Request must be approved BEFORE a purchase and/or work can begin.

Exceptions to the PO policy include, but are not limited to, purchases under $5,000 USD.

Shared Goals

Procurement is a cross-functional team that supports GitLab as a public company. We have four key objectives monitored in the following ways:

Risk Management and Compliance
- Reported and monitored via internal and external audit which gets reported to our shareholders.
Digital Automation and Efficiency
- Reported via annual cost avoidance and year over year savings
Strategic Partnership and Department Spend Reviews
- Reported through the twice annual NPS survey
Responsible Sourcing and Diversity
- Monitored via Coupa Supplier Onboarding

When do I start the Procurement Process?

Before agreeing to any business, legal and/or pricing terms with a supplier, whether in conversation or email
Immediately when you receive a contract and/or quote for new and/or recurring business
- If you have received a contract from a supplier, tell them you will send to your procurement team for review
When you have narrowed down your RFP to the final 1-2 suppliers

How do I start the Procurement Process?

Create a Purchase Request in Coupa
If unsure where to begin, tag the @procurement_team in the #procurement slack channel

What are other Services Procurement Supports?

Includes RFP Templates, scorecards and Vendor Guidelines for doing business with GitLab:

Home Office and Supplies Individual Use Software Vendor Selection Process Vendor Guidelines Non-Disclosure Agreement (NDA) Charitable Contributions Demo/Trial Agreements

When does procurement negotiate my contract and how long does that take?

The procurement team negotiates SaaS contracts >$25K, and one-time contracts > $100K.
Plan on the negotiation, review and approval cycle to take 3-4 weeks. Large and/or complex contracts can take longer to negotiate and finalize.

How do I create a Purchase Request in Coupa?

If purchasing Home Office Equipment and/or Software for your individual work use <$5K USD, see Other Services Process since a Coupa Purchase Request is not required in these instances.

Step 1: Obtain Coupa Access

Login to Coupa via your Okta home page.
If you need Coupa access, see How to access Coupa.
Review Coupa training materials:
- How to Use Coupa for Purchasing
- Coupa Training Videos

Step 2: Confirm Supplier is Setup in Coupa

If New Supplier:

Review Vendor Selection Process and ping the #procurement slack channel if you would like support choosing a new vendor and/or executing an RFP.
Submit a New Supplier Request Form.
After you’ve submitted your request for a new supplier, the procurement and AP teams will review and approve within 1-2 business days.
- If you need this escalated:
  - Tag the procurement team in the #procurement slack channel
  - Include link to the new supplier request and reason for escalation
  - Once the procurement team approves, the supplier will receive an onboarding email from Coupa requesting them to complete the onboarding process. This includes providing tax and banking information that only the supplier can provide.

New Supplier Tip

Once you've submitted your New Supplier Form, contact your supplier letting them know they will be receiving an onboarding request from Coupa. Let them know GitLab is unable to review or sign their contract until they complete this process so their prompt response is needed.

Please note, it takes several hours for Coupa to activate the supplier and be able to submit a request.

If Existing Supplier:

Proceed to Step 3.

If Unsure:

You can search Coupa for a list of existing suppliers.

Step 3: Create Coupa Requisition

Is this request for a software renewal/add-on? Or for professional services?
- If yes, begin by selecting the appropriate request “Form”, found in the Forms dropdown in the upper right of Coupa.
- Software renewals and professional service requests that do NOT have this form completed will be rejected, causing delays to your timeline.
- Once your form is completed, proceed to Cart and complete a request with necessary information.
Do you need a Virtual Card payment method for your supplier?
- This applies to instances where the supplier only accepts online credit card payments. More info on allowed uses here (link to new Virtual Card page)
- If yes, see instructions to request a Virtual Card here
- Once your Virtual Card form is completed, proceed to Cart and complete a request with necessary information.
Create a Coupa Requisition, instructions here.

TIPS to streamline approval process

To help expedite the review and approval of your purchase request, be prepared to provide the following information in your Coupa Requisition. If you don't know all of this information yet or are wanting support to negotiate that's ok!

