Review the Prior to Contacting Procurement page first.
NEW VENDOR: Once you've narrowed your vendor selection process to your final one or two vendors, open the Software Vendor Contract Request Issue. Let your vendor(s) know they will need to follow the procurement process to finalize the necessary decision making and approval processes. If your contract requires a negotiation, allow for 2-6 weeks to complete all steps in the process which includes internal review, cost analysis, negotiation alignement, negotiation, and contract review and approval. Note this is a rough guideline and not an exact SLA, exact timing depends on the completeness and clarity of business needs. Note the procurement team cannot begin negotiations without all necessary information. If you have specific deadlines please identify those in the due date of the issue and/or in the comment field.
RENEWAL VENDOR: If you have a renewal coming due with an existing software supplier, open the Software Vendor Contract Request Issue 60-90 days in advance of renewal date. Procurement may contact you as well regarding your upcoming renewal. If your vendor asks about the status, let them know the procurement process will need to be followed.
ADD-ON VENDOR: If you have a need to right-size/purchase additional licenses with an existing vendor, obtain the quote from the vendor and open the Software Vendor Contract Request Issue.
Complete Steps 1-2, the Intake Steps, with as much specificity and detail as possible. Most of the approvers are hearing about this purchase for the very first time and have no context beyond what you include here. This is your chance to provide all information as clearly as possible to expedite approvals as quickly as possible.
This section articulates how the purchase is aligned with the current business needs. Completion of all fields is necessary for approvals. Any missing or incomplete fields will result in a delay to the review and/or approval of your request.
Business Problem Statement
Business Solution Statement
Description of Purchase
Identify software need (check the one that applies)
This section articulates the information regarding the vendor and the current contract and pricing (if any) that is being proposed. Completion of all fields is necessary for approvals. Any missing or incomplete fields will results in a delay to the review and/or approval of your request.
Vendor Name, URL, and Specific Application Name
Anticipated usage for next 12 months
Vendor billing contact
Total Contract Value
Integration into our Ecosystem
Personal Data Privacy Review
Marketing Campaign Finance Tag
If non public data will be shared in ANY capacity with this vendor, a security analysis is required. A security analysis is required for renewals as well since an eval is due every 12 months. Review our Data Classification Policy and Vendor Security Review Process for questions.
To expedite the security review process, complete the identified check boxes as relative:
Provide Vendor Security Contact Name and Email Address
Non Disclosure Agreement (NDA)
Tag your functional leader according to the Authorization Matrix in the first section of the table.
Tag your finance business partner under Budget Approval.
Scroll to the bottom of the issue and select a due date, if relative, and we will do our best to accomodate. All reviewers and approvers are notified so long as you do not edit below the section that says DO NOT EDIT BELOW.
SUBMIT YOUR ISSUE!
Now the review and approval process can begin.
A contract can not be signed until each function has reviewed and approved
Here is a deep dive summary on what each function is reviewing for approval:
Functional Review and Approval
Technology Review and Approval
Budget Review and Approval
Security Review and Approval
Procurement Review and Approval
Legal Review and Approval
Similar to our Access Request process for team members, we have an access request process for consultants or professional services providers. If the vendor requires access to systems to complete work, the vendor manager (ie. the GitLab team member who will manage the relationship with the temporary service provider, generally a people manager) is responsible for creation of a Vendor Access Request and Orientation issue.
These issues aren't created in the same location as access requests for employees so find the link below so use this access request template and assign it to yourself and the relevant provisioner(s) for the tools that the professional services provider requires access to. In the AR, include only systems that are necessary to the work that the vendor will be performing.
Create an orientation issue if the professional services provider wants support through the set up of the most common tools used at GitLab. Assign to yourself and the professional services provider if they have a GitLab account with the required access.
If you have additional questions, please ask in #procurement slack channel. Or attend Purchasing Office Hours, available in the GitLab Team Calendar.