From 22fdd45832a1b1c7610c73e5fb965e0dced53021 Mon Sep 17 00:00:00 2001 From: Mike McNeil Date: Fri, 13 Sep 2024 01:21:02 -0500 Subject: [PATCH] Add finance department (#22067) Co-authored-by: Sampfluger88 --- CODEOWNERS | 14 +- articles/tales-from-fleet-security-soc2.md | 2 +- handbook/business-operations/README.md | 556 ------------------ handbook/company/README.md | 24 +- handbook/company/communications.md | 75 ++- handbook/company/handbook.md | 2 +- handbook/company/leadership.md | 45 +- handbook/company/why-this-way.md | 10 +- handbook/digital-experience/README.md | 225 ++++++- .../application-security.md} | 16 +- .../digital-experience.rituals.yml | 44 +- .../security-audits.md | 0 .../security-policies.md | 8 +- .../security.md | 12 +- .../vendor-questionnaires.md | 8 +- handbook/engineering/README.md | 4 +- handbook/engineering/engineering.rituals.yml | 2 +- handbook/finance/README.md | 345 +++++++++++ .../finance.rituals.yml} | 104 ++-- handbook/sales/README.md | 14 +- .../2022-05-security-awareness-slides.md | 4 +- website/config/custom.js | 2 +- website/config/routes.js | 10 +- 23 files changed, 744 insertions(+), 782 deletions(-) delete mode 100644 handbook/business-operations/README.md rename handbook/{business-operations/Application-security.md => digital-experience/application-security.md} (77%) rename handbook/{business-operations => digital-experience}/security-audits.md (100%) rename handbook/{business-operations => digital-experience}/security-policies.md (99%) rename handbook/{business-operations => digital-experience}/security.md (99%) rename handbook/{business-operations => digital-experience}/vendor-questionnaires.md (95%) create mode 100644 handbook/finance/README.md rename handbook/{business-operations/business-operations.rituals.yml => finance/finance.rituals.yml} (60%) diff --git a/CODEOWNERS b/CODEOWNERS index fae91d00d013..5f1c7e9bca1e 100644 --- a/CODEOWNERS +++ b/CODEOWNERS @@ -95,13 +95,13 @@ go.mod @fleetdm/go /handbook/README.md @mikermcneil /handbook/company/open-positions.yml @sampfluger88 /handbook/company/product-groups.md @lukeheath -/handbook/business-operations/README.md @sampfluger88 -/handbook/business-operations/business-operations.rituals.yml @sampfluger88 -/handbook/business-operations/Application-security.md @lukeheath -/handbook/business-operations/security-audits.md @lukeheath -/handbook/business-operations/security-policies.md @lukeheath -/handbook/business-operations/security.md @lukeheath -/handbook/business-operations/vendor-questionnaires.md @lukeheath +/handbook/finance/README.md @sampfluger88 +/handbook/finance/finance.rituals.yml @sampfluger88 +/handbook/digital-experience/application-security.md @lukeheath +/handbook/digital-experience/security-audits.md @lukeheath +/handbook/digital-experience/security-policies.md @lukeheath +/handbook/digital-experience/security.md @lukeheath +/handbook/digital-experience/vendor-questionnaires.md @lukeheath /handbook/digital-experience @sampfluger88 /handbook/customer-success @sampfluger88 /handbook/demand @sampfluger88 diff --git a/articles/tales-from-fleet-security-soc2.md b/articles/tales-from-fleet-security-soc2.md index c5b6d8aaaa22..641583270a6c 100644 --- a/articles/tales-from-fleet-security-soc2.md +++ b/articles/tales-from-fleet-security-soc2.md @@ -43,7 +43,7 @@ One of the essential things about SOC 2 is having the right security policies. T Writing policies from scratch can seem daunting. Many compliance automation products have templates you can use to get started, but there are excellent free and open resources online. -As you can see, our policies are in our [handbook](https://fleetdm.com/handbook/business-operations/security-policies#information-security-policy-and-acceptable-use-policy), and we created most of them using this [free set of templates](https://github.com/JupiterOne/security-policy-templates) published by JupiterOne under Creative Commons licensing. +As you can see, our policies are in our [handbook](https://fleetdm.com/handbook/digital-experience/security-policies#information-security-policy-and-acceptable-use-policy), and we created most of them using this [free set of templates](https://github.com/JupiterOne/security-policy-templates) published by JupiterOne under Creative Commons licensing. We kept our policies as basic as possible to make sure everything in them is valuable and achievable. Having policies that state you must do the impossible is a surefire way of getting in trouble! The templates we used contained many processes and procedures as well. We used the policies and will eventually document more of our procedures in our handbook. diff --git a/handbook/business-operations/README.md b/handbook/business-operations/README.md deleted file mode 100644 index 74fa60868043..000000000000 --- a/handbook/business-operations/README.md +++ /dev/null @@ -1,556 +0,0 @@ -# Business Operations -This handbook page details processes specific to working [with](#contact-us) and [within](#responsibilities) this department. - -## Team -| Role | Contributor(s) | -|:------------------------------|:-----------------------------------------------------------------------------------------------------------| -| Head of Business Operations | [Joanne Stableford](https://www.linkedin.com/in/joanne-stableford/) _([@jostableford](https://github.com/JoStableford))_ -| Business Operations Engineer | [Nathan Holliday](https://www.linkedin.com/in/nathanael-holliday/) _([@hollidayn](https://github.com/hollidayn))_
[Isabell Reedy](https://www.linkedin.com/in/isabell-reedy-202aa3123/) _([@ireedy](https://github.com/ireedy))_ - -## Contact us -- To **make a request** of this department, [create an issue](https://github.com/fleetdm/confidential/issues/new?assignees=&labels=%23g-business-operations&projects=&template=custom-request.md&title=Request%3A+_______________________) and a team member will get back to you within one business day (If urgent, mention a [team member](#team) in [#g-business-operations](https://fleetdm.slack.com/archives/C047N5L6EGH). - - Please **use issue comments and GitHub mentions** to communicate follow-ups or answer questions related to your request. - - Any Fleet team member can [view the kanban board](https://app.zenhub.com/workspaces/-g-business-operations-63f3dc3cc931f6247fcf55a9/board?sprints=none) for this department, including pending tasks and the status of new requests. - - -## Responsibilities -The Business Operations department is directly responsible for people operations, finance + invoicing, tax, compliance, and legal + deal desk. - - -### Run payroll -Many of these processes are automated, but it's vital to check Gusto and Plane manually for accuracy. - - Salaried fleeties are automated in Gusto and Plane. - - Hourly fleeties and consultants are a manual process each month in Gusto and Plane. - -| Payroll type | What to use | DRI | -|:-----------------------------|:-----------------------------|:-----------------------------| -| [Commissions and ramp](https://fleetdm.com/handbook/business-operations#run-us-commission-payroll) | "Off-cycle - Commission" payroll | Head of Business Operations -| Sign-on bonus | "Bonus" payroll | Head of Business Operations -| Performance bonus | "Bonus" payroll | Head of Business Operations -| Accelerations (quarterly) | "Off-cycle - Commission" payroll | Head of Business Operations -| [US contractor payroll](https://fleetdm.com/handbook/business-operations#run-us-contractor-payroll) | "Off-cycle" payroll | Head of Business Operations - -### Reconcile monthly recurring expenses -Recurring monthly or annual expenses, such as the tools we use throughout Fleet, are tracked as recurring, non-personnel expenses in ["🧮 The Numbers"](https://docs.google.com/spreadsheets/d/1X-brkmUK7_Rgp7aq42drNcUg8ZipzEiS153uKZSabWc/edit#gid=2112277278) _(¶confidential Google Sheet)_, along with their payment source. Reconciliation of recurring expenses happens monthly. - -> Use this spreadsheet as the source of truth. Always make changes to it first before adding or removing a recurring expense. Only track significant expenses. (Other things besides amount can make a payment significant; like it being an individualized expense, for example.) - - -### Access a background check -All Fleet team members undergo a background check provided through [Vetty](https://vetty.co/). Only the most recent background checks appear on the home page of Vetty's dashboard. To access a complete list of background checks run in Vetty, scroll down to the bottom of the candidates page and click "View Historical". - - -### Register Fleet as an employer with a new state -Fleet must register as an employer in any state where we hire new teammates. To do this, complete the following steps in Gusto: -1. After a new teammate completes their Gusto profile, the Business Operations department will be prompted to approve it for payroll. Sign in to your Gusto admin account and begin the approval process. -2. Select "yes" when prompted to file a new hire report and complete the approval process. -3. Once the profile is approved, navigate to Tax setup and select the state you’d like to register Fleet in. -4. Select “Have us register for you” and then “Start registration.” -5. Verify, add, and amend any company information to ensure accuracy. -6. Select “Send registration” and authorize payment for the specified amount. CorpNet will then send an email with next steps, which vary by state. -7. Update the [list of states that Fleet is currently registered with as an employer](https://fleetdm.com/handbook/business-operations#review-state-employment-tax-filings-for-the-previous-quarter). - - -### Process an email from a state agency -From time to time, you may get notices via email (or in the mail) from state agencies regarding Fleet's withholding and/or unemployment tax accounts. You can resolve some of these notices on your own by verifying and/or updating the settings in your Gusto account. - -If the notice is regarding an upcoming change to your deposit schedule or unemployment tax rate, make the required change in Gusto, such as: -- Update your unemployment tax rate. -- Update your federal deposit schedule. -- Update your state deposit schedule. - -In Gusto, you can click **How to review your notice** to help you understand what kind of notice you received and what additional action you can take to help speed up the time it takes to resolve the issue. - -> **Note:** Many agencies do not send notices to Gusto directly, so it’s important that you read and take action before any listed deadlines or effective dates of requested changes, in case you have to do something. If you can't resolve the notice on your own, are unsure what the notice is in reference to, or the tax notice has a missing payment or balance owed, follow the steps in the Report and upload a tax notice in Gusto. - -Every quarter, payroll and tax filings are due for each state. Gusto can handle these automatically if Third-party authorization (TPA) is enabled. Each state is unique and Gusto has a library of [State registration and resources](https://support.gusto.com/hub/Employers-and-admins/Taxes-forms-and-compliance/State-registration-and-resources) available to review. You will need to grant Third-party authorization (TPA) per state and this should be checked quarterly before the filing due dates to ensure that Gusto can file on time. --> - - -### Review state employment tax filings for the previous quarter - -Every quarter, payroll and tax filings are due for each state. Gusto automates this process, however there are often delays or quirks between Gusto's submission and the state receiving the filings. -To mitigate the risk of penalties and to ensure filings occur as expected, follow these steps in the first month of the new quarter, verifying past quarter submission: -1. Create an issue to "Review state filings for the previous quarter". -2. Copy this text block into the issue to track progress by state: - - -``` -States checked: -- [ ] California -- [ ] Colorado -- [ ] Connecticut -- [ ] Florida -- [ ] Georgia -- [ ] Hawaii -- [ ] Illinois -- [ ] Kansas -- [ ] Maryland -- [ ] Massachusetts -- [ ] New York -- [ ] Ohio -- [ ] Oregon -- [ ] Pennsylvania -- [ ] Rhode Island -- [ ] Tennessee -- [ ] Texas -- [ ] Utah -- [ ] Virginia -- [ ] Washington -- [ ] Washington, DC -- [ ] West Virginia -- [ ] Wisconsin -``` - - -3. Login to Gusto and navigate to "Taxes and compliance", then "Tax documents". -4. Login to each State portal (using the details saved in 1Password) and verify that the portal has received the automated submission from Gusto. -5. Check off states that are correct, and use comments to explain any quirks or remediation that's needed. - - -### Inform managers about hours worked - -Every Friday at 2:00 PM CT, we collect hours worked for all hourly employees at Fleet, including core team members and consultants, regardless of their location. - -Here's how: - -1. Consultants submit their hours through Gusto (US consultants) or Plane.com (international consultants) and require DRI approval (generally their manager) for hours worked. Find the DRI using the [Business Operations KPIs](https://docs.google.com/spreadsheets/d/1Hso0LxqwrRVINCyW_n436bNHmoqhoLhC8bcbvLPOs9A/edit#gid=0). -2. Send the teammate's DRI a direct message in Slack with a screenshot of the HRIS portal, showing hours logged since last Saturday at midnight, and ask them to confirm the hours are expected. Ensure the screenshot does not include compensation information. - - For international teammates, they cannot enter hours weekly in Plane.com, so you will need to request the hours worked from them in order to have the DRI approve them. -3. The following Monday, check for updates to logged hours and ensure the KPI sheet aligns with HRIS records. - - If there are discrepancies between what was previously reported, reconfirm logged hours with the teammate's DRI and update the KPI sheet to reflect the correct amount. - - -### Change the DRI of a consultant - -1. In the [KPIs](https://docs.google.com/spreadsheets/d/1Hso0LxqwrRVINCyW_n436bNHmoqhoLhC8bcbvLPOs9A/edit#gid=0) sheet, find the consultant's column. -2. Change the DRI documented there to the new DRI who will receive information about the consultant's hours. - -### Run US contractor payroll -For Fleet's US contractors, running payroll is a manual process: -1. Add the amount to be paid to the "Gross" line. -2. Review hours _("Time tools > Time tracking")_ -3. Adjust time frame to match current payroll period (the 27th through 26th of the month) -4. Sync hours and run contractor payroll. - -### Create an invoice -To create a new invoice for a Fleet customer, follow these steps: -1. Go to the [invoice folder in google drive](https://drive.google.com/drive/folders/11limC_KQYNYQPApPoXN0CplHo_5Qgi2b?usp=drive_link). -2. Create a copy of the invoice template, and title the copy `[invoice number] Fleet invoice - [customer name]`. - - The invoice number follows the format of `YYMMDD[daily issued invoice number]`, where the daily issued invoice number should equal `01` if it's the first invoice issued that day, `02` if it's the second, etc. -3. Edit the new invoice to reflect details from the signed subscription agreement (and PO if required). - - Enter the invoice number (and PO number if required) into the top right section of the invoice. - - Update the date of the invoice to reflect the current date. - - Make sure the payment terms match the signed subscription agreement. - - Copy the customer address from the signed subscription agreement and input it in the "Bill to" section of the invoice. - - Copy the "Billing contact" email from the signed subscription agreement and add it to the last line of the "Bill to" address. - - Make sure the start and end dates of the contract and amount match the subscription agreement. - - If professional services are included in the subscription agreement, include as a separate line in the invoice, and ensure the amounts total correctly. - - Ensure the "Notes" section has wiring instructions for payment via SVB. -4. Download the completed invoice as a PDF. -5. Send the PDF to the billing contact from the "Bill to" section of the invoice and cc [Fleet's billing email address](https://fleetdm.com/handbook/company/communications#email-relays). Use the following template for the email: - -``` -Subject: Invoice for Fleet Device Management [invoice number] -Hello, - -I've attached the invoice for [customer name]'s purchase of Fleet Device Management's premium subscription. -For payment instructions please refer to your invoice, and reach out to [insert Fleet's billing address] with any questions. - -Thanks, -[name] -``` - -6. Update the opportunity and the opportunity billing cycle in Salesforce to include the "Invoice date" as the day the invoice was sent. -8. Notify the AE/CSM that the invoice has been sent. - -> Certain vendors require invoices submitted via a payment portal (such as Coupa). Once you've generated the invoice using the steps above, upload it to the relevant payment portal and email the billing contact to let them know you've submitted the invoice. - - -### Communicate the status of customer financial actions -This reporting is performed to update the status of open or upcoming customer actions regarding the financial health of the opportunity. To complete the report: -1. Check [SVB](https://connect.svb.com/#/) and [Brex](https://accounts.brex.com/login) for any recently received payments from customers and record them in SFDC. -2. Go to this [report folder](https://fleetdm.lightning.force.com/lightning/r/Folder/00lUG000000DstpYAC/view?queryScope=userFolders) in SFDC. The three reports will provide the data used in the report. -3. Copy the template below and paste it into the [#g-sales slack channel](https://fleetdm.slack.com/archives/C030A767HQV) and complete all "todos" using the data from Salesforce before sending. - -``` -Weekly revenue report - [@`todo: CRO` and @`todo: CEO`] -- Number accounts with outstanding balances = `todo` -- Number of customers awaiting invoices = `todo` -- Number of past-due renewals = `todo` -``` - -4. Send payment reminders via email to all outstanding accounts by responding to the invoice email initially sent to the customer. - -``` -Hello, -This is a reminder that you have an outstanding balance due for your Fleet Device Management premium subscription. -We have included the invoice here for your convenience. -For payment instructions please refer to your invoice, and reach out to [Fleet's billing contact] with any questions. - -Thanks, -[name] -``` -5. If any accounts will become overdue within a week, reply in thread to the slack post, mention the opportunity owner of the account, and ask them to notify their contact that Fleet is still awaiting payment. -5. Review the [billing cycles](https://fleetdm.lightning.force.com/lightning/r/Report/00OUG000000yGjR2AU/view) report in SFDC for customers on multiyear deals. For any customers due for invoicing within the next week, create an issue on the Business Operations board. - - -### Run US commission payroll -1. Update individual teammates commission calculators (linked from [main commission calculator](https://docs.google.com/spreadsheets/d/1PuqUbfPGos87TfcHWgUd05TRJgQLlBmhyz1euj79m2A/edit?usp=sharing)) with new revenue from any deals that are closed-won (have a subscription agreement signed by both parties) and have a **close date** within the previous month. - - Verify closed-won deal numbers with CRO to ensure any agreed upon exceptions are captured (eg: CRO approves an AE to receive commission on a renewal deal due to cross-sell). -2. In the "Monthly commission payroll party" meeting, present the commission calculations for Fleeties receiving commission for approval. - - If there are any quarterly accelerators due for the teammate receiving commission, ensure the individual total includes both the monthly and the quarterly amount. -3. After the amounts are approved in the meeting, process the commission payroll. - - Use the off-cycle payroll option in Gusto. Be sure to classify the payment as "Commission" in the "other earnings" field and not the generic "Bonus." -4. Once commission payroll has been run, update the [main commission calculator](https://docs.google.com/spreadsheets/d/1PuqUbfPGos87TfcHWgUd05TRJgQLlBmhyz1euj79m2A/edit?usp=sharing) to mark the commission as paid. - -### Run international commission payroll -1. Follow the steps in [run US commission payroll](https://fleetdm.com/handbook/business-operations#run-us-commission-payroll) to have the commission amounts approved by the CRO. -2. After the amounts are approved in the "Monthly commission payroll party", navigate to Help > Ask a question in Plane to request a commission payment for the teammate. -3. Send a message using the following template - - ``` - Hello, - I’d like to run an off-cycle commission payment for [teammate’s full name] for the period of [commission period]. - The amount of [USD amount] should be paid with their next payroll. - Please let me know if you need any additional information to process this request. - - Thanks, - [name] - ``` - -4. Once Plane confirms the payroll change has been actioned, update the [main commission calculator](https://docs.google.com/spreadsheets/d/1PuqUbfPGos87TfcHWgUd05TRJgQLlBmhyz1euj79m2A/edit#gid=928324236) to mark the commission as paid. - - -### Run quarterly or annual employee bonus payroll -1. Update individual teammate bonus calculator (linked from [main commission calculator](https://docs.google.com/spreadsheets/d/1PuqUbfPGos87TfcHWgUd05TRJgQLlBmhyz1euj79m2A/edit?usp=sharing)) with relevant metrics. - - Bonus plans will have details specified on how to measure success, with most drawing from the [KPI spreadsheet](https://docs.google.com/spreadsheets/d/1Hso0LxqwrRVINCyW_n436bNHmoqhoLhC8bcbvLPOs9A/edit?usp=sharing) or from linked SFDC reports. If unsure where to pull achievement metrics from, contact teammate's manager to clarify. -2. In the "Monthly commission payroll party" meeting, present the bonus calculations for Fleeties receiving bonus for approval. -3. After the amounts are approved in the meeting, process the bonus payroll. - - Use the off-cycle payroll option in Gusto and be sure to classify the payment as "Bonus". - - For international teammates, you may need to use the "Help" function, or email support to notify Plane of the