Whether or not the supplier will have access to red and/or orange data
- If yes, a Vendor Security Review will be completed. The vendor will receive an email communication from ZenGRC requesting information regarding their security protocols.
- If yes, the Vendor will need to sign our DPA and SCC’s as directed by federal and global requirements.
TIP: To increase speed of approval send your supplier contact the DPA and SCC’s for signature right away. Also alert them the request from ZenGRC for security completion. Let them know review and approval can't begin without these pieces.
All data and systems the vendor will have access to
- Be as specific as you can about the type of data the vendor and/or system will have access to, and specifics about how they will receive that data.
- Failure to complete this field will delay the review and approval of your request.
Vendor’s Security Contact Email
- Oftentimes this is different from the main contact. Providing the head of security contact info from the vendor’s company will expedite the security review and avoid delays
- This is the person who will receive an email from ZenGRC requesting details on their security program
Upload any contracts and/or quotes you've received.
- Draft contracts are ok. Make note of any terms and/or pricing still being finalized.
Click "Submit for Approval"
Note any progress, status, or considerations for the procurement team to negotiate your contract. i.e. “I asked for a discount from supplier and they gave me 10%, please feel free to negotiate further”.

Step 4: Monitor Progress in Coupa

You can check the status of your requisition at any time by scrolling to the “Approvers” section.

Common Status Questions:

Why is my supplier still onboarding?
- If the supplier still has not completed their onboarding, you will see the text “(onboarding)” in red next to the supplier's name in the “cart”
- Your request cannot begin the review and approval process until the supplier completes their onboarding
- TIP: Procurement will contact the supplier requesting they complete the onboarding process. However, when the business sponsor also requests the suppliers action to complete the onboarding email from Coupa, it expedites response. Remind your supplier that their contract can NOT be reviewed and invoice can’t be paid until they complete the onboarding process in Coupa
What does "Pending Buyer Action" status means?
- If your request is “Pending Buyer Action” and the supplier is NOT still onboarding, your req is being reviewed by the procurement team and will respond one of two ways within 1-2 business days:
  - Requesting additional questions/information about the purchase to you the business requestor, or to the supplier directly.
  - Approve the Coupa Request, which will automatically advance it to the FP&A team for their review and approval.
How are Contracts Signed?
- Once the Coupa Req is at the “Contract Approval” stage, the procurement team will route the contract to the appropriate signatory according to GitLab’s authorization matrix via Docusign.
- Once signed, the procurement team will route the contract to the supplier for countersignature.
- Once the contract is fully executed by both parties, the procurement team will approve the Coupa Request fully approving the Purchase Request and simultaneously releasing the Coupa Purchase Order (PO) to facilitate supplier payment.

Step 5: Congratulations on your Coupa Purchase Order (PO)!

Once the PO is generated, GitLab has officially placed an order for your purchase!! You may now begin work and/or obtaining the products/services.
The supplier will receive a copy of the PO order and number at the email address they supplied for Accounts Payable.
The supplier will receive communication from Coupa indicating how to make payment one of two ways:
- Directly in their Coupa portal
- Send invoice to ap@gitlab.com with PO number included on the invoice
- Failure to follow these instructions will delay payment
- Invoices uploaded to Coupa by a GitLab team member are not routed for payment.
If your request was new software, update the tech stack after the Coupa PO is approved and the contract signed.

Congratulations and thank you for following this process to support GitLab as a public company!

How long does it take to approve my Coupa Purchase Request?

As a general rule, plan on 5 Business Days to approve your Purchase Request for an existing supplier with standard terms, conditions, and low risk.

If your request requires negotiation, a vendor security review, and/or legal revisions, this will take longer as noted below.

Please plan accordingly and open your Coupa Purchase Request allowing the cross-functional teams enough time to complete the review

If your request meets any of the below criteria, add the additional time noted for the activity to the 5 day baseline above:

New Supplier Onboarding: 2-3+ Days

This is entirely dependent upon the suppliers response time.
Once your New Supplier Request form is approved, the supplier receives an email from Coupa requesting banking and tax information to facilitate payment.
The procurement team can not complete this on the suppliers behalf since we do not know this information. If we did it would be a violation of SOX Compliance guidelines.
If your supplier isn’t onboarded after 2 days, contact your supplier directly requesting they do so ASAP since their contract cannot be reviewed or approved until this is completed. Carbon copy procurement@gitlab.com

In the event two or more of the below activities are required, they will happen in parallel to one another:

Negotiation: 1-3 Weeks

Required for: SaaS contracts >$25K, and one-time contracts >$100K.
Turn time is based on the level of negotiation required and the suppliers willingness to meet budget and benchmark indicators.

Vendor Security Review (VSR): 4-7 Days

This activity cannot begin until after the supplier completes the security questionairre and supplies their security documentation. Oftentimes, it can take a week for the supplier to respond and complete the requested materials. The SLA begins once that is completed.
Time before this activity can begin, is entirely dependent upon the suppliers response time and maturity of security protocols.
A VSR is required for: All SaaS purchases, and other purchase types where the supplier will have access to orange and/or red data (excluding field marketing events).
TIP: To increase speed of approval, upload any security compliance documentation to the Coupa Request and notify your supplier contact they will be receiving a request from ZenGRC for completion ASAP.

