Mattermost Handbook
Need help?How to spend company moneyHow to update the HandbookRelease overview
0.2.1
0.2.1
  • Mattermost Handbook
  • Company
    • About Mattermost
      • List of terms
      • Business model
      • Mindsets
    • "How to" guides for staff
      • How to set up a 1-1 channel
      • How to update the handbook
      • How to manage Handbook notifications
      • How to change mobile device
        • How to handle a lost mobile device
      • How to do a mini-retrospective
      • How to autolink keywords in Mattermost
  • Operations
    • Company operations
      • Areas of Responsibility
      • Mattermost Leadership Team (MLT)
        • MLT cadence
      • Company measures
        • Metrics definitions
        • FY23 goals board
        • MLT metrics
      • Company cadence
      • Company policies
        • Community response policy
        • Security policy
      • Company processes
        • Issue/solution process
        • Company agreements
        • Publishing
          • Public web properties
          • Publishing guidelines
            • Brand and visual design guidelines
            • Voice, tone, and writing style guidelines
              • Contribute to documentation
            • Confidentiality guidelines
          • Post-publication quality control process
      • Handbook processes and policies
        • Handbook onboarding
      • Fiscal year planning
    • Research and Development
      • Organization
        • Tech Writing
        • Data engineering
        • Delivery
        • Cloud Platform
        • Site Reliability Engineering
        • GRC
        • Product Security
        • Security Operations
      • Processes
        • Feature Labels
      • Product
        • Product planning
          • Product philosophy and principles
          • Prioritization process
          • Release planning process
          • Roadmap views
          • Release plan
          • Launch plan
          • Feature requests
        • Development process
          • Mobile feature guidelines
          • Deprecation policy
          • Mattermost software requirements process
          • Jira ticket lifecycle
          • Creating new Jira bug tickets
            • Priority levels for tickets
            • Jira fix versions
        • Release process
          • Release overview
          • Feature release process
          • Dot release process
          • Security release process
          • Mobile app release process
          • Desktop app release process
          • Release tips
          • Release scorecard definitions
        • How-to guides for Product
          • How to use productboard
          • How to record a roadmap video
          • How to update integrations directory
          • How to write a feature release announcement
        • Product Management team handbook
          • Product Management Areas of Ownership
          • Product Manager onboarding
          • Product Manager levels
          • Professional development
        • Product Design team handbook
          • Product Design levels
        • Technical Writing team handbook
          • Work with us
          • User interface text guidelines
          • Documentation style guide
          • Our terminology
          • Guidelines for PMs and developers
          • Guidelines for community contributions
          • Technical Writer levels
          • Docathon 2021
            • Getting started with contributing
        • Growth
          • A/B testing methodology
          • PQL definition
        • Analytics
          • Product Analyst Engineer levels
          • Looker
            • Dashboards
            • Explores
          • Telemetry
        • Developer relations
        • Product team hangouts
      • Engineering
        • Infrastructure engineering
          • Cloud infrastructure cost KPIs
          • Cloud data export process
          • Cloud churn process
          • Reliability Manifesto
          • Production Readiness Review
          • Infrastructure Library
        • Integrations team processes
        • Plugin release process
        • Data Engineering
        • Sustained Engineering
          • On call
        • How to go to a conference
        • Public speaking
        • Core contributor expanded access policy
      • Quality Assurance
        • QA workflow
        • QA testing tips and tools
        • Rainforest process
    • Messaging and Math
      • How-to guides for M&M
        • How to create release announcements
        • How to create screenshots and GIFs
        • How to write Mattermost case studies
        • How to write guest blog posts for Mattermost apps and services
        • How to write Mattermost recipes
        • How to compose tweets
        • How to create a split test for web page