amount needing to be paid. -4. Once bonus payroll has been run, update the [main commission calculator](https://docs.google.com/spreadsheets/d/1PuqUbfPGos87TfcHWgUd05TRJgQLlBmhyz1euj79m2A/edit?usp=sharing) to mark the bonus as paid. - - -### Convert a Fleetie to a consultant -If a Fleetie decides they want to move to being a [consultant](https://fleetdm.com/handbook/company/leadership#consultants), either the Fleetie or their manager need to create a [custom issue for the BizOps team](https://github.com/fleetdm/confidential/issues/new?assignees=&labels=%23g-business-operations&projects=&template=custom-request.md&title=Request%3A+_______________________) to notify them of the change. -Once notified, BizOps takes the following steps: -1. Confirm the following details with the Fleetie: - - Date of change - - Term of consultancy (time period) - - Hours/capacity expected (hours per week or month) - - Confirm hourly rate -2. Once details are confirmed, use the information given to create the consulting agreement for the Fleetie (either in docusign (US-based) or via Plane (international)), and send to their personal email for signature. Once signed, save in Fleetie's [employee file](https://drive.google.com/drive/folders/1UL7o3BzkTKnpvIS4hm_RtbOilSABo3oG?usp=drive_link). -3. Schedule the Fleetie's final day in HRIS (Gusto or Plane). -4. Update final day in ["🧑‍🚀 Fleeties"](https://docs.google.com/spreadsheets/d/1OSLn-ZCbGSjPusHPiR5dwQhheH1K8-xqyZdsOe9y7qc/edit#gid=0) spreadsheet. -5. Create an [offboarding issue](https://github.com/fleetdm/classified/blob/main/.github/ISSUE_TEMPLATE/%F0%9F%9A%AA-offboarding-____________.md) for the Fleetie converting to a consultant, and confirm with their manager if there is a need to retain any tools or access while they are a consultant (default to removing all access from Fleet email, and migrating to personal email for Slack and other tools unless there is a business case to retain the Fleet email and associated tool access). -6. Follow the offboarding issue for next steps, including communicating to teammates and updating equity plan. - - -### Update personnel details -When a Fleetie, consultant or advisor requests an update to their personnel details (name, location, phone, etc), follow these steps to ensure accurate representation across systems. -1. Team member submits a [custom issue](https://github.com/fleetdm/confidential/issues/new?assignees=&labels=%23g-business-operations&projects=&template=custom-request.md&title=Request%3A+_______________________) to update their personnel details (or BizOps team creates if the request comes via email or is sensitive and needs a classified issue). - - If change is for a primary identification or contact method, ask for evidence of change and capture in [employee's personnel file](https://drive.google.com/drive/folders/1UL7o3BzkTKnpvIS4hm_RtbOilSABo3oG?usp=drive_link). -2. BizOps makes change to HRIS (Gusto or Plane) to reflect change. - - Note: if making the change requires follow up steps, resolve those steps to action the change. -3. Once change is effected in HRIS, BizOps makes changes to ["🧑‍🚀 Fleeties"](https://docs.google.com/spreadsheets/d/1OSLn-ZCbGSjPusHPiR5dwQhheH1K8-xqyZdsOe9y7qc/edit#gid=0) spreadsheet. -4. If required, BizOps makes any relevant changes to [Fleet's equity plan](https://docs.google.com/spreadsheets/d/1_GJlqnWWIQBiZFOoyl9YbTr72bg5qdSSp4O3kuKm1Jc/edit#gid=0). -5. If required, BizOps makes any relevant changes to the ["🗺️ Geographical factors"](https://docs.google.com/spreadsheets/d/1rCVCs-eOo-VSEG7fPLgdq5l7oSaActl5bewaWP7PnSE/edit#gid=1533353559) spreadsheet and follows through on any action items involving tax implications (i.e. registering with a new state for employer taxes). -6. If required, BizOps also makes changes to other core systems (e.g: creating a new email alias in google workspace; updating details in Carta; etc). -7. The change is now actioned, notify the team member and close the issue. - -> Note: if the Fleetie is US based and has a qualifying life event that impacts benefit coverage, they can [follow the Gusto steps](https://support.gusto.com/article/100895878100000/Change-your-benefits-with-a-qualifying-life-event) to update their coverage elections. - - -### Change a Fleetie's job title -When BizOps receives notification of a Fleetie's job title changing, follow these steps to ensure accurate recording of the change across our systems. -1. Update ["🧑‍🚀 Fleeties"](https://docs.google.com/spreadsheets/d/1OSLn-ZCbGSjPusHPiR5dwQhheH1K8-xqyZdsOe9y7qc/edit#gid=0): - - Search the spreadsheet for the Fleetie in need of a job title change. - - Input the new job title in the Fleetie's row in the "Job title" cell. - - Navigate to the "Org chart" tab of the spreadsheet, and verify that the Fleetie's title appears correctly in the org chart. -2. Update the departmental handbook page with the change of job title -3. [Prepare salary benchmarking information](https://fleetdm.com/handbook/business-operations#prepare-salary-benchmarking-information) to determine whether the teammate's current compensation aligns with the benchmarks of the new role. - - If the benchmark is significantly different, take the steps to [update a team member's compensation](https://fleetdm.com/handbook/business-operations#prepare-salary-benchmarking-information). -4. Update the relevant payroll/HRIS system. - - For updating Gusto (US-based Fleeties): - - Login to Gusto and navigate to "People > Team members". - - Find the Fleetie and select them to see their profile page. - - Under the "Compensation" heading, select edit and update the "Job title" and input the specific date the change happened. Save the changes. - - For updating Plane (non-US Fleeties): - - Login to Plane and navigate to "People > Team". - - Find the Fleetie and select them to see their profile page. - - Use the "Help" function, or email support@plane.com to notify Plane of the need to change the job title for the Fleetie. Include the Fleetie's name, current title, new title, and effective date. - - Take any relevant steps as directed by Plane in order to make the required changes to the Fleetie's profile. - - -### Change a Fleetie's manager -When BizOps receives notification of a Fleetie's manager changing, follow these steps to ensure correct recording in our systems. -1. Update [🧑‍🚀 Fleeties](https://docs.google.com/spreadsheets/d/1OSLn-ZCbGSjPusHPiR5dwQhheH1K8-xqyZdsOe9y7qc/edit#gid=0): - - Search for the Fleetie's new manager, and copy the new manager's unique ID from the far left "Unique ID" column. - - Search for the Fleetie whose manager is changing, and paste (without formatting) their new manager's unique ID in the "Reports to: (manager unique ID)" cell in the Fleetie's row. - - Verify that the "Reports to (auto: manager name and job title)" cell in the Fleetie's row reflects the new manager's details. - - Verify that in the new manager's row, the "# direct reports" cell reflect the correct number. - - Navigate to the "Org chart" tab in the spreadsheet, and verify that the Fleetie now appears in the correct place in the org chart. -2. If the person's department is changing, then update both departmental handbook pages to move the person to their new department: - - Remove the person from the "Team" section of the old department and add them to the "Team" section of the new department. -3. If the person's level of confidential access will change along with the change to their manager, then update that level of access: - - Update Google Workspace to make sure this person lives in the correct Google Group, removing them from the old and/or adding them to the new. - - Update 1password to remove this person from old vaults and/or add them to new vaults. - - For a team member moving from "classified" to "confidential" access, check Gusto, Plane, and other systems to remove their access. - -> **Note:** The Fleeties spreadsheet is the source of truth for who everyone's manager is and their job titles. - -### Recognize employee workiversaries - -At Fleet, everyone is recognized on their [workiversary](https://fleetdm.com/handbook/company/communications#workiversaries). To ensure this happens, take the following steps: - -1. Bimonthly, use [Fleeties (private google doc)](https://docs.google.com/spreadsheets/d/1OSLn-ZCbGSjPusHPiR5dwQhheH1K8-xqyZdsOe9y7qc/edit#gid=0) to determine who is celebrating their workiversary in the following two months. -2. Post in the #help-classifed Slack channel and cc the Head of Business Operations. Use the following template: - - - ``` - [Month] - [workiversary date (DD-MMM)] - [teammate name] - [number of years at Fleet] - ``` - - - The Apprentice to the CEO will also use this post to update the [All hands](https://fleetdm.com/handbook/company/communications#all-hands) deck. -3. On the day prior to a workiversary, send the teammate’s manager a DM on Slack: - - - ``` - Hey! Just a heads up, tomorrow is [teammate’s name] [number of years at Fleet] workiversary at Fleet. - BizOps were planning on posting something in the #random channel to recognize them, but I was wondering if you would like to instead? - ``` - - - > If a manager elects to post and hasn't done so by 2pm ET on the day of the workiversary, send them a friendly reminder and offer to post instead. - -4. If the manager has deferred to BizOps, schedule a Slack post for the following day to recognize the teammate's contributions at Fleet. If you’re unsure about what to post, take a look at what’s been [posted previously](https://docs.google.com/document/d/1Va4TYAs9Tb0soDQPeoeMr-qHxk0Xrlf-DUlBe4jn29Q/edit). - - - -### Prepare salary benchmarking information -1. Use the relevant template text in the README section of the [¶¶ 💌 Compensation decisions document](https://docs.google.com/document/d/1NQ-IjcOTbyFluCWqsFLMfP4SvnopoXDcX0civ-STS5c/edit?usp=sharing) for a current Fleetie, a new role, a prospective hire, or other benchmarking use case. -2. Copy the template text and paste at the end of the document. -3. Fill in details as required, pulling from [🧑‍🚀 Fleeties spreadsheet](https://docs.google.com/spreadsheets/d/1OSLn-ZCbGSjPusHPiR5dwQhheH1K8-xqyZdsOe9y7qc/edit#gid=0) and [equity spreadsheet](https://docs.google.com/spreadsheets/d/1_GJlqnWWIQBiZFOoyl9YbTr72bg5qdSSp4O3kuKm1Jc/edit?usp=sharing) as required. -4. Use the teammate's information to benchmark in [Pave](https://www.pave.com/) (login details in 1Password). You can pattern match from previous benchmarking entries, and include all company assumtions. Add the direct link to the Pave benchmark. - - -### Update a team member's compensation -To [change a teammate's compensation](https://fleetdm.com/handbook/company/communications#compensation-changes), follow these steps: -1. Create a copy of the ["Values assessment" template](https://docs.google.com/spreadsheets/d/1P5TyRV2v-YN0aR_X8vd8GksKcr3uHfUDdshqpVzamV8/edit?usp=drive_link) and move it to the teammate's [personnel folder in Google Drive](https://drive.google.com/drive/folders/1UL7o3BzkTKnpvIS4hm_RtbOilSABo3oG?usp=drive_link). -2. Share the values assessment document with the manager and ask them to perform the values assessment. -3. Once the values assessment is complete, [prepare salary benchmarking information](#prepare-salary-benchmarking-information) and notify the Head of Business Operations so the compensation change can be added to the e-group agenda for discussion amongst Fleet leadership. - - If the teammate's manager is not part of the e-group, the Head of Business Operations will ensure they're included in the discussion at e-group as well. -4. Once compensation decisions have been finalized, the Head of Business Operations will post in slack to `#help-classified` to confirm the decisions have been recorded in ["¶¶ 💌 Compensation decisions (offer math)"](https://docs.google.com/document/d/1NQ-IjcOTbyFluCWqsFLMfP4SvnopoXDcX0civ-STS5c/edit#heading=h.slomq4whmyas). -5. Send the teammates manager a Slack DM to determine who will communicate the decision to the teammate. -6. Update the respective payroll platform (Gusto or Plane) by navigating to the personnel page, selecting salary field, and updating with an effective date that makes the next payroll. -7. Update the [equity spreadsheet](https://docs.google.com/spreadsheets/d/1_GJlqnWWIQBiZFOoyl9YbTr72bg5qdSSp4O3kuKm1Jc/edit?usp=sharing) (internal doc) by copying existing OTE to the bottom of the "Notes" cell, updating the OTE column with the new compensation information, and updating the "Last compensation change" column with the effective date from payroll platform. -8. Calculate the monthly burn rate increase percentage and notify the CEO via a Slack DM. - -> If the company decides on an additional equity grant as part of a compensation change, note the previous equity and new situation in detail in the "Notes" column of the equity plan. Update the "Grant started?" column to "todo" which adds it to the queue for the next time grants are processed (quarterly). - -### Review Fleet's US company benefits - -Annually, around mid-year, Fleet will be prompted by Gusto to review company benefits. The goal is to keep changes minimal. Follow these steps: -1. Log in to your [Gusto admin account](https://gusto.com/). -2. Navigate to "Benefits" and select "Renewal survey". -3. Complete the survey questions, aiming for minimal changes. -4. Approximately 2-3 months after survery completion, Gusto will suggest plans based on Fleet's responses. Choose plans with minimal changes. -5. Gusto will offer these plans to employees during open enrollment, with new coverage starting 3-4 weeks afterward. - - -### Process monthly accounting -Create a [new montly accounting issue](https://github.com/fleetdm/confidential/issues/new/choose) for the current month and year named "Closing out YYYY-MM" in GitHub and complete all of the tasks in the issue. (This uses the [monthly accounting issue template](https://github.com/fleetdm/confidential/blob/main/.github/ISSUE_TEMPLATE/5-monthly-accounting.md). - -- **SLA:** The monthly accounting issue should be completed and closed before the 7th of the month. -- The close date is tracked each month in [KPIs](https://docs.google.com/spreadsheets/d/1Hso0LxqwrRVINCyW_n436bNHmoqhoLhC8bcbvLPOs9A/edit). -- **When is the issue created?** We create and close the monthly accounting issue for the previous month within the first 7 days of the following month. For example, the monthly accounting issue to close out the month of January is created promptly in February and closed before the end of the day, Feb 7th. A convenient trick is to create the issue on the first Friday of the month and close it ASAP. - - -### Respond to low credit alert -Fleet admins will receive an email alert when the usage of company cards for the month is aproaching the company credit limit. To avoid the limit being exceeded, a Brex admin will follow these steps: -1. Sign in to Fleet's Brex account. -2. On the landing page, use the "Move money" button to "Add funds to your Brex business accounts". -3. Select "Transfer from a connected account" and select the primary business account. -4. Choose the "One time" transfer option and process the transfer. - -No further action needs to be taken, the amount available for use will increase without disruption to regular processes. - -### Check franchise tax status -No later than the second month of every quarter, we check [Delaware divison of corporations](https://icis.corp.delaware.gov) to ensure that Fleet has paid the quarterly franchise tax amounts to remain in good standing with the state of Delaware. -- Go to the [DCIS - eCorp website](https://icis.corp.delaware.gov/ecorp/logintax.aspx?FilingType=FranchiseTax) and use the details in 1Password to look up Fleet's status. -- If no outstanding amounts: the tax has been paid. -- If outstanding amounts shown: ensure payment before due date to avoid penalties, interest, and entering bad standing. - - -### Check finances for quirks -Every quarter, we check Quickbooks Online (QBO) for discrepancies and follow up on quirks. -1. Check to make sure [bookkeeping quirks](https://docs.google.com/spreadsheets/d/1nuUPMZb1z_lrbaQEcgjnxppnYv_GWOTTo4FMqLOlsWg/edit?usp=sharing) are all accounted for and resolved or in progress toward resolution. -2. Check balance sheet and profit and loss statements (P&Ls) in QBO against the latest [monthly workbooks](https://drive.google.com/drive/folders/1ben-xJgL5MlMJhIl2OeQpDjbk-pF6eJM) in Google Drive. Ensure reports are in the "accural" accounting method. -3. Reach out to Pilot with any differences or quirks, and ask them to resolve/provide clarity. This often will need to happen over a call to review sycnhronously. -4. Once quirks are resolved, note the day it was resolved in the spreadsheet. - - -### Report quarterly numbers in Chronograph -Follow these steps to perform quarterly reporting for Fleet's investors: -1. Login to Chronograph and upload our profit and loss statement (P&L), balance sheet and cash flow statements for CRV (all in one book saved in [Google Drive](https://drive.google.com/drive/folders/1ben-xJgL5MlMJhIl2OeQpDjbk-pF6eJM). -2. Provide updated metrics for the following items using Fleet's [KPI spreadsheet](https://docs.google.com/spreadsheets/d/1Hso0LxqwrRVINCyW_n436bNHmoqhoLhC8bcbvLPOs9A/edit#gid=0). - - Headcount at end of the previous quarter. - - Starting ARR for the previous quarter. - - Total new ARR for the previous quarter. - - "Upsell ARR" (new ARR from expansions only- Chronograph defines "upsell" as price increases for any reason. - **- Fleet does not "upsell" anything; we deliver more value and customers enroll more hosts), downgrade ARR and churn ARR (if any) for the previous quarter.** - - Ending ARR for the previous quarter. - - Starting number of customers, churned customers, and the number of new customers Fleet gained during the previous quarter. - - Total amount of Fleet customers at the end of the previous quarter. - - Gross margin % - - How to calculate: (total revenue for the quarter - cost of goods sold for the quarter)/total revenue for the quarter (these metrics can be found in our books from Pilot). Chronograph will automatically conver this number to a %. - - Net dollar retention rate - - How to calculate: (starting ARR + new subscriptions and expansions - churn)/starting ARR. - - Cash burn - - How to calculate: start of quarter runway - end of quarter runway. - - -### Grant equity -Equity grants for new hires are queued up as part of the [hiring process](https://fleetdm.com/handbook/business-operations#hiring), then grants and consents are [batched and processed quarterly](https://github.com/fleetdm/confidential/issues/new/choose). - -Doing an equity grant involves: -- Executing a board consent -- The recipient and CEO signing paperwork about the stock options -- Updating the number of shares for the recipient in the equity plan -- Updating Carta to reflect the grant - -For the status of stock option grants, exercises, and all other _common stock_ including advisor, founder, and team member equity ownership, see [Fleet's equity plan](https://docs.google.com/spreadsheets/d/1_GJlqnWWIQBiZFOoyl9YbTr72bg5qdSSp4O3kuKm1Jc/edit#gid=0). For information about investor ownership, see [Carta](https://app.carta.com/corporations/1234715/summary/). - -> Fleet's [equity plan](https://docs.google.com/spreadsheets/d/1_GJlqnWWIQBiZFOoyl9YbTr72bg5qdSSp4O3kuKm1Jc/edit#gid=0) is the source of truth, not Carta. Neither are pro formas sent in an email attachment, even if they come from lawyers. -> -> Anyone can make mistakes, and none of us are perfect. Even when we triple check. Small mistakes in share counts can be hard to attribute, and can cause headaches and eat up nights of our CEO's and operations team's time. If you notice what might be a discrepancy between the equity plan and any other secondary source of information, please speak up and let Fleet's CEO know ASAP. Even if you're wrong, your note will be appreciated. - - -### Deliver annual report for venture line -Within 60 days of the end of the year, follow these steps: -1. Provide Silicon Valley Bank (SVB) with our balance sheet and profit and loss statement (P&L, sometimes called a cashflow statement) for the past twelve months. -2. Provide SVB with our board-approved annual operating budgets and projections (on a quarterly granularity) for the new year. -3. Deliver this as early as possible in case they have questions. - - -### Process a new vendor invoice -Fleet pays its vendors in less than 15 business days in most cases. All invoices and tax documents should be submitted to the Business Operations department using the [appropriate Fleet email address (confidential Google Doc)](https://docs.google.com/document/d/1tE-NpNfw1icmU2MjYuBRib0VWBPVAdmq4NiCrpuI0F0/edit#heading=h.wqalwz1je6rq). -- After making sure the invoice received from a new vendor is valid, add the new vendor to the recurring expenses section of ["The numbers"](https://docs.google.com/spreadsheets/d/1X-brkmUK7_Rgp7aq42drNcUg8ZipzEiS153uKZSabWc/edit#gid=2112277278) before paying the invoice. -- If we have not paid this vendor before, make sure we have received the required W-9 or W-8 form from the vendor. **Accounting cannot process a payment without these tax forms for compliance reasons.