Contract Review and Signature Authority Policy

Effective and last modified October 25, 2023

Quick tip: Try searching this page for exactly what you’re looking for:

  • General search terms: NDA, Customer, Vendor, Partner, Teammate
  • Specific search term examples: legal review, DPA, template, who signs

Purpose:

This Contract Review and Signature Authority Policy is designed to help Sourcegraph teammates direct their contracts to the right team or teammate to review, approve, and sign.

This Policy covers the following contract types:

  1. Non-Disclosure Agreements (NDAs)
  2. Customer Contracts (Order Forms, MSAs, DPAs)
  3. Vendor Contracts (including temporary contractors)
  4. Partner Contracts (resellers, technology partners)
  5. Teammate Contracts & Offers

How to Submit Requests to Internal Teams for Review:

Request Type Internal Team(s) who may need to review Contact Method Additional Info
Customer Order Form Reviews Deal Desk/Finance

Legal

#deal-desk Slack channel Deal Desk team will escalate to Legal if necessary - see Order Form review guide
Customer Order Form or MSA redlines Legal commercial-contracts@sourcegraph.com Email (instead of Slack) helps us keep track of all contract versions
Vendor contract reviews Finance

Security

Legal

Jira ticket submission

AND #vendor-requests Slack channel

Step One: Submit Jira ticket

Follow steps on Vendor Request Process handbook page to submit a Jira request for internal review.

Step Two: notify Legal in #vendor-requests Slack channel or email commercial-contracts@sourcegraph.com

Let Legal know you’ve submitted a vendor request for their review. Legal will review once budgetary approval is confirmed.

General finance questions Finance #finance Slack channel

OR

finance@sourcegraph.com

Finance will pull in Legal if Legal also needs to review
General legal questions Legal #legal Slack channel

OR

legal@sourcegraph.com

Use for general requests or if your request does not fall within one of the above categories
Changes to teammate contract or offers People #people-ops Slack Channel (do not include any personal information in this public channel)

OR

people-ops@sourcegraph.com

The People Team will pull in Legal if a document requires Legal input or review
Personal or sensitive teammate requests People Contact your People Partner or people-ops@sourcegraph.com The People Team will pull in Legal if a document requires Legal input or review

Non-Disclosure Agreements (NDAs)

Do I need an NDA?

If we don't have an NDA, get an NDA

Where do I find an NDA?

STOP

BEFORE YOU SEND AN NDA, CHECK TO SEE IF WE ALREADY HAVE ONE

  • Check our NDAs folder for the name of the other company.
    • If you find an NDA with that company, check and see if it’s still in effect.
      • How do I know if the NDA is in effect?
        • Rule of thumb: Our default NDA terms are 3 years.
        • Check the following sections of the NDA:
          • The Effective Date
          • The Term (which will tell you how long the NDA is in effect)
      • Still not sure? Ask Legal!

If we already have a signed NDA in effect, you do not need a new one.

GO

DIDN’T FIND AN NDA WITH THIS COMPANY? LET’S GET ONE IN PLACE!

  • Use Sourcegraph’s NDA template using one of the following options:

    • Send our NDA form via Docusign. Here’s an explainer for what info to put into the form: NDA Powerform Explainer

    • Send our pre-signed NDA

TIPS

  • Set expectations for prospect to sign our NDA no later than a few days before your next scheduled call.
  • If a few days before your next scheduled call, the prospect still has not signed our NDA, check in with them. If they don’t quickly commit to sign our NDA before the next call, let them know: “In effort to keep our scheduled call and move the POC forward, our legal team has made an exception to review your NDA.”
  • Our goal is to get NDAs in place efficiently so we can move deals forward. Don’t let the NDA process delay your deals.

Do I need another internal team to review or approve the NDA before it is signed?

Changes to NDAs require Legal review

For vendor contracts: We do not review vendor NDAs. Send the vendor our NDA form described above.

For customer contracts: Share our NDA form with the prospect. If a customer insists on using their NDA, reach out to your legal POC via #deal-desk or commercial-contracts@sourcegraph.com and write a 1-sentence explanation of why we should make an exception and use the Customer’s NDA. See the NDA slide (13) of our Legal onboarding for Sourcegraph AEs for self-serve guidelines to get an NDA signed quickly.

  • Sourcegraph form: 2 business days
  • Third-party form: 3 business days

Who signs the NDA for Sourcegraph?