        • How to run meetups
        • How to run executive dinners
      • Checklists for M&M
        • Blog post checklist
        • Bio checklist
      • Mattermost websites
      • Demand generation reporting
      • M&M Asana guidelines
      • Content marketing
        • How to use the editorial calendar
        • Content development and distribution
        • Video content guidelines
        • How to contribute content
    • Sales
      • Deal Desk
      • Partner programs
      • Lead management
    • Deployment Engineering
      • Overview
      • Workflows
      • Frequently Asked Questions
      • Playbook for MME Sev 1 Outages
      • Status Update Template
    • Program Management
    • Customer Success
      • Customer Support
    • Legal
      • Contracts
      • Ironclad Basics
        • Company-Wide Workflows
        • Sales Contracts and Workflows
        • Signing a Contract and Contract Repository
    • Finance
      • Budget
      • How to use Airbase
        • Access Airbase
        • Navigate Airbase
        • How to submit a purchase request
        • How to submit a reimbursement request
        • How to review a reimbursement request
        • Vendor portal guide
        • Frequently asked questions
      • Onboarding
        • Vendor onboarding
        • ROW staff onboarding
      • Staff member expenses
        • How to spend company money
        • How to spend company money: Internships
        • Corporate credit card policy
        • How to access Airbase
        • Gifting policy
        • How to book airfare and travel
        • How to reimburse the company
        • How to convert currencies
        • How to get paid
      • Arrange a Bounty Program
      • Naming files and agreements
      • Risk management
        • Mattermost U.S. consulting agreements
      • Operations playbook
    • Security
      • Policies
      • Privacy
        • Data deletion requests
        • Data subject access requests
      • Product Security
        • Product Vulnerability Process
        • Working on security-sensitive pull requests
        • Secure Software Development guide
      • Security Operations
        • User guides
    • Workplace
      • PeopleOps
        • HR cadences
        • HR systems
        • HR Processes
        • Working at Mattermost
          • Onboarding
            • Things everyone must know
            • Staff onboarding
            • Engineer onboarding timeline and expectations
            • Manager onboarding
            • Frequently asked questions
          • Learning and development
          • Mattermost communication best practices
          • Paid time off
            • Out of office email example
          • Travel
            • Business travel insurance
          • Leaves of absence
            • Pregnancy leave
            • Baby bonding parental leave
            • Jury duty
          • Workplace program
          • Relocation
          • Total rewards
        • Performance reviews
          • Formal review process
          • New staff performance review
          • Informal review process
        • Transfers and promotions
        • Offboarding instructions for managers
        • People compliance
      • People policies
      • Groups
        • Staff Resource Groups
      • Approvals and iteration
      • IT
        • IT helpdesk
        • Hardware and software purchases
        • Hardware buy back policy
        • Software systems
  • Contributors
    • Contributors
      • Equity, diversity, and inclusion
      • How to contribute to Mattermost
        • Community Content program
        • Documentation contributions
        • Help Wanted tickets
        • Localization
        • Contribution events
      • Mattermost community
      • Contributor kindness
      • Community systems
      • Guidelines and playbooks
        • Social engagement guidelines
        • Contribution guidelines and code of conduct
        • Mattermost Community playbook
        • How to run a Hackathon
        • Hacktoberfest event organizer guide for Mattermost
    • MatterCon
      • Staff information privacy management
      • Mattermost events code of conduct
      • MatterCon2021
    • Join us
      • Ice-breakers
      • Help Wanted tickets
      • Localization
      • Mattermost GitHub sponsorship
      • Things candidates should know
      • Staff recruiting
      • Recruiting cadences
        • Product Manager hiring process
      • Exec recruiting
        • EA logistics
  • Help and support
    • Contact us
Powered by GitBook
On this page
  • Risk Levels
  • Risk Types
  • Agreements
  • Mattermost Templated Agreement
  • Custom Agreements
  • Risk Acceptance Process
  • Legal Review and Approval ("LRA")
  • Risk Acceptance ("RA")
  • Final Company Approval ("FCA")
  • E-sign Process