** - - **US-based vendors** are required to complete a [W-9 form](https://www.irs.gov/pub/irs-pdf/fw9.pdf). - - **Non-US based vendors and individuals** are required to follow these [instructions](https://www.irs.gov/instructions/iw8bene) and provide a completed [W-8BEN-E](https://www.irs.gov/pub/irs-pdf/fw8bene.pdf) form. - - - -### Process a request to cancel a vendor -- Make the cancellation notification in accordance with the contract terms between Fleet and the vendor, typically these notifications are made via email and may have a specific address that notice must be sent to. If the vendor has an autorenew contract with Fleet there will often be a window of time in which Fleet can cancel, if notification is made after this time period Fleet may be obligated to pay for the subsequent year even if we don't use the vendor during the next contract term. -- Once cancelled, update the recurring expenses section of [The Numbers](https://docs.google.com/spreadsheets/d/1X-brkmUK7_Rgp7aq42drNcUg8ZipzEiS153uKZSabWc/edit#gid=2112277278) to reflect the cancellation by changing the projected monthly burn in column G to $0 and adding "CANCELLED" in front of the vendor's name in column C. - - -### Review an NDA -We need to review an NDA anytime a vendor, customer or other party wants to: -- Use their own NDA rather than Fleet's standard NDA, or -- "Redline" (modify) Fleet's NDA by removing, adding or altering its terms. - -We should always seek to use Fleet's own NDA first, without alteration. - -When reading an NDA, we want to pay close attention to the following: -- We want to be sure that the confidentiality obligations of the NDA are reciprocal. Fleet and the other party to the agreement should be bound to the same standards of confidentiality toward the handling of each other's confidential information. -- Fleet does not agree to _"do not compete"_ or _"do not solicit clauses"_. An NDA should not contain provisions beyond the scope of an NDA. The two most commonly encountered examples of this are the "do not compete" and "do not solicit" clauses. We want to be free to hire the best people and make the best products, so when reading through an NDA it is important to keep an eye out for language that prohibits Fleet from hiring or soliciting current or former employees of other companies or that prohibit Fleet from independently developing products that compete with another company's products. Using the `cmd + f` function to search for "solici", "compet" and "hir" and reading through the results is a helpful method to quickly scan for these clauses. -- Look for any language that discusses a transfer of property rights. Rarely, you may find a clause snuck into an agreement that discusses the transfer of intellectual property rights. _We want to avoid any situation where Fleet transfers its intellectual property to another party as part of an NDA_. -- Should you find any clauses in steps 2 or 3 that are beyond the scope of protecting both party's confidential information in a customer NDA or an altered version of Fleet's NDA, reject this language and communicate that Fleet cannot agree to those terms. -- Any concerns or uncertainty over _any_ provisions in an NDA should be brought to Nathanael Holliday in BizOps, who will consult legal counsel if necessary to resolve any concerns. - -### Review a vendor agreement -When reviewing contracts from a vendor, Fleet is concerned about the following: -- If there are confidentiality provisions in the agreement in place of a stand-alone NDA, verify the confidentiality provisions are appropriate and protect Fleet when sensitive data is involved that isn't otherwise available to the public. -- We want to make sure there are no _do not solicit_ or _do not compete_ clauses in the contract. To aid in this search, we double check by using the cmd + f function and searching for "solici", "compet" and "hir" and then looking through the results to be sure that nothing prohibits Fleet from independently developing competing products or from hiring personnel with ties to the vendor. -- We want to make sure that contracts can be terminated relatively easily and be aware of what the process is for terminating them, avoiding commitments over 12 months in length. -- We want to make sure the payment terms work for us (i.e. being able to pay via wire transfer, credit card or bill.com) and that the price in any contract or order form is what we have agreed to. While almost never malicious, mistakes often occur in the steps between agreeing on a price, negotiating a contract, and receiving an invoice. We want to be sure at every step that the dollar amount and service provided is consistent with what has been negotiated and agreed upon. -- Remember, once we have signed the agreement - we're stuck with it. If any clause in the agreement appears strange or gives you pause or concern, it is better to seek clarification than to commit to something that might be detrimental to Fleet. Contracts are fairly standardized, and you'll quickly learn what is normal and what feels out of place. Unusual clauses or wording that seems out of the ordinary should get a second set of eyes just to be sure, do not hesitate to reach out to Nathanael Holliday with questions, who will reach out to legal counsel as necessary. - -### Review an order form -- We should always check order forms for additional terms that go beyond the scope of the order form (caps on price increases, for example). -- Be sure the order form includes contact information + billing address and information so that Fleet knows how and who to invoice for payment. -- Verify that the payment terms are correct and matches what's in the agreement. This is a frequent common mistake as companies usually have default payment terms and overlook changing them to match atypical payment terms. -- Make sure the effective term of the order matches what was agreed upon (usually a one year term) and that the order form includes the correct number of hosts and whether or not it should contain professional services (usually, it does not). -- Check that the amount on the order form reflects what Fleet agreed to, as this is the amount that the customer will expect to be invoiced for. -- Lastly, double check one more time to make sure there are no sneaky, unusual terms snuck in at the bottom of an order form or stashed away in fine print. Common things that are included in order forms and not always communicated to Fleet are caps on price increases upon renewal, new SLAs, or a product roadmap or milestones we may not have agreed upon. Any clauses on an order form that appear beyond the scope of simply elaborating on the services being provided, the purchase cost, the contract that the purchase is being made under, how Fleet will bill and how the customer will pay deserves a careful look. Reach out to Nathanael Holliday in BizOps with concerns. - -### Review a non-standard subscription agreement -We want to use our standard terms whenever possible with our customers, but it is common that customers want to use their own agreement or redline (modify) Fleet's terms. -When reviewing subscription agreements on customer paper or when a customer has made changes to Fleet's terms, we review it using [these guidelines](https://docs.google.com/document/d/1aGgN5It1i3fdsBF37vWSbvukO_gQhy5vCp4fINg191Q/edit?usp=sharing). - - -### Update weekly KPIs -- Create the weekly update issue from the template in ZenHub every Friday and update the [KPIs for BizOps](https://docs.google.com/spreadsheets/d/1Hso0LxqwrRVINCyW_n436bNHmoqhoLhC8bcbvLPOs9A/edit#gid=0) by 5pm US central time. -- Check the KPI sheet at 5pm US central time to ensure all departments have updated their KPIs on time. If any departments are delinquent, notify the department head and let the [Apprentice](https://fleetdm.com/handbook/digital-experience#team) know so they can put it on the agenda for their next one-on-one with the CEO. - - -## Rituals - -The following table lists this department's rituals, frequency, and Directly Responsible Individual (DRI). - - - - - -#### Stubs -The following stubs are included only to make links backward compatible. - -##### Vetty -Please see [hanbook/business-operations#access-a-background-check](https://www.fleetdm.com/handbook/business-operations#access-a-background-check). - -##### Role-specific licenses -Please see [hanbook/business-operations#grant-role-specific-license-to-a-team member](https://www.fleetdm.com/handbook/business-operations#grant-role-specific-license-to-a-team-member). - -##### Recurring expenses -##### Tools we use -Please see [hanbook/business-operations#grant-role-specific-license-to-a-team member](https://www.fleetdm.com/handbook/business-operations#reconcile-monthly-recurring-expenses). - -##### Secure company-issued equipment for a team member -Please see [handbook/engineering#secure-company-issued-equipment-for-a-team-member](https://www.fleetdm.com/handbook/engineering#secure-company-issued-equipment-for-a-team-member). - -##### Register a domain for Fleet -Please see [handbook/register-a-domain-for-fleet](https://www.fleetdm.com/handbook/engineering#register-a-domain-for-fleet). - -##### Updating personnel details -Please see [handbook/engineering#update-personnel-details](https://www.fleetdm.com/handbook/engineering#update-personnel-details). - -##### Fix a laptop that's not checking in -Please see [handbook/engineering#fix-a-laptop-thats-not-checking-in](https://www.fleetdm.com/handbook/engineering#fix-a-laptop-thats-not-checking-in) - -##### Enroll a macOS host in dogfood -Please see [handbook/engineering#enroll-a-macos-host-in-dogfood](https://www.fleetdm.com/handbook/engineering#enroll-a-macos-host-in-dogfood) - -##### Enroll a Windows or Ubuntu Linux device in dogfood -Please see [handbook/engineering#enroll-a-windows-or-ubuntu-linux-device-in-dogfood](https://www.fleetdm.com/handbook/engineering#enroll-a-windows-or-ubuntu-linux-device-in-dogfood) - -##### Enroll a ChromeOS device in dogfood -Please see [handbook/engineering#enroll-a-chromeos-device-in-dogfood](https://www.fleetdm.com/handbook/engineering#enroll-a-chromeos-device-in-dogfood) - -##### Lock a macOS host in dogfood using fleetctl CLI tool -Please see [handbook/engineering#lock-a-macos-host-in-dogfood-using-fleetctl-cli-tool](https://www.fleetdm.com/handbook/engineering#lock-a-macos-host-in-dogfood-using-fleetctl-cli-tool) - -##### Book an event -Please see [handbook/engineering#book-an-event](https://www.fleetdm.com/handbook/engineering#book-an-event) - -##### Order SWAG -Please see [handbook/engineering#order-swag](https://www.fleetdm.com/handbook/engineering#order-swag) - - - - diff --git a/handbook/company/README.md b/handbook/company/README.md index 03f0ac42a7cd..522d1f57bcf5 100644 --- a/handbook/company/README.md +++ b/handbook/company/README.md @@ -137,34 +137,18 @@ Fleet added support for [scripting and management capabilities](https://fleetdm. ## Org chart To provide clarity about decision-making, [responsibility](https://fleetdm.com/handbook/company/why-this-way#why-direct-responsibility), and resources, everyone at Fleet has a manager, and [every manager](https://fleetdm.com/handbook/company/leadership) has direct reports. Fleet's organizational chart is accessible company-wide as a sub-tab in ["🧑‍🚀 Fleeties" (private google doc)](https://docs.google.com/spreadsheets/d/1OSLn-ZCbGSjPusHPiR5dwQhheH1K8-xqyZdsOe9y7qc/edit#gid=0). On the other sub-tabs, you can also check out a world map of where everyone is located, hiring stats, and fun facts about each team member. -- 🔦 [Business Operations](https://fleetdm.com/handbook/business-operations): The Business Operations department is directly responsible for people operations, finance + invoicing, tax, compliance, and legal + deal desk. -- 🌦️ [Customer Success](https://fleetdm.com/handbook/customer-success): The customer success department is directly responsible for ensuring that customers and community members of Fleet achieve their desired outcomes with Fleet products and services. -- 🐋 [Sales](https://fleetdm.com/handbook/sales): The Sales department is directly responsible for attaining the revenue goals of Fleet and helping customers deliver on their objectives. -- 🫧 [Demand](https://fleetdm.com/handbook/demand): The Demand department is directly responsible for growing awareness of Fleet and nurturing the community through participation in events, conversations, and other programs. - 🚀 [Engineering](https://fleetdm.com/handbook/engineering): The Engineering department at Fleet is directly responsible for writing and maintaining the code for Fleet's core product, as well as Fleet's Information technology (IT) infrastucture. - 🦢 [Product Design](https://fleetdm.com/handbook/product-design): The Product Design department is directly responsible for defining and prioritizing the changes made to the core product, Fleet API, and reference documentation. +- 🌦️ [Customer Success](https://fleetdm.com/handbook/customer-success): The customer success department is directly responsible for ensuring that customers and community members of Fleet achieve their desired outcomes with Fleet products and services. +- 🫧 [Demand](https://fleetdm.com/handbook/demand): The Demand department is directly responsible for growing awareness of Fleet and nurturing the community through participation in events, conversations, and other programs. +- 💸 [Finance](https://fleetdm.com/handbook/finance): The Finance department is directly responsible for accounts receivable including invoicing, accounts payable including commision calculations, exspense reporting including Brex memos and maintaining accurate spend projections in "🧮The numbers", sales taxes, payroll taxes, corporate income/franchise taxes, and financial operations including bank accounts and cash flow management. +- 🐋 [Sales](https://fleetdm.com/handbook/sales): The Sales department is directly responsible for attaining the revenue goals of Fleet and helping customers deliver on their objectives. - 🌐 [Digital Experience](https://fleetdm.com/handbook/digital-experience): The Digital Experience department is directly responsible for the framework, content design, and technology behind Fleet's remote work culture and overall brand experience, including fleetdm.com, the handbook, issue templates, UI style guides, consistent brandfronts, internal tooling, Zapier flows, Docusign templates, key spreadsheets, and project management processes. ## Advisors While most improvements at Fleet are driven by informal conversations with customers and open-source contributors, the company also has a few dozen advisors and investors, including [Sid](https://about.gitlab.com/blog/2022/10/14/one-third-of-what-we-learned-about-ipos-in-taking-gitlab-public/) [Sijbrandij](https://about.gitlab.com/handbook/ceo/#sijbrandij-pronunciation-hint) _(GitLab)_, [Dylan Field](https://en.wikipedia.org/wiki/Dylan_Field) _(Figma)_, [Mike Arpaia](https://www.youtube.com/watch?v=zfCak2UIOD8) _(osquery)_, [Alexandr Wang](https://www.businessofbusiness.com/articles/scale-ai-machine-learning-startup-alexandr-wang/) _(Scale AI)_, [Sanjay](https://www.zdnet.com/article/vmware-buys-airwatch-for-1-54-billion-acquires-mobility-strategy/) [Poonen](https://www.businessinsider.com/vmware-carbon-black-acquisition-sanjay-poonen-cybersecurity-2019-10?op=1) _(VMware, Cohesity)_, and [other smart people who are eager to help](https://docs.google.com/spreadsheets/d/15knBE2-PrQ1Ad-QcIk0mxCN-xFsATKK9hcifqrm0qFQ/edit). If you have a question for one of them, Fleet's CEO is happy to introduce you. ([Just ask](https://fleetdm.com/handbook/company/leadership#contact-the-ceo).) - diff --git a/handbook/company/communications.md b/handbook/company/communications.md index 7b5a97b1ae54..b4f9b08ea910 100644 --- a/handbook/company/communications.md +++ b/handbook/company/communications.md @@ -38,8 +38,8 @@ We track competitors' capabilities and adjacent (or commonly integrated) product | Social media | _See [🫧 Digital Marketing Manager](https://fleetdm.com/handbook/demand#team)_ | Blog | _See [🚀 Client Platform Engineer & Community Advocate](https://fleetdm.com/handbook/engineering#team)_ | Information technology (IT) | _See [🚀 Client Platform Engineer & Community Advocate](https://fleetdm.com/handbook/engineering#team)_ -| Payroll, bookkeeping, AR/AP | _See [🔦 Head of Business Operations](https://fleetdm.com/handbook/customer-success#team)_ -| Legal contracts | _See [🔦 Business Operations team](https://fleetdm.com/handbook/customer-success#team)_ +| Payroll, bookkeeping, AR/AP | _See [💸 Head of Finance](https://fleetdm.com/handbook/finance#team)_ +| Legal contracts | _See [🌐 Digital Experience team](https://fleetdm.com/handbook/digital-experience#team)_ | Customer renewals | _See [🌦️ VP of Customer Success](https://fleetdm.com/handbook/customer-success#team)_ | Customer deployments | _See [🌦️ Infrastructure Engineer](https://fleetdm.com/handbook/customer-success#team)_ | Customer support | _See [🌦️ Customer Success team](https://fleetdm.com/handbook/customer-success#team)_ @@ -53,7 +53,7 @@ We track competitors' capabilities and adjacent (or commonly integrated) product | Product introduction docs | _See [🛠️ CEO responsibilities](https://fleetdm.com/handbook/company/leadership#ceo-responsibilities)_ | Product deployment docs | _See [🚀 Chief Technology Officer](https://fleetdm.com/handbook/engineering#team)_ | Product usage docs | _See [🦢 Head of Product Design](https://fleetdm.com/handbook/product-design#team)_ -| Product reference docs | _See [🦢 Noah Talerman](https://fleetdm.com/handbook/product-design#team)_ +| Product reference docs | _See [🦢 Head of Product Design](https://fleetdm.com/handbook/product-design#team)_ | What goes in a release | _See [🚀 Chief Technology Officer](https://fleetdm.com/handbook/engineering#team)_ | Engineering output and architecture | _See [🚀 Chief Technology Officer](https://fleetdm.com/handbook/engineering#team)_ | Product development | _See [🛩️ Product groups](https://fleetdm.com/handbook/company/product-groups#current-product-groups)_ @@ -61,18 +61,18 @@ We track competitors' capabilities and adjacent (or commonly integrated) product ## Tech stack admins | Role | Google Workspace | Slack | GitHub | Gusto | Pilot | Plane | 1Password | -|:----------------------|------------------:|------------------:|------------------:|------------------:|------------------:|------------------:|------------------:| -| CEO | ✅ Super admin | ✅ Primary workspace owner | ✅ Owner | ✅ Primary admin | ✅ Admin| ✅ Owner | ✅ Owner | -| CTO | ❌ | ❌ | ✅ Owner | ❌ | ✅ Admin | ❌ | ❌ | -| Head of BizOps | ✅ Super admin | ✅ Owner | ✅ Owner| ✅ Admin | ✅ Admin| ✅ Admin | ✅ Admin | -| BizOps Engineer | ✅ Super admin| ✅ Owner | ✅ Owner| ✅ Admin | ✅ Admin| ✅ Admin | ✅ Admin| -| Head of Digital Experience | ✅ Super admin| ✅ Owner | ✅ Owner| ❌ | ✅ Admin| ❌ | ✅ Admin| -| Apprentice | ❌ | ❌ | ❌ | ❌ | ✅ Admin| ❌ | ❌ | -| Digital Experience Engineer | ✅ Super admin | ✅ Admin | ❌ | ❌ | ❌ | ❌ | ✅ Admin| +|:-----|-----------------:|------:|-------:|------:|------:|------:|----------:| +| CEO | ✅ Super admin | ✅ Primary workspace owner | ✅ Owner | ✅ Primary admin | ✅ Owner |✅ Owner | ✅ Owner | +| CTO | ❌ | ❌ | ✅ Owner | ❌ | ❌ | ✅ Admin | ❌ | +| Head of Finance | ❌ | ❌ | ❌ | ✅ Admin | ✅ Admin | ✅ Admin | ❌ | +| Finance Engineer | ❌ | ❌ | ❌ | ✅ Admin | ✅ Admin |✅ Admin | ❌ | +| Head of Digital Experience | ✅ Super admin | ✅ Owner | ✅ Owner| ✅ Admin | ❌ | ✅ Admin | ✅ Admin | +| Apprentice | ✅ Super admin| ✅ Owner | ✅ Owner | ✅ Admin | ❌ | ✅ Admin | ✅ Admin | +| Digital Experience Engineer | ✅ Super admin | ✅ Admin | ❌ | ❌ | ❌ | ❌ | ✅ Admin | | Head of Product Design | ❌ | ✅ Admin | ❌ | ❌ | ❌ | ❌ | ❌ | | VP of CX | ❌ | ✅ Owner | ❌ | ❌ | ❌ | ❌ | ❌ | | CX Sr. Suppoert Engineer | ❌ | ✅ Admin | ❌ | ❌ | ❌ | ❌ | ❌ | -| Pilot bookkeeper | ❌ | ❌ | ❌ | ✅ Admin | ❌ | ✅ Admin | ❌ | +| Pilot bookkeeper | ❌ | ❌ | ❌ | ✅ Admin | ❌ | ✅ Admin | ❌ | ### Docs @@ -191,7 +191,7 @@ Fleet uses YouTube to help keep the community up-to-date and informed. These vid When scheduling external meetings, provide external participants with a [Calendly](https://calendly.com) link to schedule with the relevant internal participants. If you -need a Calendly account, reach out to `#g-business-operations` via Slack. +need a Calendly account, reach out to `#g-digital-experience` via Slack. ### Internal meeting scheduling @@ -299,7 +299,7 @@ In some instances, you may need to record a call locally (i.e. save the recordin Fleet uses these levels to standardize a commitment to minimal esotericism across the company. - **Public:** _Share with anyone, anywhere in the world_ - **Confidential:** _Share only with team members who've signed an NDA, consulting agreement, or employment agreement_ -- **Classified:** _Share only with founders of Fleet, business operations, and/or the people involved. e.g., US social security numbers during hiring_ +- **Classified:** _Share only with the CEO, Head of Digital Experience, and/or the people involved. e.g., US social security numbers during hiring_ ### Document titles @@ -308,8 +308,8 @@ Fleet uses these levels to standardize a commitment to minimal esotericism acros - **"Public":** _(Available to public)_ - _(Confidential - for Fleet eyes only)_ - **"¶":** _(E-group - Direct reports the the CEO)_ -- **"¶¶":** _(Classified - CEO, Apprentice, and BizOps)_ -- **"¶¶¶":** _(CEO, Apprentice to the CEO, and board members)_ +- **"¶¶":** _(Classified - CEO, Head of Digital Experience, and Apprentice)_ + ## Google Drive @@ -360,7 +360,7 @@ We use these prefixes to organize the Fleet Slack: ### Create a GitHub issue from a Slack thread -If you need to track content from a Slack channel (ie. #g-sales), you can automatically generate a github issue by selecting the `create-github-issue` emoji on the thread. This will automatically create an issue tagged with the #g-business-operations label. If you need the issue logged against a specific board, ensure that you have updated the label during issue creation. +If you need to track content from a Slack channel (ie. #g-sales), you can automatically generate a github issue by selecting the `create-github-issue` emoji on the thread. This will automatically create an issue tagged with the GitHub label that corisponds with the Slack channel. If you need the issue logged against a specific board, ensure that you have updated the label during issue creation. image @@ -613,7 +613,7 @@ For more developed thoughts about __spending guidelines and limits__, please rea #### Non-travel purchases that exceed a Brex cardholder's limit -For non-travel purchases that would require an increase in the Brex cardholder's limit ($2,000 by default), please [make a request](https://fleetdm.com/handbook/business-operations#contact-us) with following information: +For non-travel purchases that would require an increase in the Brex cardholder's limit ($2,000 by default), please [make a request](https://fleetdm.com/handbook/digital-experience#contact-us) with following information: - The nature of the purchase (i.e. SaaS subscription and what it's used for) - The cost of the purchase and whether it is a fixed or variable (i.e. use-based) cost. - Whether it is a one time purchase or a recurring purchase and at what frequency the purchase will re-occur (annually, monthly, etc.) @@ -636,7 +636,7 @@ When procuring SaaS tools and services, analyze the purchase of these subscripti #### Reimbursements -Fleet does not reimburse expenses. We provide all of our team members with Brex cards for making purchases for the company. For company expenses, **use your Brex card.