  • VP Legal, Commercial Counsel, or other VP or Director

Changes to the above signing authorities require written approval by the CEO.

Who sends out the NDA for signature?

If you have DocuSign access, you do!

Please have the other party sign first.

If you do not have DocuSign access, please ask Legal to send the NDA out for you.

Where do I save the NDA once it’s signed?

Once both parties have signed the NDA, you’ll need to save it in the NDAs folder in Google Drive.

Save the document as a pdf using the following naming convention: Party Name-NDA-Year-Month-Date (example: Company A-NDA-)

Remember: It is important to save your fully signed NDA in our shared folder. NDAs can be used for different purposes, relationships, and opportunities, so you never know who on the Sourcegraph team could need to reference that NDA in the future.

Customer Contracts

I have a Prospect and want to send them a contract.

Great! Which contract you send will depend on what Sourcegraph product your Prospect needs.

Check out the Sales Resources page for our current templates. On that page, you’ll find templates relating to POCs, Proposals, and each of our current Order Forms and MSAs.

Not finding the template you need? Reach out to Legal.

I found the template I needed and sent it to my Prospect. Do I need another internal team to review the Customer contract before I get it signed?

Order Forms:

Our standard Orders are governed by our online terms, so if a Customer is ready to sign a standard Order with online terms, you do not need additional approvals.

Remember: for non-standard Orders, you need to engage Deal Desk. Deal Desk will know if and when to engage Legal.

Check out the Order Form Review Guide for a list of our non-standard terms and the Deal Desk Handbook page for more information and resources.

Non-standard terms require Deal Desk review

Note: the Order Form Review Guide includes a Deal Approval Matrix, which outlines what makes a deal standard vs. non-standard and what approvals are needed.

Master Services Agreements (MSAs):

Changes to MSA require Legal review

Submit a request in the #deal-desk channel in Slack to Sourcegraph’s Legal POC for commercial contracts. In your request, please include the following information:

  1. What you are selling (1-2 sentences), including deployment method
  2. Approximate contract value
  3. Any other relevant context
  • Sourcegraph form: 3 business days
  • Customer form: not accepted, requires a legal-to-legal call if Customer pushes back
  • End of Quarter: Legal will attempt to expedite reviews in the last month of the quarter.
    • Important: Please communicate with your Legal contact about any urgency for Sourcegraph or the Customer to help set expectations for turnaround time for Legal reviews.

Who signs the Customer contract for Sourcegraph?

  1. Stamp: Deal Desk

Every Customer contract requires a Deal Desk Stamp, which allows us to have better control around the contracts that are signed. You can find more information on the signature process and how to request the deal desk stamp here: Customer Contracts Signature Process.

Good rule of thumb: When in doubt, get a Deal Desk stamp!

  1. Signer: Financial Controller

Back-Up Signers: VP Legal and VP Finance/Operations

Note: the above signature authority also applies to Evaluation or Proof of Concept (POC) Agreements.

Changes to the above signing authorities require written approval by the CEO.

For standalone MSAs, what is the signature process?

  1. Approver: Commercial counsel POC approves clean MSA via Slack or email, cc’ing VP Legal or Financial Controller. No Deal Desk stamp needed.
  2. Signer: VP Legal or Financial Controller

How to get Customer contracts signed?

Set the below process expectation with your customer.

  1. You will send clean contract via Docusign
  2. Customer will sign first
  3. Sourcegraph will countersign (remember to get the Deal Desk stamp!)

The benefit of us initiating and controlling the signature process as it allows us to track the envelope, send reminders to signers, and it also simplifies our stamping procedure.

Where do I save the Customer contract once it’s signed?

Once both parties have signed the contract, you’ll need to save it in two places:

  1. the Customer Contracts folder in Google Drive
  2. Salesforce.

Saving in Google Drive:

  • Fully signed Customer contracts should be saved in the Customer Contracts folder.
    • Already have a folder for this Customer in the New Customers in Progress folder?
      • Move that folder into Customer Contracts folder.
        • Save the signed Customer contract in the Customer’s subfolder.
    • No folder for this Customer in the New Customers in Progress folder?
      • Create a new subfolder under the Customer Contracts folder with the Customer’s name.
        • Save the fully signed Customer contract in the subfolder you just created.