Was this helpful?

Edit on Git
Export as PDF
  1. Operations
  2. Finance

Risk management

10% complete. Frame risk management levels to inform processes and decisions across the company

The purpose of our risk management policy in agreements is to provide efficient and safe contract execution by categorizing the levels and types of risk we may face and clear process in signing off of acceptance of risk.

Risk Levels

  • Level 1 - Low risk or documented accepted risk, and 90% probability worst case < $10K

  • Level 2 - Risk to address before IPO and 90% worst case < $100K

  • Level 3 - Risk to address before Series C

  • Level 4 - Risk to address from 6 months from discovery

  • Level 5 - Risk to address ASAP

  • Level N - Needs Investigation

Risk Types

  • Intellectual property - including copyright

  • Tax - including corporate tax, employment tax, sales tax, and other forms

  • Liability - including risk from lack of/commitment to indemnity from/to 3rd parties

  • Jurisdiction - including material risk from mechanisms other than JAMS or California law

  • Export compliance - including U.S. embargo

  • Employment law risk - including statutory benefits

  • Internal consistency - including compensation

  • Business risk - including non-market terms and ability to meet expectations

  • System security - exposure to potential security breaches

  • Contract compliance risk - risk of being in breach of customer contracts or other contracts

Agreements

Risk levels are most commonly addressed in agreements of the following types:

  • Customer agreements

  • Vendor agreements

  • Employment agreements

  • Partnerships agreements

Mattermost Templated Agreement

Mattermost Templated Agreements (MTAs) have significant reduced risk and in general can be reviewed and executed within 1 business day.

Examples include:

  • Mattermost Mutual Non-disclosure Agreement (link needed)

Custom Agreements

All custom agreements require approval by procurement and may take days to weeks to complete depending on their complexity.

Risk Types and Risk Levels for Custom Agreements

Note: Risk levels are expected to change over time. For example: Contracts in foreign jurisdictions may be less of an issue over time as we establish infrastructure in those jurisdictions.

Risk Type

Level 2

Level 3

Level 4

Level 5

Jurisdiction

U.S. jurisdiction outside of California in combination with potential for $100K+ in uninsured liability

Canadian or U.K. jurisdiction in combination with potential for $100K+ in uninsured liability

Non-English-speaking, non-U.S. jurisdiction in combination with potential for $100K+ in uninsured liability

Jurisdiction in a restricted list region/country, e.g. U.S. embargoed countries. ABSOLUTELY DO NOT SIGN

Risk Acceptance Process

The following summarizes the process for review and risk acceptance on any agreement that binds Mattermost, Inc.

Legal Review and Approval ("LRA")

Legal review and approval is required for all custom agreements and department heads should ensure their teams plan their work to provide at least 1-2 weeks for the review of any custom contracts.

Risk Acceptance ("RA")

Risk Acceptance Initial ("RAI") is provided by a Mattermost staff member who is a non-interim department head or someone director-level or higher and who has also completed Mattermost procurement and risk management training within the last 12 months.

RAI initial should appear within 2 inches of the FCA signature it maximize clarity that RAI is complete when FCA is executed.

Final Company Approval ("FCA")

To bind the company to any agreement Final Company Approval ("FCA") is provided by the company CEO, and potentially board members, via physical or electronic signature.

E-sign Process

HR-related E-sign

All HR-related e-sign should be conducted via either:

  • a HelloSign account controlled by Mattermost (which is only accessible by staff approved for handling confidential HR data)

  • an e-sign system controlled by our partner law firm, Cooley

HR-related agreements should not be executed using the company-controlled DocuSign account given HR privacy requirements.

Agreement

Risk Types

Risk Acceptance (Initial)

Final Company Approval (Signature)

U.S. W-2 Employee MTA

DirHR or VPF

CEO

General Agreements

The following table summarizes general agreements to be completed via company-controlled DocuSign or vendor-controlled DocuSign with written sign-off from Mattermost staff member requesting the agreement that the vendor will send the fully-executed contract to procurement within 1 business day after execution.

Agreement

Risk Types

Risk Acceptance (Initial)

Final Company Approval (Signature)

Banking Agreement

DirAccounting or VPF

CEO

PreviousNaming files and agreementsNextMattermost U.S. consulting agreements

Last updated 4 years ago

Was this helpful?

This step is not required for , only custom agreements.

If a department head anticipates more than 3-5 custom contracts of similar types (e.g. advertising purchase agreements), they should inform procurement in advance to create an to speed contract execution.

Mattermost U.S. Consulting Agreement
MTAs
MTA
IP, tax, liability, export compliance
Business risk, system security