** If there was an extreme accident, [get help](https://fleetdm.com/handbook/business-operations#contact-us). +Fleet does not reimburse expenses. We provide all of our team members with Brex cards for making purchases for the company. For company expenses, **use your Brex card.** If there was an extreme accident, [get help](https://fleetdm.com/handbook/digital-experience#contact-us). - Be creative. If an AirBnb is the most efficient way to house the team, then do that. If separate hotel rooms are more efficient, then do that. - If the stay is longer than 4 nights and an Airbnb with a washing machine is not available, then dry cleaning can be purchased with your Brex card. -- If you need to meet with a large group that won't fit in your hotel room or Airbnb (e.g. more than 5 people), [contact Business Operations](https://fleetdm.com/handbook/business-operations#contact-us) for their help approving and booking additional event space. +- If you need to meet with a large group that won't fit in your hotel room or Airbnb (e.g. more than 5 people), [contact Digital Experience](https://fleetdm.com/handbook/digital-experience#contact-us) for their help approving and booking additional event space. ### Spending company money while traveling When attending a conference or traveling for Fleet, keep the following in mind: - **No reimbursements:** Use your company Brex card. Reimbursements are time consuming, so Fleet does not do reimbursements for spending on personal credit cards. -- **Food:** Be efficient and use your own credit card when it makes sense. There is a $100 allowance per day for your own personal food and beverage on your company Brex card. _(There are many good reasons to make exceptions to this allowance, such as dinners with customers. Before proceeding, please [request approval from the Head of Business Operations](https://fleetdm.com/handbook/business-operations#contact-us) to avoid complexities._ +- **Food:** Be efficient and use your own credit card when it makes sense. There is a $100 allowance per day for your own personal food and beverage on your company Brex card. _(There are many good reasons to make exceptions to this allowance, such as dinners with customers. - **Tipping:** Tipping norms vary by culture. How you tip when representing the company reflects on Fleet's brand. When traveling in the United States and using your company Brex card, prepare to tip between 18-20% at restaurants. For rideshare, takeout, delivery, and other situations where tipping comes up, tip between 10-20%. - **Personal credit card:** Please use your personal credit card for hotel incidentals, personal consumables, movies, mini bars, and entertainment. These expenses _will not_ be reimbursed. - **Company credit card:** We recommend you order a physical Brex card if you do not have one before traveling. -- **Credit card limit increases:** The monthly limit on your Brex card may need to be increased temporarily as necessary to accommodate the increased spending associated with the conference, such as [booking your own travel](https://fleetdm.com/handbook/company/communications#flights). You can [request that here](https://fleetdm.com/handbook/business-operations#contact-us) by providing the following information: +- **Credit card limit increases:** The monthly limit on your Brex card may need to be increased temporarily as necessary to accommodate the increased spending associated with the conference, such as [booking your own travel](https://fleetdm.com/handbook/company/communications#flights). You can [request that here](https://fleetdm.com/handbook/digital-experience#contact-us) by providing the following information: - The start and end dates for your trip. - The [price of your flight](https://fleetdm.com/handbook/company/communications#flights) - The [price of your hotel or Airbnb](https://fletdm.com/handbook/comopany/communications#lodging) per night @@ -756,7 +756,7 @@ You can learn more about how Fleet approaches security in the [security handbook ## Vendor questionnaires -In responding to security questionnaires, Fleet endeavors to provide full transparency via our [security policies](https://fleetdm.com/handbook/security/security-policies#security-policies), [trust](https://trust.fleetdm.com/), and [application security](https://fleetdm.com/handbook/business-operations/application-security) documentation. In addition to this documentation, please refer to [the vendor questionnaires page](https://fleetdm.com/handbook/business-operations/vendor-questionnaires). [Contact the Sales department](https://fleetdm.com/handbook/sales#contact-us) to address any pending questionnaires. +In responding to security questionnaires, Fleet endeavors to provide full transparency via our [security policies](https://fleetdm.com/handbook/digital-experience/security-policies#security-policies), [trust](https://trust.fleetdm.com/), and [application security](https://fleetdm.com/handbook/digital-experience/application-security) documentation. In addition to this documentation, please refer to [the vendor questionnaires page](https://fleetdm.com/handbook/digital-experience/vendor-questionnaires). [Contact the Sales department](https://fleetdm.com/handbook/sales#contact-us) to address any pending questionnaires. ## Getting a contract signed @@ -780,7 +780,7 @@ Please use [Fleet's billing email address](https://fleetdm.com/handbook/company/ To get a contract reviewed, upload the agreement to [Google Drive](https://drive.google.com/drive/folders/1G1JTpFxhKZZzmn2L2RppohCX5Bv_CQ9c). -Complete the [contract review issue template in GitHub](https://fleetdm.com/handbook/business-operations#contact-us), being sure to include the link to the document you uploaded and using the Calendly link in the issue template to schedule time to discuss the agreement with Nathan Holliday (allowing for sufficient time for him to have reviewed the contract prior to the call). +Complete the [contract review issue template in GitHub](https://github.com/fleetdm/confidential/issues/new?assignees=hollidayn&labels=%23g-digital-experience&projects=&template=contract-review.md&title=Review%3A++%F0%9F%96%8B%EF%B8%8F+__________________________), being sure to include the link to the document you uploaded and using the Calendly link in the issue template to schedule time to discuss the agreement with Nathan Holliday (allowing for sufficient time for him to have reviewed the contract prior to the call). Follow up comments should be made in the GitHub issue and in the document itself so it is all in the same place. @@ -792,7 +792,7 @@ If an agreement requires an additional review during the negotiation process, th When no further review or action is required for an agreement and the document is ready to be signed, the requestor is then responsible for routing the document for signature. -> **Note:** Please submit other legal questions and requests to [Business Operations department](https://fleetdm.com/handbook/business-operations#contact-us). +> **Note:** Please submit other legal questions and requests to [Digital Experience](https://fleetdm.com/handbook/digital-experience#contact-us). ## Trust @@ -810,7 +810,7 @@ Here are a few different entry points for a tour of Fleet's security policies an 3. [Account recovery process](https://fleetdm.com/handbook/security#account-recovery-process) 4. [Personal mobile devices](https://fleetdm.com/handbook/security#personal-mobile-devices) 5. [Hardware security keys](https://fleetdm.com/handbook/security#hardware-security-keys) -6. More details about internal security processes at Fleet are located on [the Security page](https://fleetdm.com/handbook/business-operations/security). +6. More details about internal security processes at Fleet are located on [the Security page](https://fleetdm.com/handbook/digital-experience/security). ## Benefits @@ -864,7 +864,7 @@ When you need to take time off, follow this process: ### Coworking -Your Brex card may be used for up to $500 USD per month in coworking costs. Please get prior approval by making a [custom request to the business operations team](https://fleetdm.com/handbook/business-operations#contact-us). +Your Brex card may be used for up to $500 USD per month in coworking costs. Please get prior approval from the [Digital Experience team](https://fleetdm.com/handbook/digital-experience#contact-us). ## Compensation @@ -886,12 +886,12 @@ We're happy you've ventured a trip around the sun with Fleet- let's celebrate! T ### Compensation changes -Fleet evaluates and (if relevant) updates compensation decisions yearly, shortly after the anniversary of a team member's start date. The Head of BizOps is responsible for the process to [update compensation](https://fleetdm.com/handbook/business-operations#updating-compensation) +Fleet evaluates and (if relevant) updates compensation decisions yearly, shortly after the anniversary of a team member's start date. The Head of Digital Experience is responsible for the process to [update compensation](https://fleetdm.com/handbook/digital-experience#updating-compensation) ### Relocating -When Fleeties relocate, there are vendors that need to be notified of the change. Before relocating, please [let the company know in advance](https://fleetdm.com/handbook/business-operations#contact-us) by following the directions listed in the relevant issue template ("Moving"). +When Fleeties relocate, there are vendors that need to be notified of the change. Before relocating, please [let the company know in advance](https://fleetdm.com/handbook/digital-experience#contact-us) by following the directions listed in the relevant issue template ("Moving"). ## Team member onboarding @@ -924,7 +924,7 @@ We want to make sure that the new team member will be able to complete every tas We believe in taking onboarding and training seriously and that the onboarding template is an essential source of truth and good use of time for every single new hire. If managers see a step that they don't feel is necessary, they should make a pull request to the [onboarding template](https://github.com/fleetdm/confidential/blob/main/.github/ISSUE_TEMPLATE/onboarding.md). Expectations during onboarding: -- Onboarding time (all checkboxes checked) is a KPI for the business operations team. Our goal is 14 days or less. +- Onboarding time (all checkboxes checked) is a KPI for the Digital Experience team. Our goal is 14 days or less. - The first 3 weekdays (excluding days off) for **every new team member** at Fleet is reserved for completing onboarding tasks from the checkboxes in their onboarding issue. New team members **should not work on anything else during this time**, whether or not other tasks are stacking up or assigned. It is OK, expected, and appreciated for new team members to **remind their manager and colleagues** of this [important](https://fleetdm.com/handbook/company/why-this-way#why-the-emphasis-on-training) responsibility. - Even after the first 3 days, during the rest of their first 2 weeks, completing onboarding tasks on time is a new team member's [highest priority](https://fleetdm.com/handbook/company/why-this-way#why-the-emphasis-on-training). @@ -1017,13 +1017,13 @@ Fleet provides laptops, YubiKey security keys, and software licenses for core te ### Requesting new equipment -As soon as an offer is accepted, Business Operations will reach out to the new team member to start this process and will work with the new team member to get their equipment requested and shipped to them on time. From time to time, team members need to purchase additional equipment in the interest of the company. +As soon as an offer is accepted, Digital Experience will reach out to the new team member to start this process and will work with the new team member to get their equipment requested and shipped to them on time. From time to time, team members need to purchase additional equipment in the interest of the company. If you are in need of additional equipment for any reason, [open an IT support request](https://github.com/fleetdm/confidential/issues/new?assignees=spokanemac&labels=%3Ahelp-it&projects=&template=request-it-support.md&title=%F0%9F%92%BB+Request+IT+support). When possible, Fleet will pull from its warehouse of existing assets before spending [more money on new equipment](https://fleetdm.com/handbook/company/why-this-way#why-spend-less). - **Tracking equipment:** When a device has been purchased, it's added to the [spreadsheet of company equipment](https://docs.google.com/spreadsheets/d/1hFlymLlRWIaWeVh14IRz03yE-ytBLfUaqVz0VVmmoGI/edit#gid=0) where we keep track of devices and equipment, purchased by Fleet. When you receive your new computer, complete the entry by adding a description, model, and serial number to the spreadsheet. -- **Returning equipment:** Apple computers with remaining AppleCare Protection Plans should be reprovisioned to other Fleeties who may have older or less-capable computers. Equipment should be returned once offboarded for reprovisioning. Coordinate offboarding and return with the Head of Business Operations. Please return all equipment to the Fleet IT warehouse using Fleet's FedEx account (address and account # in 1Password). +- **Returning equipment:** Apple computers with remaining AppleCare Protection Plans should be reprovisioned to other Fleeties who may have older or less-capable computers. Equipment should be returned once offboarded for reprovisioning. Coordinate offboarding and return with the Head of Digital Experience. Please return all equipment to the Fleet IT warehouse using Fleet's FedEx account (address and account # in 1Password). - **Equipment retention and replacement:** Older equipment results in lost productivity of Fleeties and should be considered for replacement. Replacement candidates are computers that are no longer under an AppleCare+ Protection Plan (or another warranty plan), are >3 years from the [discontinued date](https://everymac.com/systems/apple/macbook_pro/index-macbookpro.html#specs), or when the "Battery condition" status in Fleet is less than "Normal". The old equipment should be evaluated for return or retention as a test environment. @@ -1755,9 +1755,6 @@ Please see 📖[handbook/company/communications#purchase-company-issued-equipmen ##### Buying other new equipment Please see 📖[handbook/company/communications#purchase-company-issued-equipment](https://fleetdm.com/handbook/company/communications#equipment) for above. -##### Purchasing a company-issued device -Please see 📖[handbook/business-operations#secure-company-issued-equipment-for-a-team-member](https://fleetdm.com/handbook/business-operations#secure-company-issued-equipment-for-a-team-member). - ##### Company travel Please see 📖[handbook/company/communications#travel](https://fleetdm.com/handbook/company/communications#travel). diff --git a/handbook/company/handbook.md b/handbook/company/handbook.md index 345437ee0c94..f7d416e9b21d 100644 --- a/handbook/company/handbook.md +++ b/handbook/company/handbook.md @@ -16,7 +16,7 @@ All done! To contribute a new handbook page: 1. Determine where the new page should live in the handbook. That is, nested under either: a. [the "Company" handbook](https://fleetdm.com/handbook/company), or - b. the handbook for a particular division (Security, Engineering, Product, Sales, Marketing, Business Operations) + b. the handbook for a particular division (Engineering, Product Design, Customer Support, Sales, Demand, Finance, Digital Experience) 2. Locate the appropriate folder for the new page in [the GitHub repository under `handbook/`](https://github.com/fleetdm/fleet/tree/main/handbook). 3. Create a new markdown file (like [one of these](https://github.com/fleetdm/fleet/tree/f90148abad96fccb6c5647a31877fa7e91b5ee57/handbook/digital-experience)). A simple, easy way to do this is by clicking "Add file" on GitHub.com. a. Name your new file the kebab-cased, all lowercase version of your page title, with `.md` at the end. (For example, a page titled "Why this way?" would have the file path: `handbook/company/why-this-way.md`.) diff --git a/handbook/company/leadership.md b/handbook/company/leadership.md index 02eaf6645862..41bdd9915faf 100644 --- a/handbook/company/leadership.md +++ b/handbook/company/leadership.md @@ -109,7 +109,7 @@ In this meeting, the department leader discusses actual week-over-week progress At Fleet, we collaborate with [core team members](#creating-a-new-position), [consultants](#hiring-a-consultant), [advisors](#adding-an-advisor), and [outside contributors](https://github.com/fleetdm/fleet/graphs/contributors) from the community. -> Are you a new fleetie joining the Business Operations team? For Loom recordings demonstrating how to make offers, hire, onboard, and more please see [this classified Google Doc](https://docs.google.com/document/d/1fimxQguPOtK-2YLAVjWRNCYqs5TszAHJslhtT_23Ly0/edit). +> Are you a new fleetie joining the Digital Experience team? For Loom recordings demonstrating how to make offers, hire, onboard, and more please see [this classified Google Doc](https://docs.google.com/document/d/1fimxQguPOtK-2YLAVjWRNCYqs5TszAHJslhtT_23Ly0/edit). ### Consultants @@ -131,7 +131,7 @@ Consultants: Consultants [track time using the company's tools](#tracking-hours) and sign [Fleet's consulting agreement](#sending-a-consulting-agreement). -To hire a consultant, [submit a new consultant onboarding request](https://github.com/fleetdm/confidential/issues/new?assignees=&labels=%23g-business-operations&projects=&template=new-consultant-onboarding.md&title=New+US%2Finternational+consultant) to the business operations team. +To hire a consultant, [submit a new consultant onboarding request](https://github.com/fleetdm/confidential/issues/new?assignees=&labels=%23g-digital-experience&projects=&template=new-consultant-onboarding.md&title=New+US%2Finternational+consultant) to the Digital Experience team. #### Who ISN'T a consultant? @@ -151,7 +151,7 @@ Consultants aren't required to do any of those things. #### Sending a consulting agreement -To send a consulting agreement, you will need to [submit a new consultant onboarding request](https://github.com/fleetdm/confidential/issues/new?assignees=&labels=%23g-business-operations&projects=&template=new-consultant-onboarding.md&title=New+US%2Finternational+consultant) to the business operations team. They will then peform the steps needed to bring aboard a new consultant. +To send a consulting agreement, you will need to [submit a new consultant onboarding request](https://github.com/fleetdm/confidential/issues/new?assignees=&labels=%23g-digital-experience&projects=&template=new-consultant-onboarding.md&title=New+US%2Finternational+consultant) to the Digital Experience team. They will then peform the steps needed to bring aboard a new consultant. You will be asked to provide the following details: - Consultant's name (or business name) @@ -166,7 +166,7 @@ If the consultant is international, you will also provide: - Consultant's date of birth -> To update a consultant's fee, [submit an issue to BizOps](https://github.com/fleetdm/confidential/issues/new?assignees=&labels=%23g-business-operations&projects=&title=Update%20consultant%20fee) with the consultant's name and new hourly rate. +> To update a consultant's fee, [submit an issue to Digital Experience](https://github.com/fleetdm/confidential/issues/new?assignees=&labels=%23g-digital-experience&projects=&title=Update%20consultant%20fee) with the consultant's name and new hourly rate. image @@ -255,7 +255,7 @@ When review is requested on a proposal to open a new position, the Apprentice to - _Update team database:_ Update the row in ["¶¶ 🥧 Equity plan"](https://docs.google.com/spreadsheets/d/1_GJlqnWWIQBiZFOoyl9YbTr72bg5qdSSp4O3kuKm1Jc/edit#gid=0) using the benchmarked compensation and share count. - _Salary:_ Enter the salary: If the role has variable compensation, use the role's OTE (on-target earning estimate) as the budgeted salary amount, and leave a note in the "Notes (¶¶)" cell clarifying the role's bonus or commission structure. - _Equity:_ Enter the equity as a number of shares, watching the percentage that is automatically calculated in the next cell. Keep guessing different numbers of shares until you get the derived percentage looking like what you want to see. - - _Create Slack channel:_ Create a private "#YYYY-hiring-xxxxxx" Slack channel (where "xxxxxx" is the job title and YYYY is the current year) for discussion and invite the hiring manager and Head of Business Operations. + - _Create Slack channel:_ Create a private "#YYYY-hiring-xxxxxx" Slack channel (where "xxxxxx" is the job title and YYYY is the current year) for discussion and invite the hiring manager and Head of Digital Experience. - _Publish opening:_ Approve and merge the pull request. The job posting will go live within ≤10 minutes. - _Track as approved in "Fleeties":_ In the "Fleeties" spreadsheet, find the row for the new position and update the "Job description" column and replace the URL of the pull request that originally proposed this new position with the URL of the GitHub merge commit when that PR was merged. - _Reply to requestor:_ Post a comment on the pull request, being sure to include a direct link to their live job description on fleetdm.com. (This is the URL where candidates can go to read about the job and apply. For example: `fleetdm.com/handbook/company/product-designer`): @@ -282,7 +282,7 @@ Fleet uses [certain email templates](https://docs.google.com/document/d/1VAMWIH8 ### Hiring restrictions #### Incompatible former employers -Fleet maintains a list of companies with whom Fleet has do-not-solicit terms that prevents us from making offers to employees of these companies. The list is in the Do Not Solicit tab of the [BizOps spreadsheet](https://docs.google.com/spreadsheets/d/1lp3OugxfPfMjAgQWRi_rbyL_3opILq-duHmlng_pwyo/edit#gid=0). +Fleet maintains a list of companies with whom Fleet has do-not-solicit terms that prevents us from making offers to employees of these companies. The list is in the Do Not Solicit tab of the [Digital Experience spreadsheet](https://docs.google.com/spreadsheets/d/1lp3OugxfPfMjAgQWRi_rbyL_3opILq-duHmlng_pwyo/edit#gid=0). #### Incompatible locations Fleet is unable to hire team members in some countries. See [this internal document](https://docs.google.com/document/d/1jHHJqShIyvlVwzx1C-FB9GC74Di_Rfdgmhpai1SPC0g/edit) for