Save the document as a pdf using the following naming convention: Year-Month-Date-Customer-Contract Name (example: -Company A-MSA and Order Form)

Remember: It is important to save your fully signed Customer contract in our shared folder, so teammates can easily access them and link to them in future questions. Do not save your signed contract anywhere else (unless for your own purpose and ONLY IF you have saved it in the Customer Contracts folder first).

Saving in Salesforce:

For Salesforce, complete the opportunity with the following steps:

  1. Go to the opportunity and click on the “Files” link near the top of the page. On the far right of the “Files” page is “Add Files”.
  2. Go back to the opportunity and at the top right click the “Add Products” link. Fill out the info in the link and pay attention to the monthly/yearly period options so that they are consistent.
  3. Go back to the opportunity and complete the other fields in the opportunity as follows: switch the Stage to “7 - Closed Won”; next scroll down to the “Financial Details” and “Opportunity Close Out” sections and add the appropriate “ACV”, “Closed Won Reason”, “Start of Contract” and “End of Contract”. Save and you should be done.

Vendor Contracts

I am considering engaging a Vendor…

Great! Please see our Vendor Request Process Handbook page for more details on how to raise a vendor request.

Who do we consider to be a “Vendor”?

Any company or individual who will be providing us services or software. This includes temporary consultants or contractors.

Is there a different process for hiring temporary consultants or contractors?

Nope! Temporary consultants and contractors are vendors and should be submitted through the Vendor Request Process.

Where can I find Vendor contract templates to submit through the Vendor Request Process?

If the Vendor is providing us services (not software):

  1. Make a copy of our template Consulting Agreement.
  2. Fill out the blanks in YOUR OWN COPY.
  3. Secure all required approvals via Airbase.
  4. Send the approved contract via Docusign for signatures.

If the Vendor is providing us software (including SaaS), ask the Vendor for their template. Secure all required approvals via Airbase.

What if the software Vendor’s contract is a click-through agreement that can’t be redlined? Do I still need to go through the above review process?

YES. It does not matter if we can’t redline the contract; it’s still very important that Sourcegraph understand any risks posed by the contract we are looking to sign.

Do I need another internal team to review the vendor contract before I get it signed?

The Sourcegraph Procurement Policy tells you which internal teams need to review a vendor engagement (Security, Legal, Finance, and Tech Ops). When each reviewer type is engaged is dependent upon the annual contract value and the type of data the vendor will have access to. Follow the guide to get your vendor request in front of the relevant internal reviewers and approvers. For questions, reach out to #discuss-vendor-setup in Slack.

If Vendor accesses private or restricted data, Legal must review contract

Examples of Restricted or Private Data:

Our Data Management Policy outlines our four different data classifications. When data is classified as “Restricted” or “Private” and a vendor will have access to that data, Legal needs to review the contract.

  • Restricted Data examples:
    • Sensitive security information
      • Examples: incident data, security logs, authentication
    • Core IT infrastructure
      • Examples: GCP, AWS, Customer data storage
    • Customer private code
  • Private Data examples:
    • Sourcegraph teammate personal data: Vendor has access to personal data of Sourcegraph teammates
      • Examples: usernames (including if our teammates will create an account to login), email addresses, and any other information that can be used to identify an individual: name, title, personal address, location, IP address, physical characteristics, analytics tied to individuals, etc.
    • Customer Content: Vendor has access to customer repo names, pings, or personal data of Customer personnel

Questions about whether the Vendor will have access to Restricted or Private Data? Check out our Data Management Policy for more examples. If you still have questions, contact our compliance manager or Legal.

Legal’s focus when reviewing contracts where the Vendor will have access to personal information or sensitive data are on:

  • Indemnification for data breach/confidentiality breach
  • Uncapped liability for indemnification

Sample language is available in our Vendor Review Playbook.

Do I need a Data Processing Agreement (DPA)?

If the Vendor will have access to any of the Private Data outlined above, ask the Vendor to provide a DPA for Sourcegraph Legal to review. If the Vendor does not have their own DPA, you can send them Sourcegraph’s Vendor DPA Template.

If the Vendor will have access to a Customer’s Restricted or Private Data, flag to legal@sourcegraph.com or the #legal Slack channel so legal can update the subprocessor list.

The Vendor Request Process Handbook page walks you through all of the information that Legal needs to review your vendor contract request. When you submit a new vendor request, that information will automatically be routed to Legal when legal review is necessary. Legal will let you know if they need any additional information for their review.