Legal Review: 3 Days - 3+ Weeks

Note: The amount of time for review, and to reach execution, is based on the details below. Use these SLA's as guidelines, noting that each contract review process is unique and if additional terms, requirements, and/or risks are identified the timeline for completion may be extended

Existing Vendors: 3-5 Days
- If new terms, and/or risks are introduced or required, this may take longer.
- Any delays from the supplier, will delay final approvals.
New Vendors: 1-3+ weeks
- If vendor doesn't readily accept the GitLab standard terms, additional rounds of red-lines and negotiations may be required, extending this SLA.
- Whenever possible, the legal team hopes to achieve red-lines–to be provided back to the vendor–no later than five (5) business days after being assigned.

Types of Vendors

Net New:
- These require the most amount of time as GitLab will be establishing (for the first time) terms and conditions which will govern the use of the products and/or services being procured.
- Negotiations can vary from 1 week to multiple months based on the level of detail and modifications required to reach executable terms.
Renew / Upsell:
- These generally require much less time as existing terms are in place which will underline the products and/or services being offered.
- That being said, in the event GitLab where to add a new product and/or service (from an existing Vendor) additional cycles may be required in order to create amendment(s) to the existing agreement.
One-time Transaction:
- These generally require much less time as existing terms are in place which will underline the products and/or services being offered.

Types of Agreements (generally broken into three (3) categories)

Software (SaaS & On-Prem): Requires the most rigorous review to ensure the rights and obligations placed upon GitLab are, (i) reasonable given the Software being provided, and (ii) align with GitLab contracting and industry standards.
Professional Services / Training: Requires detailed review to ensure intellectual property ownership aligns with our intentions, as well as, reasonable obligations being placed upon GitLab.
Marketing / Events: Generally, requires the least amount of time to review as the obligations are standardized given the event in question and program provided. Details regarding events may include negotiations with regards to Force Majeure, cancellation (including penalty), and ensuring the terms of the Agreement align with those of the requesting GitLab Team Members.

Additional Details

As discussed above, the turnaround time for the review of an Agreement is contingent on many factors. The goal of the legal team is to review and provide red-lines as thoroughly and promptly as possible.
The ability for GitLab to process and work efficiently through an agreement negotiation relies on the vendor, and vendor counsel, to respond promptly to GitLab red-lines and comments.

What if I have an Urgent Request?

If you are unable to plan and have a legitimate reason to escalate a purchase request, follow the process below.

Post in #procurement slack channel request for escalation with:
- Link to your Coupa Request
- Date needed
- Specific and quantifiable impact to the business if date is missed.
  - "Supplier wants it signed today" does not qualify as a reason for escalation and these requests will be denied.
  - "Price will increase $45K if not signed by Friday" or "Material negative brand impact if not signed by Friday due to missed PR deadlines" are specific, tangible, business impacts that will be reviewed.
Truly urgent and business critical requests will be evaluated, please note these are disruptive to our workflow and our ability to meet SLA's for requests opened on time.
We may or may not be able to accommodate your urgent request based on the risk and bandwidth available.
When you know you have a critical request with a deadline, enter the request into Coupa 1-2 weeks prior to needing approval to avoid needing escalation. Do this even if the contract isn’t final yet to help expedite the process.

How do I increase the dollar amount for an existing Coupa PO?

If you have a PO with an existing supplier and the cost has increased, you can update the existing PO for the new dollar amount.
Attach supporting documentation from the supplier for the change in amount. This could be a SOW, Change Request, and/or Order Form based on the purchase type.

What are the exceptions to the PO Policy?

Exceptions to the PO Policy are:

Purchases under $5K
Charitable Contributions (Donations)
Computer/Hardware Advances (if unable to be paid through Payroll Dept)
Interview Candidate Reimbursement
Legal Fees
Audit, Tax, and Insurance Fees
Benefits, PEO Providers and Payroll
AR/Customer Refunds
Board of Director Payments
Financing, Banking and Investing (incl interest, debt, FX, fees)
Corporate Credit Card
Urgent Payments not included on list above (approval required from VP, Corporate Controller and/or PAO)

Helpful Documents and Templates

Contract Templates

Documentation

Non-Disclosure Agreement (NDA) Process
Uploading Third Party Contracts to ContractWorks
Company Information - general information about each legal entity of the company
Trademark - information regarding the usage of GitLab's trademark
Authorization Matrix - the authority matrix for spending and binding the company and the process for signing legal documents