the list. @@ -304,7 +304,7 @@ Department specific interviewing instructions: #### Hiring a new team member This section is about the hiring process a new core team member, or fleetie. -> **_Note:_** _Employment classification isn't what makes someone a fleetie. Some Fleet team members are contractors and others are employees. The distinction between "contractor" and "employee" varies in different geographies, and the appropriate employment classification and agreement for any given team member and the place where they work is determined by Head of Business Operations during the process of making an offer._ +> **_Note:_** _Employment classification isn't what makes someone a fleetie. Some Fleet team members are contractors and others are employees. The distinction between "contractor" and "employee" varies in different geographies, and the appropriate employment classification and agreement for any given team member and the place where they work is determined by Head of Digital Experience during the process of making an offer._ Here are the steps hiring managers follow to get an offer out to a candidate: 1. **Call references:** Before proceeding, make sure you have 2-5+ references. Ask the candidate for at least 2-5+ references and contact each reference in parallel using the instructions in [Fleet's reference check template](https://docs.google.com/document/d/1LMOUkLJlAohuFykdgxTPL0RjAQxWkypzEYP_AT-bUAw/edit?usp=sharing). Be respectful and keep these calls very short. @@ -333,25 +333,25 @@ Here are the steps hiring managers follow to get an offer out to a candidate: - Single doc URL: TODO ``` -5. **Confirm intent to offer:** Share the single document (the "interview packet") with the Head of Business Operations via Google Drive. - - _Share_ this single document with the Head of Business Operations via email. - - When the Head of Business Operations receives this shared doc in their email with the compiled feedback about the candidate, they will understand that to mean that it is time for Fleet to make an offer to the candidate. +5. **Confirm intent to offer:** Share the single document (the "interview packet") with the Head of Digital Experience via Google Drive. + - _Share_ this single document with the Head of Digital Experience via email. + - When the Head of Digital Experience receives this shared doc in their email with the compiled feedback about the candidate, they will understand that to mean that it is time for Fleet to make an offer to the candidate. ### Making an offer -After receiving the interview packet, the Head of Business Operations uses the following steps to make an offer: +After receiving the interview packet, the Head of Digital Experience uses the following steps to make an offer: -1. **Prepare the "exit scenarios" spreadsheet:** 🔦 Head of Business Operations [copies the "Exit scenarios (template)"](https://docs.google.com/spreadsheets/d/1k2TzsFYR0QxlD-KGPxuhuvvlJMrCvLPo2z8s8oGChT0/copy) for the candidate, and renames the copy to e.g. "Exit scenarios for Jane Doe". +1. **Prepare the "exit scenarios" spreadsheet:** 🌐 Head of Digital Experience [copies the "Exit scenarios (template)"](https://docs.google.com/spreadsheets/d/1k2TzsFYR0QxlD-KGPxuhuvvlJMrCvLPo2z8s8oGChT0/copy) for the candidate, and renames the copy to e.g. "Exit scenarios for Jane Doe". - _Edit the candidate's copy of the exit scenarios spreadsheet_ to reflect the number of shares in ["🥧 Equity plan"](https://docs.google.com/spreadsheets/d/1_GJlqnWWIQBiZFOoyl9YbTr72bg5qdSSp4O3kuKm1Jc/edit#gid=0), and the spreadsheet will update automatically to reflect their approximate ownership percentage. > _**Note:** Don't play with numbers in the exit scenarios spreadsheet. The revision history is visible to the candidate, and they might misunderstand._ -2. **Prepare offer:** 🔦 Head of Business Operations [copies "Offer email (template)"](https://docs.google.com/document/d/1zpNN2LWzAj-dVBC8iOg9jLurNlSe7XWKU69j7ntWtbY/copy) and renames to e.g. "Offer email for Jane Doe". Edit the candidate's copy of the offer email template doc and fill in the missing information: +2. **Prepare offer:** 🌐 Head of Digital Experience [copies "Offer email (template)"](https://docs.google.com/document/d/1zpNN2LWzAj-dVBC8iOg9jLurNlSe7XWKU69j7ntWtbY/copy) and renames to e.g. "Offer email for Jane Doe". Edit the candidate's copy of the offer email template doc and fill in the missing information: - _Benefits:_ If candidate will work outside the US, [change the "Benefits" bullet](https://docs.google.com/document/d/1zpNN2LWzAj-dVBC8iOg9jLurNlSe7XWKU69j7ntWtbY/edit) to reflect what will be included through Fleet's international payroll provider, depending on the candidate's location. - _Equity:_ Highlight the number of shares with a link to the candidate's custom "exit scenarios" spreadsheet. - _Hand off:_ Share the offer email doc with the [Apprentice to the CEO](https://fleetdm.com/handbook/digital-experience#team). 3. **Draft email:** 🦿 Apprentice to the CEO drafts the offer email in the CEO's inbox, reviews one more time, and then brings it to their next daily meeting for CEO's approval: - To: The candidate's personal email address _(use the email from the CEO interview calendar event)_ - - Cc: Head of Business Operations _(BizOps will participate in the email thread after the offer is accepted)_ + - Cc: Head of Digital Experience - Subject: "Full time?" - Body: _Copy the offer email verbatim from the Google doc into Gmail as the body of the message, formatting and all, then:_ - _Check all links in offer letter for accuracy (e.g. LinkedIn profile of hiring manager, etc.)_ @@ -362,7 +362,7 @@ After receiving the interview packet, the Head of Business Operations uses the f - _Send_ the email. #### Steps after an offer is accepted -Once the new team member replies and accepts their offer in writing, 🔦 Head of Business Operations follows these steps: +Once the new team member replies and accepts their offer in writing, 🌐 Head of Digital Experience follows these steps: 1. **Verify, track, and reply:** Reply to the candidate: - _Verify the candidate replied with their physical address… or else keep asking._ If they did not reply with their physical address, then we are not done. No offer is "accepted" until we've received a physical address. - _Review and update the team database_ to be sure everything is accurate, **one last time**. Remember to read the column headers and precisely follow the instructions about how to format the data: @@ -387,7 +387,7 @@ Once the new team member replies and accepts their offer in writing, 🔦 Head o Thanks, and welcome to the team! - -Joanne + -Sam ``` 2. **Ask hiring manager to send rejections:** Post to the `hiring-xxxxx-yyyy` Slack channel to let folks know the offer was accepted, and at-mention the _hiring manager_ to ask them to communicate with [all other interviewees](https://fleetdm.com/handbook/company#empathy) who are still in the running and [let them know that we chose a different person](https://fleetdm.com/handbook/company/leadership#candidate-correspondence-email-templates). >_**Note:** Send rejection emails quickly, within 1 business day. It only gets harder if you wait._ @@ -397,7 +397,7 @@ Once the new team member replies and accepts their offer in writing, 🔦 Head o - Follow the prompts in the template to fill out the 30-60-90 day plan for the new teammate before they start. 5. **Close Slack channel:** Then archive and close the channel. -Now what happens? 🔦 Business Operations will then follow the steps in the "Hiring" issue, which includes reaching out to the new team member within 1 business day from a separate email thread to get additional information as needed, prepare their agreement, add them to the company's payroll system, and get their new laptop and hardware security keys ordered so that everything is ready for them to start on their first day. +Now what happens? 🌐 Head of Digital Experience will then follow the steps in the "Hiring" issue, which includes reaching out to the new team member within 1 business day from a separate email thread to get additional information as needed, prepare their agreement, add them to the company's payroll system, and get their new laptop and hardware security keys ordered so that everything is ready for them to start on their first day. ## CEO shadow program @@ -436,16 +436,21 @@ This applies to anyone who gets paid by the hour, including consultants and hour ## Communicating departures Although it's sad to see someone go, Fleet understands that not everything is meant to be forever [like open-source is](https://fleetdm.com/handbook/company/why-this-way#why-open-source). There are a few steps that the company needs to take to facilitate a departure. -1. **Departing team member's manager:** Inform the Head of Business Operations about the departure via email and cc your manager. The Head of Business Operations will coordinate the team member's last day, offboarding, and exit meeting. -3. **Business Operations**: Will then create and begin completing [offboarding issue](https://github.com/fleetdm/classified/blob/main/.github/ISSUE_TEMPLATE/%F0%9F%9A%AA-offboarding-____________.md), to include coordinating team member's last day, offboarding, and exit meeting. - > After finding out about the departure, the Head of Business Operations will post in #g-e to inform the E-group of the team member's departure, asking E-group members to inform any other managers on their teams. +1. **Departing team member's manager:** Inform the Head of Digital Experience about the departure via email and cc your manager. The Head of Digital Experience will coordinate the team member's last day, offboarding, and exit meeting. +3. **Digital Experience**: Will then create and begin completing [offboarding issue](https://github.com/fleetdm/classified/blob/main/.github/ISSUE_TEMPLATE/%F0%9F%9A%AA-offboarding-____________.md), to include coordinating team member's last day, offboarding, and exit meeting. + > After finding out about the departure, the Head of Digital Experience will post in #g-e to inform the E-group of the team member's departure, asking E-group members to inform any other managers on their teams. 4. **CEO**: The CEO will make an announcement during the "🌈 Weekly Update" post on Friday in the `#general` channel on Slack. +<<<<<<< HEAD +## Changing someone's position +From time to time, someone's job title changes. To do this, reach out to [Digital Experience](https://fleetdm.com/handbook/digital-experience). + image ## Delivering performance feedback + When it comes to performance feedback, [speak freely](https://fleetdm.com/handbook/company#openness), sooner, and provide an explicit example of the behavior you observed and the impact it had. 1. Deliver negative feedback privately whenever possible, and be constructive not punitive. Celebrate positive feedback publicly. diff --git a/handbook/company/why-this-way.md b/handbook/company/why-this-way.md index 189eb4aa3983..6c5e89a9429a 100644 --- a/handbook/company/why-this-way.md +++ b/handbook/company/why-this-way.md @@ -71,10 +71,10 @@ Investing in people and providing generous, prioritized training, especially up Here are a few examples of how Fleet prioritizes training: - the first 3 days at the company for every new team member are reserved for working on the tasks and training in their onboarding issue. -- during the first 2 weeks at the company, every new fleetie joins a **daily 1:1 meeting** with their manager to check in and see how they're doing, and if they have any questions or blockers. If the manager is not available for this meeting, the CEO (pending availability) or the Head of Business Operations will join this short daily meeting with them instead. +- during the first 2 weeks at the company, every new fleetie joins a **daily 1:1 meeting** with their manager to check in and see how they're doing, and if they have any questions or blockers. If the manager is not available for this meeting, the CEO (pending availability) or the Head of Digital Experience will join this short daily meeting with them instead. - In their first few days, every new fleetie joins: - - hands-on contributor experience training session with the Head of Business Operations where they share their screen, check the configuration of their tools, complete any remaining setup, and discuss best practices. - - a short sightseeing tour with the Head of Business Operations and (pending availability) Fleet's CEO to show them around and welcome them to the company. + - hands-on contributor experience training session with the Head of Digital Experience where they share their screen, check the configuration of their tools, complete any remaining setup, and discuss best practices. + - a short sightseeing tour with the Head of Digital Experience and (pending availability) Fleet's CEO to show them around and welcome them to the company. ## Why direct responsibility? @@ -167,7 +167,7 @@ Every group at Fleet maintains their own Slack channel, which all group members Work is tracked in [GitHub issues](https://github.com/issues?q=archived%3Afalse+org%3Afleetdm+is%3Aissue+is%3Aopen+). -Every department organizes their work into [team-based kanban boards](https://app.zenhub.com/workspaces/-g-business-operations-63f3dc3cc931f6247fcf55a9/board?sprints=none). This provides a consistent framework for how every team works, plans, and requests things from each other. +Every department organizes their work into [team-based kanban boards](https://app.zenhub.com/workspaces/-g-digital-experience-63f3dc3cc931f6247fcf55a9/board?sprints=none). This provides a consistent framework for how every team works, plans, and requests things from each other. 1. **Intake:** Give people from anywhere in the world the ability to [request something](https://github.com/fleetdm/confidential/issues/new/choose) from a particular team, and give that team the ability to see and [respond quickly](https://fleetdm.com/handbook/company#results) to new requests. 2. **Planning:** Give the team's manager and other team members a way to plan the [next three-week iteration](https://fleetdm.com/handbook/company/why-this-way#why-a-three-week-cadence) of what the team is working on. Provide a world (the kanban board) where the team has clarity, and the appropriate [DRI](https://fleetdm.com/handbook/company#why-direct-responsibility) can confidently [prioritize and plan changes](https://fleetdm.com/handbook/company/development-groups#planned-and-unplanned-changes) with enough context to make the right decisions. @@ -185,7 +185,7 @@ We apply the [twelve principles of agile](https://agilemanifesto.org) to Fleet's 3. Deliver working software frequently, from a couple of weeks to a couple of months, with a preference to the shorter timescale. 4. Business people and developers must [work together daily](https://fleetdm.com/handbook/company/product-groups) throughout the project. 5. Build projects around motivated individuals. Give them the environment and support they need, and trust them to get the job done. -6. The most efficient and effective method of conveying information to and within a development team is [face-to-face conversation](https://fleetdm.com/handbook/business-operations#meetings). +6. The most efficient and effective method of conveying information to and within a development team is [face-to-face conversation](https://fleetdm.com/handbook/communications#meetings). 7. Working software is the primary measure of progress. 8. Agile processes promote sustainable development. The sponsors, developers, and users should be able to maintain a constant pace indefinitely. 9. Continuous attention to technical excellence and good design enhances agility. diff --git a/handbook/digital-experience/README.md b/handbook/digital-experience/README.md index d9cc6dbcfe01..781f511f241a 100644 --- a/handbook/digital-experience/README.md +++ b/handbook/digital-experience/README.md @@ -10,9 +10,10 @@ This page details processes specific to working [with](#contact-us) and [within] | Head of Digital Experience | [Sam Pfluger](https://www.linkedin.com/in/sampfluger88/) _([@sampfluger88](https://github.com/sampfluger88))_ | Head of Design | [Mike Thomas](https://www.linkedin.com/in/mike-thomas-52277938) _([@mike-j-thomas](https://github.com/mike-j-thomas))_ | Software Engineer | [Eric Shaw](https://www.linkedin.com/in/eric-shaw-1423831a9/) _([@eashaw](https://github.com/eashaw))_ +| Contracts and Compliance Engineer | [Nathan Holliday](https://www.linkedin.com/in/nathanael-holliday/) _([@hollidayn](https://github.com/hollidayn))_ | Apprentice to the CEO | See [Head of Digital Experience](https://www.fleetdm.com/handbook/digital-experience#team) | Apprentice | [Savannah Friend](https://www.linkedin.com/in/savannah-friend-2b1a53148/) _([@sfriendlee](https://github.com/sfriendlee))_ - + ## Contact us @@ -25,11 +26,219 @@ This page details processes specific to working [with](#contact-us) and [within] The Digital Experience department is directly responsible for the framework, content design, and technology behind Fleet's remote work culture, including fleetdm.com, the handbook, issue templates, UI style guides, internal tooling, Zapier flows, Docusign templates, key spreadsheets, and project management processes. +Compliance and contracts including maintaining Delaware registered agent and certificate of good standing, receiving and responding to legal notices, SOC2, deal desk, compensation planning, Onboarding, 30/60/90s, manager training, holding hiring managers accountable (for actually getting their open positions filled quickly) +5. Logistical admin and witness for offboarding +6. Logistical admin for pre-start hiring process +7. Logistical admin for position opening and compensation determination process + > _**Note:** If a user story involves only changes to fleetdm.com, without changing the core product, then that user story is prioritized, drafted, implemented, and shipped by the [Digital Experience](https://fleetdm.com/handbook/digital-experience) department. Otherwise, if the story **also** involves changes to the core product **as well as** fleetdm.com, then that user story is prioritized, drafted, implemented, and shipped by [the other relevant product group](https://fleetdm.com/handbook/company/product-groups#current-product-groups), and not by `#g-digital-experience`._ -### QA a change to fleetdm.com +### Access a background check + +All Fleet team members undergo a background check provided through [Vetty](https://vetty.co/). Only the most recent background checks appear on the home page of Vetty's dashboard. To access a complete list of background checks run in Vetty, scroll down to the bottom of the candidates page and click "View Historical". + + +### Convert a Fleetie to a consultant + +If a Fleetie decides they want to move to being a [consultant](https://fleetdm.com/handbook/company/leadership#consultants), either the Fleetie or their manager need to create a [custom issue for the Digital Experience team](https://github.com/fleetdm/confidential/issues/new?assignees=&labels=%23g-digital-experience&projects=&template=custom-request.md&title=Request%3A+_______________________) to notify them of the change. +Once notified, Digital Experience takes the following steps: +1. Confirm the following details with the Fleetie: + - Date of change + - Term of consultancy (time period) + - Hours/capacity expected (hours per week or month) + - Confirm hourly rate +2. Once details are confirmed, use the information given to create the consulting agreement for the Fleetie (either in docusign (US-based) or via Plane (international)), and send to their personal email for signature. Once signed, save in Fleetie's [employee file](https://drive.google.com/drive/folders/1UL7o3BzkTKnpvIS4hm_RtbOilSABo3oG?usp=drive_link). +3. Schedule the Fleetie's final day in HRIS (Gusto or Plane). +4. Update final day in ["🧑‍🚀 Fleeties"](https://docs.google.com/spreadsheets/d/1OSLn-ZCbGSjPusHPiR5dwQhheH1K8-xqyZdsOe9y7qc/edit#gid=0) spreadsheet. +5. Create an [offboarding issue](https://github.com/fleetdm/classified/blob/main/.github/ISSUE_TEMPLATE/%F0%9F%9A%AA-offboarding-____________.md) for the Fleetie converting to a consultant, and confirm with their manager if there is a need to retain any tools or access while they are a consultant (default to removing all access from Fleet email, and migrating to personal email for Slack and other tools unless there is a business case to retain the Fleet email and associated tool access). +6. Follow the offboarding issue for next steps, including communicating to teammates and updating equity plan. + + +### Inform managers about hours worked + +Every Friday at 2:00 PM CT, we collect hours worked for all hourly employees at Fleet, including core team members and consultants, regardless of their location. + +Here's how: + +1. Consultants submit their hours through Gusto (US consultants) or Plane.com (international consultants) and require DRI approval (generally their manager) for hours worked. Find the DRI using the [Digital Experience KPIs](https://docs.google.com/spreadsheets/d/1Hso0LxqwrRVINCyW_n436bNHmoqhoLhC8bcbvLPOs9A/edit#gid=0). +2. Send the teammate's DRI a direct message in Slack with a screenshot of the HRIS portal, showing hours logged since last Saturday at midnight, and ask them to confirm the hours are expected. Ensure the screenshot does not include compensation information. + - For international teammates, they cannot enter hours weekly in Plane.com, so you will need to request the hours worked from them in order to have the DRI approve them. +3. The following Monday, check for updates to logged hours and ensure the KPI sheet aligns with HRIS records. + - If there are discrepancies between what was previously reported, reconfirm logged hours with the teammate's DRI and update the KPI sheet to reflect the correct amount. + + +### Change the DRI of a consultant + +1. In the [KPIs](https://docs.google.com/spreadsheets/d/1Hso0LxqwrRVINCyW_n436bNHmoqhoLhC8bcbvLPOs9A/edit#gid=0) sheet, find the consultant's column. +2. Change the DRI documented there to the new DRI who will receive information about the consultant's hours. + + +### Update personnel details +When a Fleetie, consultant or advisor requests an update to their personnel details (name, location, phone, etc), follow these steps to ensure accurate representation