  • Sourcegraph form: 5 business days
  • Vendor form: 7 business days
  • End of Quarter: expect delays during the last two weeks of the sales quarter.
    • Important: Please communicate with your Legal contact about any urgency for Sourcegraph or the Customer to help set expectations for turnaround time for Legal reviews.

Who signs the Vendor contract for Sourcegraph?

  • VP Budget Owner

Note: the above signature authority also applies to signing of Vendor DPAs, with the VP Legal as the back-up signer. If a Vendor has requested a DPA amendment, the VP Legal has signature authority for that amendment.

For vendor contracts, authorized signers may delegate authority to teammates in manager-level roles or above. Delegation must be made in writing, either via email with copy to legal@sourcegraph.com, or via Slack with a screenshot of the delegation sent to legal@sourcegraph.com.

Who sends out the Vendor contract for signature?

If you have DocuSign access, you do!

Please have the other party sign first.

If you do not have DocuSign access, please tell your Legal point of contact and they will send out the contract for you.

Where do I save the Vendor contract once it’s signed?

For agreements with temporary contractors, send the final signed contract to Legal for Legal to save in the Sensitive Suppliers folder in the Legal private Google Drive. If you need access to this folder, please let the Legal Team know.

For all other vendor contracts, once both parties have signed the contract, you’ll need to save it in the Suppliers folder in Google Drive.

Saving in Google Drive:

  • Fully signed Vendor contracts should be saved in the Suppliers folder.
    • Already have a folder for this Vendor in the New Suppliers in Progress folder?
      • Move that folder into the Suppliers folder.
        • Save the signed Vendor contract in the Vendor’s subfolder.
    • No folder for this Vendor in the New Suppliers in Progress folder?
      • Create a new subfolder under the Suppliers folder with the Vendor’s name.
        • Save the fully signed Vendor contract in the subfolder you just created.

Save the document as a pdf using the following naming convention: Year-Month-Date-Vendor-Contract Name (example: -Company A-Services Agreement

Remember: It is important to save your fully signed Vendor contract in our shared folder. Legal and our internal business teams all use this folder to have a full picture of our vendor relationships. Do not save your signed contract anywhere else (unless for your own purpose and ONLY IF you have saved it in the Suppliers folder first).

Saving Click-Through Agreements:

For click-through agreements, forward confirmation emails to commercial-contracts@sourcegraph.com. If none, then email commercial-contracts@sourcegraph.com confirming that you accepted the click-through terms.

Partner Contracts

Is my contract a partner contract?

Examples of Partner contracts are:

  1. Reseller agreements: where the partner is reselling a Sourcegraph product
  2. Referral agreements: where the partner refers prospective customers to Sourcegraph
  3. Technology partner agreements: product integrations
  4. Marketing/co-sell agreements: joint marketing initiatives

I’m ready to send a contract to a prospect Partner. Where can I find a template?

Reseller Agreements:

Click this link to download a local Microsoft Word copy of our Reseller Agreement template.

Referral Agreements:

Click this link to download a local Microsoft Word copy of our Referral Agreement template.

All other Partner Contracts:

Sourcegraph does not currently have templates for Partner contracts that are not Reseller Agreements. We’ll need to use the Partner’s paper to enter into an agreement, or you will need to work directly with your Legal point of contact to create a contract for your specific use case (be prepared for this to take time!).

Do I need any internal teams to review the Partner contract before it’s signed?

Yes! Every Partner contract needs review and approval prior to signature.

Review: Business Development and Legal

Approve: VP Budget Owner and Finance

What if the Partner contract is a click-through agreement that can’t be redlined? Do I still need to go through the above review process?

YES. It does not matter if we can’t redline the contract; it’s still very important that Sourcegraph understand any risks posed by the contract we are looking to sign.

  1. Purpose of the contract (1–2 sentences)
  2. Data: Confirm whether the partner will access customer data, teammate data, or other sensitive data
  3. Fees: If the contract includes fees payable by or to Sourcegraph, include written approval from the VP Budget Owner
  4. Marketing rights: Propose any changes to the marketing, publicity, and logo terms or confirm that you have no changes
  5. Responsibilities and Restrictions on Sourcegraph (for product integrations): Propose any changes or confirm that you have no changes
  6. Any other relevant context
  • 7 business days
  • EOQ: expect delays during the last two weeks of each sales quarter

Who signs the Partner contract for Sourcegraph?