across systems. +1. Team member submits a [custom issue](https://github.com/fleetdm/confidential/issues/new?assignees=&labels=%23g-digital-experience&projects=&template=custom-request.md&title=Request%3A+_______________________) to update their personnel details (or Digital Experience team creates if the request comes via email or is sensitive and needs a classified issue). + - If change is for a primary identification or contact method, ask for evidence of change and capture in [employee's personnel file](https://drive.google.com/drive/folders/1UL7o3BzkTKnpvIS4hm_RtbOilSABo3oG?usp=drive_link). +2. Digital Experience makes change to HRIS (Gusto or Plane) to reflect change. + - Note: if making the change requires follow up steps, resolve those steps to action the change. +3. Once change is effected in HRIS, Digital Experience makes changes to ["🧑‍🚀 Fleeties"](https://docs.google.com/spreadsheets/d/1OSLn-ZCbGSjPusHPiR5dwQhheH1K8-xqyZdsOe9y7qc/edit#gid=0) spreadsheet. +4. If required, Digital Experience makes any relevant changes to [Fleet's equity plan](https://docs.google.com/spreadsheets/d/1_GJlqnWWIQBiZFOoyl9YbTr72bg5qdSSp4O3kuKm1Jc/edit#gid=0). +5. If required, Digital Experience makes any relevant changes to the ["🗺️ Geographical factors"](https://docs.google.com/spreadsheets/d/1rCVCs-eOo-VSEG7fPLgdq5l7oSaActl5bewaWP7PnSE/edit#gid=1533353559) spreadsheet and follows through on any action items involving tax implications (i.e. registering with a new state for employer taxes). +6. If required, Digital Experience also makes changes to other core systems (e.g: creating a new email alias in google workspace; updating details in Carta; etc). +7. The change is now actioned, notify the team member and close the issue. + +> Note: if the Fleetie is US based and has a qualifying life event that impacts benefit coverage, they can [follow the Gusto steps](https://support.gusto.com/article/100895878100000/Change-your-benefits-with-a-qualifying-life-event) to update their coverage elections. + + +### Change a Fleetie's job title +When Digital Experience receives notification of a Fleetie's job title changing, follow these steps to ensure accurate recording of the change across our systems. +1. Update ["🧑‍🚀 Fleeties"](https://docs.google.com/spreadsheets/d/1OSLn-ZCbGSjPusHPiR5dwQhheH1K8-xqyZdsOe9y7qc/edit#gid=0): + - Search the spreadsheet for the Fleetie in need of a job title change. + - Input the new job title in the Fleetie's row in the "Job title" cell. + - Navigate to the "Org chart" tab of the spreadsheet, and verify that the Fleetie's title appears correctly in the org chart. +2. Update the departmental handbook page with the change of job title +3. [Prepare salary benchmarking information](#prepare-salary-benchmarking-information) to determine whether the teammate's current compensation aligns with the benchmarks of the new role. + - If the benchmark is significantly different, take the steps to [update a team member's compensation](#prepare-salary-benchmarking-information). +4. Update the relevant payroll/HRIS system. + - For updating Gusto (US-based Fleeties): + - Login to Gusto and navigate to "People > Team members". + - Find the Fleetie and select them to see their profile page. + - Under the "Compensation" heading, select edit and update the "Job title" and input the specific date the change happened. Save the changes. + - For updating Plane (non-US Fleeties): + - Login to Plane and navigate to "People > Team". + - Find the Fleetie and select them to see their profile page. + - Use the "Help" function, or email support@plane.com to notify Plane of the need to change the job title for the Fleetie. Include the Fleetie's name, current title, new title, and effective date. + - Take any relevant steps as directed by Plane in order to make the required changes to the Fleetie's profile. + + +### Change a Fleetie's manager +When Digital Experience receives notification of a Fleetie's manager changing, follow these steps to ensure correct recording in our systems. +1. Update [🧑‍🚀 Fleeties](https://docs.google.com/spreadsheets/d/1OSLn-ZCbGSjPusHPiR5dwQhheH1K8-xqyZdsOe9y7qc/edit#gid=0): + - Search for the Fleetie's new manager, and copy the new manager's unique ID from the far left "Unique ID" column. + - Search for the Fleetie whose manager is changing, and paste (without formatting) their new manager's unique ID in the "Reports to: (manager unique ID)" cell in the Fleetie's row. + - Verify that the "Reports to (auto: manager name and job title)" cell in the Fleetie's row reflects the new manager's details. + - Verify that in the new manager's row, the "# direct reports" cell reflect the correct number. + - Navigate to the "Org chart" tab in the spreadsheet, and verify that the Fleetie now appears in the correct place in the org chart. +2. If the person's department is changing, then update both departmental handbook pages to move the person to their new department: + - Remove the person from the "Team" section of the old department and add them to the "Team" section of the new department. +3. If the person's level of confidential access will change along with the change to their manager, then update that level of access: + - Update Google Workspace to make sure this person lives in the correct Google Group, removing them from the old and/or adding them to the new. + - Update 1password to remove this person from old vaults and/or add them to new vaults. + - For a team member moving from "classified" to "confidential" access, check Gusto, Plane, and other systems to remove their access. + +> **Note:** The Fleeties spreadsheet is the source of truth for who everyone's manager is and their job titles. + +### Recognize employee workiversaries + +At Fleet, everyone is recognized on their [workiversary](https://fleetdm.com/handbook/company/communications#workiversaries). To ensure this happens, take the following steps: + +1. Bimonthly, use [Fleeties (private google doc)](https://docs.google.com/spreadsheets/d/1OSLn-ZCbGSjPusHPiR5dwQhheH1K8-xqyZdsOe9y7qc/edit#gid=0) to determine who is celebrating their workiversary in the following two months. +2. Post in the #help-classifed Slack channel and cc the Head of Digital Experience. Use the following template: + + + ``` + [Month] + [workiversary date (DD-MMM)] - [teammate name] - [number of years at Fleet] + ``` + + The Head of Digital Experience will also use this post to update the [All hands](https://fleetdm.com/handbook/company/communications#all-hands) deck. +3. On the day prior to a workiversary, send the teammate’s manager a DM on Slack: + + + ``` + Hey! Just a heads up, tomorrow is [teammate’s name] [number of years at Fleet] workiversary at Fleet. + Digital Experience can post something in the #random channel to recognize them, would you like to make that post instead? + ``` + + > If a manager elects to post and hasn't done so by 2pm ET on the day of the workiversary, send them a friendly reminder and offer to post instead. + +4. If the manager has deferred to Digital Experience, schedule a Slack post for the following day to recognize the teammate's contributions at Fleet. If you’re unsure about what to post, take a look at what’s been [posted previously](https://docs.google.com/document/d/1Va4TYAs9Tb0soDQPeoeMr-qHxk0Xrlf-DUlBe4jn29Q/edit). + + + +### Prepare salary benchmarking information +1. Use the relevant template text in the README section of the [¶¶ 💌 Compensation decisions document](https://docs.google.com/document/d/1NQ-IjcOTbyFluCWqsFLMfP4SvnopoXDcX0civ-STS5c/edit?usp=sharing) for a current Fleetie, a new role, a prospective hire, or other benchmarking use case. +2. Copy the template text and paste at the end of the document. +3. Fill in details as required, pulling from [🧑‍🚀 Fleeties spreadsheet](https://docs.google.com/spreadsheets/d/1OSLn-ZCbGSjPusHPiR5dwQhheH1K8-xqyZdsOe9y7qc/edit#gid=0) and [equity spreadsheet](https://docs.google.com/spreadsheets/d/1_GJlqnWWIQBiZFOoyl9YbTr72bg5qdSSp4O3kuKm1Jc/edit?usp=sharing) as required. +4. Use the teammate's information to benchmark in [Pave](https://www.pave.com/) (login details in 1Password). You can pattern match from previous benchmarking entries, and include all company assumtions. Add the direct link to the Pave benchmark. + + +### Update a team member's compensation + +To [change a teammate's compensation](https://fleetdm.com/handbook/company/communications#compensation-changes), follow these steps: +1. Create a copy of the ["Values assessment" template](https://docs.google.com/spreadsheets/d/1P5TyRV2v-YN0aR_X8vd8GksKcr3uHfUDdshqpVzamV8/edit?usp=drive_link) and move it to the teammate's [personnel folder in Google Drive](https://drive.google.com/drive/folders/1UL7o3BzkTKnpvIS4hm_RtbOilSABo3oG?usp=drive_link). +2. Share the values assessment document with the manager and ask them to perform the values assessment. +3. Once the values assessment is complete, [prepare salary benchmarking information](#prepare-salary-benchmarking-information) and notify the Head of Digital Experience so the compensation change can be added to the e-group agenda for discussion amongst Fleet leadership. + - If the teammate's manager is not part of the e-group, the Head of Digital Experience will ensure they're included in the discussion at e-group as well. +4. Once compensation decisions have been finalized, the Head of Digital Experience will post in slack to `#help-classified` to confirm the decisions have been recorded in ["¶¶ 💌 Compensation decisions (offer math)"](https://docs.google.com/document/d/1NQ-IjcOTbyFluCWqsFLMfP4SvnopoXDcX0civ-STS5c/edit#heading=h.slomq4whmyas). +5. Send the teammates manager a Slack DM to determine who will communicate the decision to the teammate. +6. Update the respective payroll platform (Gusto or Plane) by navigating to the personnel page, selecting salary field, and updating with an effective date that makes the next payroll. +7. Update the [equity spreadsheet](https://docs.google.com/spreadsheets/d/1_GJlqnWWIQBiZFOoyl9YbTr72bg5qdSSp4O3kuKm1Jc/edit?usp=sharing) (internal doc) by copying existing OTE to the bottom of the "Notes" cell, updating the OTE column with the new compensation information, and updating the "Last compensation change" column with the effective date from payroll platform. +8. Calculate the monthly burn rate increase percentage and notify the CEO via a Slack DM. + +> If the company decides on an additional equity grant as part of a compensation change, note the previous equity and new situation in detail in the "Notes" column of the equity plan. Update the "Grant started?" column to "todo" which adds it to the queue for the next time grants are processed (quarterly). + + +### Review Fleet's US company benefits + +Annually, around mid-year, Fleet will be prompted by Gusto to review company benefits. The goal is to keep changes minimal. Follow these steps: +1. Log in to your [Gusto admin account](https://gusto.com/). +2. Navigate to "Benefits" and select "Renewal survey". +3. Complete the survey questions, aiming for minimal changes. +4. Approximately 2-3 months after survery completion, Gusto will suggest plans based on Fleet's responses. Choose plans with minimal changes. +5. Gusto will offer these plans to employees during open enrollment, with new coverage starting 3-4 weeks afterward. + +### Grant equity +Equity grants for new hires are queued up as part of the [hiring process](https://fleetdm.com/handbook/digital-experience#hiring), then grants and consents are [batched and processed quarterly](https://github.com/fleetdm/confidential/issues/new/choose). + +Doing an equity grant involves: +- Executing a board consent +- The recipient and CEO signing paperwork about the stock options +- Updating the number of shares for the recipient in the equity plan +- Updating Carta to reflect the grant + +For the status of stock option grants, exercises, and all other _common stock_ including advisor, founder, and team member equity ownership, see [Fleet's equity plan](https://docs.google.com/spreadsheets/d/1_GJlqnWWIQBiZFOoyl9YbTr72bg5qdSSp4O3kuKm1Jc/edit#gid=0). For information about investor ownership, see [Carta](https://app.carta.com/corporations/1234715/summary/). + +> Fleet's [equity plan](https://docs.google.com/spreadsheets/d/1_GJlqnWWIQBiZFOoyl9YbTr72bg5qdSSp4O3kuKm1Jc/edit#gid=0) is the source of truth, not Carta. Neither are pro formas sent in an email attachment, even if they come from lawyers. +> +> Anyone can make mistakes, and none of us are perfect. Even when we triple check. Small mistakes in share counts can be hard to attribute, and can cause headaches and eat up nights of our CEO's and operations team's time. If you notice what might be a discrepancy between the equity plan and any other secondary source of information, please speak up and let Fleet's CEO know ASAP. Even if you're wrong, your note will be appreciated. + + +### Review an NDA +We need to review an NDA anytime a vendor, customer or other party wants to: +- Use their own NDA rather than Fleet's standard NDA, or +- "Redline" (modify) Fleet's NDA by removing, adding or altering its terms. + +We should always seek to use Fleet's own NDA first, without alteration. + +When reading an NDA, we want to pay close attention to the following: +- We want to be sure that the confidentiality obligations of the NDA are reciprocal. Fleet and the other party to the agreement should be bound to the same standards of confidentiality toward the handling of each other's confidential information. +- Fleet does not agree to _"do not compete"_ or _"do not solicit clauses"_. An NDA should not contain provisions beyond the scope of an NDA. The two most commonly encountered examples of this are the "do not compete" and "do not solicit" clauses. We want to be free to hire the best people and make the best products, so when reading through an NDA it is important to keep an eye out for language that prohibits Fleet from hiring or soliciting current or former employees of other companies or that prohibit Fleet from independently developing products that compete with another company's products. Using the `cmd + f` function to search for "solici", "compet" and "hir" and reading through the results is a helpful method to quickly scan for these clauses. +- Look for any language that discusses a transfer of property rights. Rarely, you may find a clause snuck into an agreement that discusses the transfer of intellectual property rights. _We want to avoid any situation where Fleet transfers its intellectual property to another party as part of an NDA_. +- Should you find any clauses in steps 2 or 3 that are beyond the scope of protecting both party's confidential information in a customer NDA or an altered version of Fleet's NDA, reject this language and communicate that Fleet cannot agree to those terms. +- Any concerns or uncertainty over _any_ provisions in an NDA should be brought to Nathanael Holliday in Digital Experience, who will consult legal counsel if necessary to resolve any concerns. + +### Review a vendor agreement +When reviewing contracts from a vendor, Fleet is concerned about the following: +- If there are confidentiality provisions in the agreement in place of a stand-alone NDA, verify the confidentiality provisions are appropriate and protect Fleet when sensitive data is involved that isn't otherwise available to the public. +- We want to make sure there are no _do not solicit_ or _do not compete_ clauses in the contract. To aid in this search, we double check by using the cmd + f function and searching for "solici", "compet" and "hir" and then looking through the results to be sure that nothing prohibits Fleet from independently developing competing products or from hiring personnel with ties to the vendor. +- We want to make sure that contracts can be terminated relatively easily and be aware of what the process is for terminating them, avoiding commitments over 12 months in length. +- We want to make sure the payment terms work for us (i.e. being able to pay via wire transfer, credit card or bill.com) and that the price in any contract or order form is what we have agreed to. While almost never malicious, mistakes often occur in the steps between agreeing on a price, negotiating a contract, and receiving an invoice. We want to be sure at every step that the dollar amount and service provided is consistent with what has been negotiated and agreed upon. +- Remember, once we have signed the agreement - we're stuck with it. If any clause in the agreement appears strange or gives you pause or concern, it is better to seek clarification than to commit to something that might be detrimental to Fleet. Contracts are fairly standardized, and you'll quickly learn what is normal and what feels out of place. Unusual clauses or wording that seems out of the ordinary should get a second set of eyes just to be sure, do not hesitate to reach out to Nathanael Holliday with questions, who will reach out to legal counsel as necessary. + +### Review an order form +- We should always check order forms for additional terms that go beyond the scope of the order form (caps on price increases, for example). +- Be sure the order form includes contact information + billing address and information so that Fleet knows how and who to invoice for payment. +- Verify that the payment terms are correct and matches what's in the agreement. This is a frequent common mistake as companies usually have default payment terms and overlook changing them to match atypical payment terms. +- Make sure the effective term of the order matches what was agreed upon (usually a one year term) and that the order form includes the correct number of hosts and whether or not it should contain professional services (usually, it does not). +- Check that the amount on the order form reflects what Fleet agreed to, as this is the amount that the customer will expect to be invoiced for. +- Lastly, double check one more time to make sure there are no sneaky, unusual terms snuck in at the bottom of an order form or stashed away in fine print. Common things that are included in order forms and not always communicated to Fleet are caps on price increases upon renewal, new SLAs, or a product roadmap or milestones we may not have agreed upon. Any clauses on an order form that appear beyond the scope of simply elaborating on the services being provided, the purchase cost, the contract that the purchase is being made under, how Fleet will bill and how the customer will pay deserves a careful look. Reach out to Nathanael Holliday in Digital Experience with concerns. + +### Review a non-standard subscription agreement +We want to use our standard terms whenever possible with our customers, but it is common that customers want to use their own agreement or redline (modify) Fleet's terms. +When reviewing subscription agreements on customer paper or when a customer has made changes to Fleet's terms, we review it using [these guidelines](https://docs.google.com/document/d/1aGgN5It1i3fdsBF37vWSbvukO_gQhy5vCp4fINg191Q/edit?usp=sharing). + +### QA a change to fleetdm.com Each PR to the website is manually checked for quality and tested before going live on fleetdm.com. To test any change to fleetdm.com 1. Write clear step-by-step instructions to confirm that the change to the fleetdm.com functions as expected and doesn't break any possible automation. These steps should be simple and clear enough for anybody to follow. @@ -226,7 +435,7 @@ Certain new team members, especially in go-to-market (GTM) roles, will need paid ### Downgrade an unused license seat -- On the first Wednesday of every quarter, the CEO, head of BizOps and Head of Digital experience will meet for 30 minutes to audit license seats in Figma, Slack, GitHub, Salesforce and other tools. +- On the first Wednesday of every quarter, the CEO and Head of Digital experience will meet for 30 minutes to audit license seats in Figma, Slack, GitHub, Salesforce and other tools. - During this meeting, as many seats will be downgraded as possible. When doubt exists, downgrade. - Afterward, post in #random letting folks know that the quarterly tool reconciliation and seat clearing is complete, and that any members who lost access to anything they still need can submit a ZenHub issue to Digital Experience to have their access restored. - The goal is to build deep, integrated knowledge of tool usage across Fleet and cut costs whenever possible. It will also force conversations on redundancies and decisions that aren't helping the business that otherwise might not be looked at a second time. @@ -327,11 +536,11 @@ Agenda: When an agreement is routed to the CEO for signature, the [Apprentice](https://fleetdm.com/handbook/digital-experience#team) is responsible for obtaining a signature from the CEO using the following steps: 1. Drag the email to the ["🔏 SAM: Signature wanted"](https://mail.google.com/mail/u/0/#label/SAM%3A+Signature+wanted) label making sure to mark the email as unread. -2. A Business Operations Engineer will at-mention the Apprentice in a legal review issue, letting them know the contract is good to go. After that, move the email to the "[✍️ MIKE: Ready to sign](https://mail.google.com/mail/u/0/#label/%E2%9C%8D%EF%B8%8F+MIKE%3A+Ready+to+sign)" label +2. The [Contracts and Compliance Engineer](https://fleetdm.com/handbook/digital-experience#team) will at-mention the Apprentice in a legal review issue, letting them know the contract is good to go. After that, move the email to the "[✍️ MIKE: Ready to sign](https://mail.google.com/mail/u/0/#label/%E2%9C%8D%EF%B8%8F+MIKE%3A+Ready+to+sign)" label > If the agreement closes a deal, inform the CEO (via Slack DM) that a subscription agreement is ready for his review/signature. The SLA for CEO review and signature is 48hrs. -3. Comment in the issue once the CEO has signed the agreement and assign the issue to [Nathan Holiday](https://fleetdm.com/handbook/business-operations#team). +3. Comment in the issue once the CEO has signed the agreement and assign the issue to [Nathan Holiday](https://fleetdm.com/handbook/digital-experience#team). ### Prepare for CEO office minutes @@ -393,9 +602,9 @@ After the team member notifies the Head of Digital Experience (via Slack), the H ### Document performance feedback -Every Friday at 5PM a [Business Operations team member](https://fleetdm.com/handbook/business-operations#team) will look for missing data in the [KPIs spreadsheet](https://docs.google.com/spreadsheets/d/1Hso0LxqwrRVINCyW_n436bNHmoqhoLhC8bcbvLPOs9A/edit#gid=0). -1. If KPIs are not reported on time, the BizOps Engineer will notify the Apprentice to the CEO and the DRI. -2. The Apprentice will update the "performance management" section of the appropriate individual's 1:1 doc so that the CEO can address during the next 1:1 meeting with the DRI. +Every Friday at 5PM a [Digital Experience team member](https://fleetdm.com/handbook/digital-experience#team) will look for missing data in the [KPIs spreadsheet](https://docs.google.com/spreadsheets/d/1Hso0LxqwrRVINCyW_n436bNHmoqhoLhC8bcbvLPOs9A/edit#gid=0). +1. If KPIs are not reported on time, notify the Head of Digital Experience and the DRI. +2. The Head of Digital Experience will update the "performance management" section of the appropriate individual's 1:1 doc so that the CEO can address during the next 1:1 meeting with the DRI. ### Send the weekly update diff --git a/handbook/business-operations/Application-security.md b/handbook/digital-experience/application-security.md similarity index 77% rename from handbook/business-operations/Application-security.md rename to handbook/digital-experience/application-security.md index e914e99f0f0f..3c174102991c 100644 --- a/handbook/business-operations/Application-security.md +++ b/handbook/digital-experience/application-security.md @@ -1,13 +1,13 @@ # Application security -- [Describe your secure coding practices (SDLC)](https://fleetdm.com/handbook/business-operations/application-security#describe-your-secure-coding-practices-including-code-reviews-use-of-static-dynamic-security-testing-tools-3-rd-party-scans-reviews) -- [SQL injection](https://fleetdm.com/handbook/business-operations/application-security#sql-injection) -- [Broken authentication](https://fleetdm.com/handbook/business-operations/application-security#broken-authentication-authentication-session-management-flaws-that-compromise-passwords-keys-session-tokens-etc) - - [Passwords](https://fleetdm.com/handbook/business-operations/application-security#passwords) - - [Authentication tokens](https://fleetdm.com/handbook/business-operations/application-security#authentication-tokens) -- [Sensitive data exposure](https://fleetdm.com/handbook/business-operations/application-security#sensitive-data-exposure-encryption-in-transit-at-rest-improperly-implemented-apis) -- [Cross-site scripting](https://fleetdm.com/handbook/business-operations/application-security#cross-site-scripting-ensure-an-attacker-cant-execute-scripts-in-the-users-browser) -- [Components with known vulnerabilities](https://fleetdm.com/handbook/business-operations/application-security#components-with-known-vulnerabilities-prevent-the-use-of-libraries-frameworks-other-software-with-existing-vulnerabilities) +- [Describe your secure coding practices (SDLC)](https://fleetdm.com/handbook/digital-experience/application-security#describe-your-secure-coding-practices-including-code-reviews-use-of-static-dynamic-security-testing-tools-3-rd-party-scans-reviews) +- [SQL injection](https://fleetdm.com/handbook/digital-experience/application-security#sql-injection) +- [Broken authentication](https://fleetdm.com/handbook/digital-experience/application-security#broken-authentication-authentication-session-management-flaws-that-compromise-passwords-keys-session-tokens-etc) + - [Passwords](https://fleetdm.com/handbook/digital-experience/application-security#passwords) + - [Authentication tokens](https://fleetdm.com/handbook/digital-experience/application-security#authentication-tokens) +- [Sensitive data exposure](https://fleetdm.com/handbook/digital-experience/application-security#sensitive-data-exposure-encryption-in-transit-at-rest-improperly-implemented-apis) +- [Cross-site scripting](https://fleetdm.com/handbook/digital-experience/application-security#cross-site-scripting-ensure-an-attacker-cant-execute-scripts-in-the-users-browser) +- [Components with known vulnerabilities](https://fleetdm.com/handbook/digital-experience/application-security#components-with-known-vulnerabilities-prevent-the-use-of-libraries-frameworks-other-software-with-existing-vulnerabilities) The Fleet community follows best practices when coding. Here are some of the ways we mitigate against the OWASP top 10 issues: diff --git a/handbook/digital-experience/digital-experience.rituals.yml b/handbook/digital-experience/digital-experience.rituals.yml index 60aff9533300..c36e75db31ec 100644 --- a/handbook/digital-experience/digital-experience.rituals.yml +++ b/handbook/digital-experience/digital-experience.rituals.yml @@ -175,7 +175,7 @@ startedOn: "2024-03-31" frequency: "Quarterly" description: "Downgrade unused or questionable license seats on the first Wednesday of every quarter" - moreInfoUrl: "https://fleetdm.com/handbook/business-operations#downgrade-an-unused-license-seat" + moreInfoUrl: "https://fleetdm.com/handbook/digital-experience#downgrade-an-unused-license-seat" dri: "sampfluger88" - task: "Communicate Fleet's potential energy to stakeholders" @@ -188,21 +188,33 @@ labels: [ "#g-digital-experience" ] repo: "confidential" - - task: "Change password of \"Integrations admin\" Salesforce account" - startedOn: "2024-09-10" + task: "Vanta check" # TODO tie this to a responsibility + startedOn: "2024-04-01" + frequency: "Monthly" + description: "Look for any new actions in Vanta due in the upcoming months and create issues to ensure they're done on time." + moreInfoUrl: + dri: "sampfluger88" + autoIssue: + labels: [ "#g-digital-experience" ] + repo: "confidential" +- + task: "Recognize and benchmark workiversaries" + startedOn: "2024-07-15" + frequency: "Bimonthly" + description: "Identify workiversaries coming up in the next two months and follow the steps to ensure they're recognized and benchmarked" + moreInfoUrl: "https://fleetdm.com/handbook/digital-experience#recognize-employee-workiversaries" + dri: "sampfluger88" +- + task: "Quarterly grants" + startedOn: "2024-02-01" + frequency: "Quarterly" + description: "Create the equity grants GitHub issue and walk through the steps." + moreInfoUrl: "https://fleetdm.com/handbook/digital-experience#grant-equity" + dri: "hollidayn" +- + task: "Change password of \"Integrations admin\" Salesforce account" + startedOn: "2024-09-10" frequency: "Quarterly" - description: "Log into the \"Integrations admin\" account in Salesforce and change the password to prevent a password change being required by Salesforce." + description: "Log into the \"Integrations admin\" account in Salesforce and change the password to prevent a password change being required by Salesforce." moreInfoUrl: "https://fleetdm.com/handbook/digital-experience#change-the-integrations-admin-salesforce-account-password" dri: "eashaw" - - - - - - - - - - - - diff --git a/handbook/business-operations/security-audits.md b/handbook/digital-experience/security-audits.md similarity index 100% rename from handbook/business-operations/security-audits.md rename to handbook/digital-experience/security-audits.md diff --git a/handbook/business-operations/security-policies.md b/handbook/digital-experience/security-policies.md similarity index 99% rename from handbook/business-operations/security-policies.md rename to handbook/digital-experience/security-policies.md index 42a911c99174..842e67a44d50 100644 --- a/handbook/business-operations/security-policies.md +++ b/handbook/digital-experience/security-policies.md @@ -102,7 +102,7 @@ Fleet policy requires that: - Use of shared credentials/secrets must be minimized. -- If required by business operations, secrets/credentials must be shared securely and stored in encrypted vaults that meet the Fleet data encryption standards. +- If required by Digital Experience, secrets/credentials must be shared securely and stored in encrypted vaults that meet the Fleet data encryption standards. ### Privileged access management @@ -158,7 +158,7 @@ For technical incidents: For business/operational incidents: - CEO (Mike McNeil) -- Head of Business Operations (Joanne Stableford) +- Head of Digital Experience (Sam Pfluger) ### Response Teams and Responsibilities @@ -612,7 +612,7 @@ CTO | Oversight over information sec | System owners | Manage the confidentiality, integrity, and availability of the information systems for which they are responsible in compliance with Fleet policies on information security and privacy.
Approve of technical access and change requests for non-standard access | | Employees, contractors, temporary workers, etc. | Acting at all times in a manner that does not place at risk the security of themselves, colleagues, and the information and resources they have use of
Helping to identify areas where risk management practices should be adopted
Adhering to company policies and standards of conduct Reporting incidents and observed anomalies or weaknesses | | Head of People Operations | Ensuring employees and contractors are qualified and competent for their roles
Ensuring appropriate testing and background checks are completed
Ensuring that employees and relevant contractors are presented with company policies
Ensuring that employee performance and adherence to values is evaluated
Ensuring that employees receive appropriate security training | -| Head of Business Operations | Responsible for oversight over third-party risk management process; responsible for review of vendor service contracts | +| Head of Digital Experience | Responsible for oversight over third-party risk management process; responsible for review of vendor service contracts | ## Network and system hardening standards Fleet leverages industry best practices for network hardening, which involves implementing a layered defense strategy called defense in depth. This approach ensures multiple security controls protect data and systems from internal and external threats. @@ -790,4 +790,4 @@ Fleet makes every effort to assure all third-party organizations are compliant a > Fleet is committed to ethical business practices and compliance with the law. All Fleeties are required to comply with the "Foreign Corrup Practices Act" and anti-bribery laws and regulations in applicable jurisdictions including, but not limited to, the "UK Bribery Act 2010", "European Commission on Anti-Corruption" and others. The policies set forth in [this document](https://docs.google.com/document/d/16iHhLhAV0GS2mBrDKIBaIRe_pmXJrA1y7-gTWNxSR6c/edit?usp=sharing) go over Fleet's anti-corruption policy in detail. - + \ No newline at end of file diff --git a/handbook/business-operations/security.md b/handbook/digital-experience/security.md similarity index 99% rename from handbook/business-operations/security.md rename to handbook/digital-experience/security.md index 0bb01c4ef278..46bbbf31ed2e 100644 --- a/handbook/business-operations/security.md +++ b/handbook/digital-experience/security.md @@ -27,7 +27,7 @@ As an all-remote company, we do not have the luxury of seeing each other or bein | Participant | Role | | ----------- | ---------------------------------------------------------------------------------------------------------------------------------------------------- | | Requester | Requests recovery for their own account | -| Recoverer | Person with access to perform the recovery who monitors `#g-business-operations` | +| Recoverer | Person with access to perform the recovery who monitors `#g-digital-experience` | | Identifier | Person that visually identifies the requester in a video call. The identifier can be the recoverer or a person the recoverer can recognize visually | @@ -35,10 +35,10 @@ As an all-remote company, we do not have the luxury of seeing each other or bein 1. If the requester still has access to GitHub and/or Slack, they [ask for - help](https://fleetdm.com/handbook/business-operations#intake). For non-urgent requests, please - prefer filing an issue with the business operations team. If they do not have access, + help](https://fleetdm.com/handbook/digital-experience#contact-us). For non-urgent requests, please + prefer filing an issue with the Digital Experience team. If they do not have access, they can contact their manager or a teammate over the phone via voice or texting, and they will - [ask for help](https://fleetdm.com/handbook/business-operations#intake) on behalf of the + [ask for help](https://fleetdm.com/handbook/digital-experience#contact-us) on behalf of the requester. 2. The recoverer identifies the requester through a live video call. * If the recoverer does not know the requester well enough to positively identify them visually, the @@ -870,12 +870,12 @@ questions and more on [https://fleetdm.com/trust](https://fleetdm.com/trust) ## Securtiy audits -Read about Fleet's security audits on [this page](https://fleetdm.com/handbook/business-operations/security-audits). +Read about Fleet's security audits on [this page](https://fleetdm.com/handbook/digital-experience/security-audits). ## Application security -Read about Fleet's application security practices on the [application security page](https://fleetdm.com/handbook/business-operations/application-security). +Read about Fleet's application security practices on the [application security page](https://fleetdm.com/handbook/digital-experience/application-security). diff --git a/handbook/business-operations/vendor-questionnaires.md b/handbook/digital-experience/vendor-questionnaires.md similarity index 95% rename from handbook/business-operations/vendor-questionnaires.md rename to handbook/digital-experience/vendor-questionnaires.md index 8af17638700a..ee3bf32cd252 100644 --- a/handbook/business-operations/vendor-questionnaires.md +++ b/handbook/digital-experience/vendor-questionnaires.md @@ -17,7 +17,7 @@ Please also see [Application security](https://fleetdm.com/docs/using-fleet/appl ## Data security -Please also see ["Data security"](https://fleetdm.com/handbook/business-operations/security-policies#data-management-policy) +Please also see ["Data security"](https://fleetdm.com/handbook/digital-experience/security-policies#data-management-policy) | Question | Answer | | ----------- | ---------------------------------------------------------------------------------------------------------------------------------------------------- | | Should the need arise during an active relationship, how can our Data be removed from the Fleet's environment? | Customer data is primarily stored in RDS, S3, and Cloudwatch logs. Deleting these resources will remove the vast majority of customer data. Fleet can take further steps to remove data on demand, including deleting individual records in monitoring systems if requested. | @@ -35,7 +35,7 @@ Please also see ["Data security"](https://fleetdm.com/handbook/business-operatio | Can Fleet customers access service logs? | Logs will not be accessible by default, but can be provided upon request. | ## Encryption and key management -Please also see [Encryption and key management](https://fleetdm.com/handbook/business-operations/security-policies#encryption-policy) +Please also see [Encryption and key management](https://fleetdm.com/handbook/digital-experience/security-policies#encryption-policy) | Question | Answer | | ----------- | ---------------------------------------------------------------------------------------------------------------------------------------------------- | | Does Fleet have a cryptographic key management process (generation, exchange, storage, safeguards, use, vetting, and replacement), that is documented and currently implemented, for all system components? (e.g. database, system, web, etc.) | All data is encrypted at rest using methods appropriate for the system (ie KMS for AWS based resources). Data going over the internet is encrypted using TLS or other appropiate transport security. | @@ -48,10 +48,10 @@ Please also see [Encryption and key management](https://fleetdm.com/handbook/bus | Does Fleet have documented information security baselines for every component of the infrastructure (e.g., hypervisors, operating systems, routers, DNS servers, etc.)? | Fleet follows best practices for the given system. For instance, with AWS we utilize AWS best practices for security including GuardDuty, CloudTrail, etc. | ## Business continuity -Please also see [Business continuity](https://fleetdm.com/handbook/business-operations/security-policies#business-continuity-plan) +Please also see [Business continuity](https://fleetdm.com/handbook/digital-experience/security-policies#business-continuity-plan) | Question | Answer | | ----------- | ---------------------------------------------------------------------------------------------------------------------------------------------------- | -| Please provide your application/solution disaster recovery RTO/RPO | RTO and RPO intervals differ depending on the service that is impacted. Please refer to https://fleetdm.com/handbook/business-operations/security-policies#business-continuity-and-disaster-recovery-policy | +| Please provide your application/solution disaster recovery RTO/RPO | RTO and RPO intervals differ depending on the service that is impacted. Please refer to https://fleetdm.com/handbook/digital-experience/security-policies#business-continuity-and-disaster-recovery-policy | ## Network security | Question | Answer | diff --git a/handbook/engineering/README.md b/handbook/engineering/README.md index 2592d5d68a26..dc0966983356 100644 --- a/handbook/engineering/README.md +++ b/handbook/engineering/README.md @@ -463,7 +463,7 @@ When this occurs, we will begin receiving the following error message when attem 2. Log in using the credentials stored in 1Password under "Apple developer account". -3. Contact the Head of Business Operations to determine which phone number to use for 2FA. +3. Contact the Head of Digital Experience to determine which phone number to use for 2FA. 4. Complete the 2FA process to log in. @@ -535,7 +535,7 @@ Upon receiving any device, follow these steps to process incoming equipment. ### Ship approved equipment -Once the Business Operations department approves inventory to be shipped from Fleet IT, follow these step to ship the equipment. +Once the Digital Experience department approves inventory to be shipped from Fleet IT, follow these step to ship the equipment. 1. Compare the equipment request issue with the ["Company equipment" spreadsheet](https://docs.google.com/spreadsheets/d/1hFlymLlRWIaWeVh14IRz03yE-ytBLfUaqVz0VVmmoGI/edit#gid=0) and verify physical inventory. 2. Plug in the device and ensure inventory has been correctly processed and all components are present (e.g. charger cord, power converter). 3. package equipment for shipment and include Yubikeys (if requested). diff --git a/handbook/engineering/engineering.rituals.yml b/handbook/engineering/engineering.rituals.yml index 2616976cd302..bdc8aa69ecbd 100644 --- a/handbook/engineering/engineering.rituals.yml +++ b/handbook/engineering/engineering.rituals.yml @@ -96,7 +96,7 @@ startedOn: "2024-02-09" frequency: "Daily" description: "Check event issues and complete steps." - moreInfoUrl: "https://fleetdm.com/handbook/business-operations#book-an-event" + moreInfoUrl: "https://fleetdm.com/handbook/engineering#book-an-event" dri: "spokanemac" diff --git a/handbook/finance/README.md b/handbook/finance/README.md new file mode 100644 index 000000000000..2e48dc6d8a02 --- /dev/null +++ b/handbook/finance/README.md @@ -0,0 +1,345 @@ +# Finance +This handbook page details processes specific to working [with](#contact-us) and [within](#responsibilities) this department. + +## Team +| Role | Contributor(s) | +|:------------------------------|:-----------------------------------------------------------------------------------------------------------| +| Head of Finance | [Joanne Stableford](https://www.linkedin.com/in/joanne-stableford/) _([@jostableford](https://github.com/JoStableford))_ +| Finance Engineer | [Isabell Reedy](https://www.linkedin.com/in/isabell-reedy-202aa3123/) _([@ireedy](https://github.com/ireedy))_ + + +## Contact us +- To **make a request** of this department, [create an issue](https://github.com/fleetdm/confidential/issues/new?assignees=&labels=%23g-finance&projects=&template=custom-request.md) and a team member will get back to you within one business day (If urgent, mention a [team member](#team) in [#g-finance](https://fleetdm.slack.com/archives/C047N5L6EGH). + - Please **use issue comments and GitHub mentions** to communicate follow-ups or answer questions related to your request. + - Any Fleet team member can [view the kanban board](https://app.zenhub.com/workspaces/-g-finance-63f3dc3cc931f6247fcf55a9/board?sprints=none) for this department, including pending tasks and the status of new requests. + + +## Responsibilities +The Finance department is directly responsible for accounts receivable including invoicing, accounts payable including commision calculations, exspense reporting including Brex memos and maintaining accurate spend projections in "🧮The numbers", sales taxes, payroll taxes, corporate income/franchise taxes, and financial operations including bank accounts and cash flow management. + + +### Run payroll +Many of these processes are automated, but it's vital to check Gusto and Plane manually for accuracy. + - Salaried fleeties are automated in Gusto and Plane. + - Hourly fleeties and consultants are a manual process each month in Gusto and Plane. + +| Payroll type | What to use | DRI | +|:-----------------------------|:-----------------------------|:-----------------------------| +| [Commissions and ramp](https://fleetdm.com/handbook/finance#run-us-commission-payroll) | "Off-cycle - Commission" payroll | Head of Finance +| Sign-on bonus | "Bonus" payroll | Head of Finance +| Performance bonus | "Bonus" payroll | Head of Finance +| Accelerations (quarterly) | "Off-cycle - Commission" payroll | Head of Finance +| [US contractor payroll](https://fleetdm.com/handbook/finance#run-us-contractor-payroll) | "Off-cycle" payroll | Head of Finance + +### Reconcile monthly recurring expenses +Recurring monthly or annual expenses, such as the tools we use throughout Fleet, are tracked as recurring, non-personnel expenses in ["🧮 The Numbers"](https://docs.google.com/spreadsheets/d/1X-brkmUK7_Rgp7aq42drNcUg8ZipzEiS153uKZSabWc/edit#gid=2112277278) _(¶confidential Google Sheet)_, along with their payment source. Reconciliation of recurring expenses happens monthly. + +> Use this spreadsheet as the source