  • For Reseller or Referral Agreements, Head of Business Development or VP of Sales
  • For all other Partner contracts, Director or VP

For Partner contracts, authorized signers may delete authority to teammates in manager-level roles or above. Delegation must be made in writing, either via email with copy to legal@sourcegraph.com, or via Slack with a screenshot of the delegation sent to legal@sourcegraph.com.

Who sends out the Partner contract for signature?

If you have DocuSign access, you do!

Please have the other party sign first.

If you do not have DocuSign access, please tell your Legal point of contact and they will send out the contract for you.

Where do I save the Partner contract once it’s signed?

Once both parties have signed the contract, you’ll need to save it in the Partner Contracts folder in Google Drive.

Saving in Google Drive:

  • Fully signed Partner contracts should be saved in the Partner Contracts folder.
    • Already have a folder for this Partner in the New Partners in Progress folder?
      • Move that folder into the Partners folder.
        • Saved the signed Partner contract in the Partner’s subfolder.
    • No folder for this Partner in the New Partners in Progress folder?
      • Create a new subfolder under the Partners folder with the Partner’s name.
      • Save the fully signed Partner contract in the subfolder you just created.

Save the document as a pdf using the following naming convention: Year-Month-Date-Vendor-Contract Type (example: -Company A-Reseller Agreement

Remember: It is important to save your fully signed Partner contract in our shared folder. Legal and Sales use this folder to have a full picture of our Partner relationships. Do not save your signed contract anywhere else (unless for your own purpose and ONLY IF you have saved it in the Partner folder first).

Saving Click-Through Agreements:

For click-through agreements, forward confirmation emails to commercial-contracts@sourcegraph.com. If none, then email commercial-contracts@sourcegraph.com confirming that you accepted the click-through

Teammate Contracts and Offers

What types of contracts fall under the “Teammate Contracts and Offers” category?

Offer letters, employment contracts, international consulting agreements, individual commission agreements, separation / severance agreements, and related amendments

For temporary consultants and contractors and PEO master agreements, please refer to the Vendor Contracts section above.

Which internal teams need to review my teammate contract or offer before it’s signed?

  • Sourcegraph Form Offer Letter or Consulting Agreement - standard terms (no redlines)

    • Review: Recruiter, hiring manager
    • Approve: VP budget owner
  • Amendments to Sourcegraph teammate contracts

    • Review: (a) Senior People Partner and (b) Legal, if amendment is not routine / outside the ordinary course of business (if unsure, check with Employment Counsel)
    • Approve: Director, People
  • PEO Statement of work (with PEO)

    • Review: (a) Senior People Partner and (b) Legal (if Legal review requirements in Legal Review Workflow for Vendor Contracts triggers legal review)
    • Approve: Director, People or VP, Talent & People
  • Individual Commission Agreements

    • Review: Director, Sales Strategy & Operations or Sales Strategy & Operations Manager
    • Approve: VP, Operations or Controller (note: Legal should also review mid-year modifications to individual agreements)
    • Also note: Master Plan reviewed by Sales, Finance, & Legal; Master Plan approved by VP, Ops and VP, Sales.
  • Sourcegraph Form Separation Agreement - standard terms (no redlines)

    • Review: (a) Senior People Partner; and (b) Legal
    • Approve: Director, People
  • Sourcegraph Form Separation Agreement - non-standard terms (red-lined)

    • Review: (a) Senior People Partner; and (b) Legal
    • Approve: (a) VP, Talent & People or Director, People and (b) VP of separating teammate’s function (if modified terms have financial or business impact)

Who signs teammate contracts or offers for Sourcegraph?

  • Sourcegraph Form Offer Letter or Consulting Agreement - standard terms (no redlines)

    • Sign: CEO or VP, Talent & People
  • Amendments to Sourcegraph teammate contracts

    • Sign: CEO or VP, Talent & People
  • PEO Statement of work (with PEO)

    • Sign: VP, Talent & People (or designee)
  • Individual Commission Agreements

    • Sign: VP, Operations or Controller
  • Sourcegraph Form Separation Agreement - standard terms (no redlines)

    • Sign: VP, Talent & People (or designee)
  • Sourcegraph Form Separation Agreement - non-standard terms (red-lined)

    • Sign: VP, Talent & People (or designee)

For teammate contracts or offers, authorized signers may delete authority to teammates in manager-level roles or above. Delegation must be made in writing, either via email with copy to legal@sourcegraph.com, or via Slack with a screenshot of the delegation sent to legal@sourcegraph.com.