of truth. Always make changes to it first before adding or removing a recurring expense. Only track significant expenses. (Other things besides amount can make a payment significant; like it being an individualized expense, for example.) + + +### Register Fleet as an employer with a new state +Fleet must register as an employer in any state where we hire new teammates. To do this, complete the following steps in Gusto: +1. After a new teammate completes their Gusto profile, the Finance department will be prompted to approve it for payroll. Sign in to your Gusto admin account and begin the approval process. +2. Select "yes" when prompted to file a new hire report and complete the approval process. +3. Once the profile is approved, navigate to Tax setup and select the state you’d like to register Fleet in. +4. Select “Have us register for you” and then “Start registration.” +5. Verify, add, and amend any company information to ensure accuracy. +6. Select “Send registration” and authorize payment for the specified amount. CorpNet will then send an email with next steps, which vary by state. +7. Update the [list of states that Fleet is currently registered with as an employer](https://fleetdm.com/handbook/finance#review-state-employment-tax-filings-for-the-previous-quarter). + + +### Process an email from a state agency +From time to time, you may get notices via email (or in the mail) from state agencies regarding Fleet's withholding and/or unemployment tax accounts. You can resolve some of these notices on your own by verifying and/or updating the settings in your Gusto account. + +If the notice is regarding an upcoming change to your deposit schedule or unemployment tax rate, make the required change in Gusto, such as: +- Update your unemployment tax rate. +- Update your federal deposit schedule. +- Update your state deposit schedule. + +In Gusto, you can click **How to review your notice** to help you understand what kind of notice you received and what additional action you can take to help speed up the time it takes to resolve the issue. + +> **Note:** Many agencies do not send notices to Gusto directly, so it’s important that you read and take action before any listed deadlines or effective dates of requested changes, in case you have to do something. If you can't resolve the notice on your own, are unsure what the notice is in reference to, or the tax notice has a missing payment or balance owed, follow the steps in the Report and upload a tax notice in Gusto. + +Every quarter, payroll and tax filings are due for each state. Gusto can handle these automatically if Third-party authorization (TPA) is enabled. Each state is unique and Gusto has a library of [State registration and resources](https://support.gusto.com/hub/Employers-and-admins/Taxes-forms-and-compliance/State-registration-and-resources) available to review. You will need to grant Third-party authorization (TPA) per state and this should be checked quarterly before the filing due dates to ensure that Gusto can file on time. --> + + +### Review state employment tax filings for the previous quarter + +Every quarter, payroll and tax filings are due for each state. Gusto automates this process, however there are often delays or quirks between Gusto's submission and the state receiving the filings. +To mitigate the risk of penalties and to ensure filings occur as expected, follow these steps in the first month of the new quarter, verifying past quarter submission: +1. Create an issue to "Review state filings for the previous quarter". +2. Copy this text block into the issue to track progress by state: + + +``` +States checked: +- [ ] California +- [ ] Colorado +- [ ] Connecticut +- [ ] Florida +- [ ] Georgia +- [ ] Hawaii +- [ ] Illinois +- [ ] Kansas +- [ ] Maryland +- [ ] Massachusetts +- [ ] New York +- [ ] Ohio +- [ ] Oregon +- [ ] Pennsylvania +- [ ] Rhode Island +- [ ] Tennessee +- [ ] Texas +- [ ] Utah +- [ ] Virginia +- [ ] Washington +- [ ] Washington, DC +- [ ] West Virginia +- [ ] Wisconsin +``` + + +3. Login to Gusto and navigate to "Taxes and compliance", then "Tax documents". +4. Login to each State portal (using the details saved in 1Password) and verify that the portal has received the automated submission from Gusto. +5. Check off states that are correct, and use comments to explain any quirks or remediation that's needed. + + +### Run US contractor payroll +For Fleet's US contractors, running payroll is a manual process: +1. Add the amount to be paid to the "Gross" line. +2. Review hours _("Time tools > Time tracking")_ +3. Adjust time frame to match current payroll period (the 27th through 26th of the month) +4. Sync hours and run contractor payroll. + +### Create an invoice +To create a new invoice for a Fleet customer, follow these steps: +1. Go to the [invoice folder in google drive](https://drive.google.com/drive/folders/11limC_KQYNYQPApPoXN0CplHo_5Qgi2b?usp=drive_link). +2. Create a copy of the invoice template, and title the copy `[invoice number] Fleet invoice - [customer name]`. + - The invoice number follows the format of `YYMMDD[daily issued invoice number]`, where the daily issued invoice number should equal `01` if it's the first invoice issued that day, `02` if it's the second, etc. +3. Edit the new invoice to reflect details from the signed subscription agreement (and PO if required). + - Enter the invoice number (and PO number if required) into the top right section of the invoice. + - Update the date of the invoice to reflect the current date. + - Make sure the payment terms match the signed subscription agreement. + - Copy the customer address from the signed subscription agreement and input it in the "Bill to" section of the invoice. + - Copy the "Billing contact" email from the signed subscription agreement and add it to the last line of the "Bill to" address. + - Make sure the start and end dates of the contract and amount match the subscription agreement. + - If professional services are included in the subscription agreement, include as a separate line in the invoice, and ensure the amounts total correctly. + - Ensure the "Notes" section has wiring instructions for payment via SVB. +4. Download the completed invoice as a PDF. +5. Send the PDF to the billing contact from the "Bill to" section of the invoice and cc [Fleet's billing email address](https://fleetdm.com/handbook/company/communications#email-relays). Use the following template for the email: + +``` +Subject: Invoice for Fleet Device Management [invoice number] +Hello, + +I've attached the invoice for [customer name]'s purchase of Fleet Device Management's premium subscription. +For payment instructions please refer to your invoice, and reach out to [insert Fleet's billing address] with any questions. + +Thanks, +[name] +``` + +6. Update the opportunity and the opportunity billing cycle in Salesforce to include the "Invoice date" as the day the invoice was sent. +8. Notify the AE/CSM that the invoice has been sent. + +> Certain vendors require invoices submitted via a payment portal (such as Coupa). Once you've generated the invoice using the steps above, upload it to the relevant payment portal and email the billing contact to let them know you've submitted the invoice. + + +### Communicate the status of customer financial actions +This reporting is performed to update the status of open or upcoming customer actions regarding the financial health of the opportunity. To complete the report: +1. Check [SVB](https://connect.svb.com/#/) and [Brex](https://accounts.brex.com/login) for any recently received payments from customers and record them in SFDC. +2. Go to this [report folder](https://fleetdm.lightning.force.com/lightning/r/Folder/00lUG000000DstpYAC/view?queryScope=userFolders) in SFDC. The three reports will provide the data used in the report. +3. Copy the template below and paste it into the [#g-sales slack channel](https://fleetdm.slack.com/archives/C030A767HQV) and complete all "todos" using the data from Salesforce before sending. + +``` +Weekly revenue report - [@`todo: CRO` and @`todo: CEO`] +- Number accounts with outstanding balances = `todo` +- Number of customers awaiting invoices = `todo` +- Number of past-due renewals = `todo` +``` + +4. Send payment reminders via email to all outstanding accounts by responding to the invoice email initially sent to the customer. + +``` +Hello, +This is a reminder that you have an outstanding balance due for your Fleet Device Management premium subscription. +We have included the invoice here for your convenience. +For payment instructions please refer to your invoice, and reach out to [Fleet's billing contact] with any questions. + +Thanks, +[name] +``` + +5. If any accounts will become overdue within a week, reply in thread to the slack post, mention the opportunity owner of the account, and ask them to notify their contact that Fleet is still awaiting payment. +6. Review the [billing cycles](https://fleetdm.lightning.force.com/lightning/r/Report/00OUG000000yGjR2AU/view) report in SFDC for customers on multiyear deals. For any customers due for invoicing within the next week, create an issue on the Finance board. + + +### Run US commission payroll +1. Update individual teammates commission calculators (linked from [main commission calculator](https://docs.google.com/spreadsheets/d/1PuqUbfPGos87TfcHWgUd05TRJgQLlBmhyz1euj79m2A/edit?usp=sharing)) with new revenue from any deals that are closed-won (have a subscription agreement signed by both parties) and have a **close date** within the previous month. + - Verify closed-won deal numbers with CRO to ensure any agreed upon exceptions are captured (eg: CRO approves an AE to receive commission on a renewal deal due to cross-sell). +2. In the "Monthly commission payroll party" meeting, present the commission calculations for Fleeties receiving commission for approval. + - If there are any quarterly accelerators due for the teammate receiving commission, ensure the individual total includes both the monthly and the quarterly amount. +3. After the amounts are approved in the meeting, process the commission payroll. + - Use the off-cycle payroll option in Gusto. Be sure to classify the payment as "Commission" in the "other earnings" field and not the generic "Bonus." +4. Once commission payroll has been run, update the [main commission calculator](https://docs.google.com/spreadsheets/d/1PuqUbfPGos87TfcHWgUd05TRJgQLlBmhyz1euj79m2A/edit?usp=sharing) to mark the commission as paid. + +### Run international commission payroll +1. Follow the steps in [run US commission payroll](https://fleetdm.com/handbook/finance#run-us-commission-payroll) to have the commission amounts approved by the CRO. +2. After the amounts are approved in the "Monthly commission payroll party", navigate to Help > Ask a question in Plane to request a commission payment for the teammate. +3. Send a message using the following template + + ``` + Hello, + I’d like to run an off-cycle commission payment for [teammate’s full name] for the period of [commission period]. + The amount of [USD amount] should be paid with their next payroll. + Please let me know if you need any additional information to process this request. + + Thanks, + [name] + ``` + +4. Once Plane confirms the payroll change has been actioned, update the [main commission calculator](https://docs.google.com/spreadsheets/d/1PuqUbfPGos87TfcHWgUd05TRJgQLlBmhyz1euj79m2A/edit#gid=928324236) to mark the commission as paid. + + +### Run quarterly or annual employee bonus payroll +1. Update individual teammate bonus calculator (linked from [main commission calculator](https://docs.google.com/spreadsheets/d/1PuqUbfPGos87TfcHWgUd05TRJgQLlBmhyz1euj79m2A/edit?usp=sharing)) with relevant metrics. + - Bonus plans will have details specified on how to measure success, with most drawing from the [KPI spreadsheet](https://docs.google.com/spreadsheets/d/1Hso0LxqwrRVINCyW_n436bNHmoqhoLhC8bcbvLPOs9A/edit?usp=sharing) or from linked SFDC reports. If unsure where to pull achievement metrics from, contact teammate's manager to clarify. +2. In the "Monthly commission payroll party" meeting, present the bonus calculations for Fleeties receiving bonus for approval. +3. After the amounts are approved in the meeting, process the bonus payroll. + - Use the off-cycle payroll option in Gusto and be sure to classify the payment as "Bonus". + - For international teammates, you may need to use the "Help" function, or email support to notify Plane of the amount needing to be paid. +4. Once bonus payroll has been run, update the [main commission calculator](https://docs.google.com/spreadsheets/d/1PuqUbfPGos87TfcHWgUd05TRJgQLlBmhyz1euj79m2A/edit?usp=sharing) to mark the bonus as paid. + + +### Process monthly accounting +Create a [new montly accounting issue](https://github.com/fleetdm/confidential/issues/new/choose) for the current month and year named "Closing out YYYY-MM" in GitHub and complete all of the tasks in the issue. (This uses the [monthly accounting issue template](https://github.com/fleetdm/confidential/blob/main/.github/ISSUE_TEMPLATE/5-monthly-accounting.md). + +- **SLA:** The monthly accounting issue should be completed and closed before the 7th of the month. +- The close date is tracked each month in [KPIs](https://docs.google.com/spreadsheets/d/1Hso0LxqwrRVINCyW_n436bNHmoqhoLhC8bcbvLPOs9A/edit). +- **When is the issue created?** We create and close the monthly accounting issue for the previous month within the first 7 days of the following month. For example, the monthly accounting issue to close out the month of January is created promptly in February and closed before the end of the day, Feb 7th. A convenient trick is to create the issue on the first Friday of the month and close it ASAP. + + +### Respond to low credit alert +Fleet admins will receive an email alert when the usage of company cards for the month is aproaching the company credit limit. To avoid the limit being exceeded, a Brex admin will follow these steps: +1. Sign in to Fleet's Brex account. +2. On the landing page, use the "Move money" button to "Add funds to your Brex business accounts". +3. Select "Transfer from a connected account" and select the primary business account. +4. Choose the "One time" transfer option and process the transfer. + +No further action needs to be taken, the amount available for use will increase without disruption to regular processes. + +### Check franchise tax status +No later than the second month of every quarter, we check [Delaware divison of corporations](https://icis.corp.delaware.gov) to ensure that Fleet has paid the quarterly franchise tax amounts to remain in good standing with the state of Delaware. +- Go to the [DCIS - eCorp website](https://icis.corp.delaware.gov/ecorp/logintax.aspx?FilingType=FranchiseTax) and use the details in 1Password to look up Fleet's status. +- If no outstanding amounts: the tax has been paid. +- If outstanding amounts shown: ensure payment before due date to avoid penalties, interest, and entering bad standing. + + +### Check finances for quirks +Every quarter, we check Quickbooks Online (QBO) for discrepancies and follow up on quirks. +1. Check to make sure [bookkeeping quirks](https://docs.google.com/spreadsheets/d/1nuUPMZb1z_lrbaQEcgjnxppnYv_GWOTTo4FMqLOlsWg/edit?usp=sharing) are all accounted for and resolved or in progress toward resolution. +2. Check balance sheet and profit and loss statements (P&Ls) in QBO against the latest [monthly workbooks](https://drive.google.com/drive/folders/1ben-xJgL5MlMJhIl2OeQpDjbk-pF6eJM) in Google Drive. Ensure reports are in the "accural" accounting method. +3. Reach out to Pilot with any differences or quirks, and ask them to resolve/provide clarity. This often will need to happen over a call to review sycnhronously. +4. Once quirks are resolved, note the day it was resolved in the spreadsheet. + + +### Report quarterly numbers in Chronograph +Follow these steps to perform quarterly reporting for Fleet's investors: +1. Login to Chronograph and upload our profit and loss statement (P&L), balance sheet and cash flow statements for CRV (all in one book saved in [Google Drive](https://drive.google.com/drive/folders/1ben-xJgL5MlMJhIl2OeQpDjbk-pF6eJM). +2. Provide updated metrics for the following items using Fleet's [KPI spreadsheet](https://docs.google.com/spreadsheets/d/1Hso0LxqwrRVINCyW_n436bNHmoqhoLhC8bcbvLPOs9A/edit#gid=0). + - Headcount at end of the previous quarter. + - Starting ARR for the previous quarter. + - Total new ARR for the previous quarter. + - "Upsell ARR" (new ARR from expansions only- Chronograph defines "upsell" as price increases for any reason. + **- Fleet does not "upsell" anything; we deliver more value and customers enroll more hosts), downgrade ARR and churn ARR (if any) for the previous quarter.** + - Ending ARR for the previous quarter. + - Starting number of customers, churned customers, and the number of new customers Fleet gained during the previous quarter. + - Total amount of Fleet customers at the end of the previous quarter. + - Gross margin % + - How to calculate: (total revenue for the quarter - cost of goods sold for the quarter)/total revenue for the quarter (these metrics can be found in our books from Pilot). Chronograph will automatically conver this number to a %. + - Net dollar retention rate + - How to calculate: (starting ARR + new subscriptions and expansions - churn)/starting ARR. + - Cash burn + - How to calculate: start of quarter runway - end of quarter runway. + + +### Deliver annual report for venture line +Within 60 days of the end of the year, follow these steps: +1. Provide Silicon Valley Bank (SVB) with our balance sheet and profit and loss statement (P&L, sometimes called a cashflow statement) for the past twelve months. +2. Provide SVB with our board-approved annual operating budgets and projections (on a quarterly granularity) for the new year. +3. Deliver this as early as possible in case they have questions. + + +### Process a new vendor invoice +Fleet pays its vendors in less than 15 business days in most cases. All invoices and tax documents should be submitted to the Finance department using the [appropriate Fleet email address (confidential Google Doc)](https://docs.google.com/document/d/1tE-NpNfw1icmU2MjYuBRib0VWBPVAdmq4NiCrpuI0F0/edit#heading=h.wqalwz1je6rq). +- After making sure the invoice received from a new vendor is valid, add the new vendor to the recurring expenses section of ["The numbers"](https://docs.google.com/spreadsheets/d/1X-brkmUK7_Rgp7aq42drNcUg8ZipzEiS153uKZSabWc/edit#gid=2112277278) before paying the invoice. +- If we have not paid this vendor before, make sure we have received the required W-9 or W-8 form from the vendor. **Accounting cannot process a payment without these tax forms for compliance reasons.** + - **US-based vendors** are required to complete a [W-9 form](https://www.irs.gov/pub/irs-pdf/fw9.pdf). + - **Non-US based vendors and individuals** are required to follow these [instructions](https://www.irs.gov/instructions/iw8bene) and provide a completed [W-8BEN-E](https://www.irs.gov/pub/irs-pdf/fw8bene.pdf) form. + + +### Process a request to cancel a vendor +- Make the cancellation notification in accordance with the contract terms between Fleet and the vendor, typically these notifications are made via email and may have a specific address that notice must be sent to. If the vendor has an autorenew contract with Fleet there will often be a window of time in which Fleet can cancel, if notification is made after this time period Fleet may be obligated to pay for the subsequent year even if we don't use the vendor during the next contract term. +- Once cancelled, update the recurring expenses section of [The Numbers](https://docs.google.com/spreadsheets/d/1X-brkmUK7_Rgp7aq42drNcUg8ZipzEiS153uKZSabWc/edit#gid=2112277278) to reflect the cancellation by changing the projected monthly burn in column G to $0 and adding "CANCELLED" in front of the vendor's name in column C. + + +### Update weekly KPIs +- Create the weekly update issue from the template in ZenHub every Friday and update the [KPIs for finance](https://docs.google.com/spreadsheets/d/1Hso0LxqwrRVINCyW_n436bNHmoqhoLhC8bcbvLPOs9A/edit#gid=0) by 5pm US central time. +- Check the KPI sheet at 5pm US central time to ensure all departments have updated their KPIs on time. If any departments are delinquent, notify the department head and let the [Apprentice](https://fleetdm.com/handbook/finance#team) know so they can put it on the agenda for their next one-on-one with the CEO. + + +## Rituals + +The following table lists this department's rituals, frequency, and Directly Responsible Individual (DRI). + + + + + +#### Stubs +The following stubs are included only to make links backward compatible. + +##### Secure company-issued equipment for a team member +Please see [handbook/engineering#secure-company-issued-equipment-for-a-team-member](https://www.fleetdm.com/handbook/engineering#secure-company-issued-equipment-for-a-team-member). + +##### Register a domain for Fleet +Please see [handbook/register-a-domain-for-fleet](https://www.fleetdm.com/handbook/engineering#register-a-domain-for-fleet). + +##### Updating personnel details +Please see [handbook/engineering#update-personnel-details](https://www.fleetdm.com/handbook/engineering#update-personnel-details). + +##### Fix a laptop that's not checking in +Please see [handbook/engineering#fix-a-laptop-thats-not-checking-in](https://www.fleetdm.com/handbook/engineering#fix-a-laptop-thats-not-checking-in) + +##### Enroll a macOS host in dogfood +Please see [handbook/engineering#enroll-a-macos-host-in-dogfood](https://www.fleetdm.com/handbook/engineering#enroll-a-macos-host-in-dogfood) + +##### Enroll a Windows or Ubuntu Linux device in dogfood +Please see [handbook/engineering#enroll-a-windows-or-ubuntu-linux-device-in-dogfood](https://www.fleetdm.com/handbook/engineering#enroll-a-windows-or-ubuntu-linux-device-in-dogfood) + +##### Enroll a ChromeOS device in dogfood +Please see [handbook/engineering#enroll-a-chromeos-device-in-dogfood](https://www.fleetdm.com/handbook/engineering#enroll-a-chromeos-device-in-dogfood) + +##### Lock a macOS host in dogfood using fleetctl CLI tool +Please see [handbook/engineering#lock-a-macos-host-in-dogfood-using-fleetctl-cli-tool](https://www.fleetdm.com/handbook/engineering#lock-a-macos-host-in-dogfood-using-fleetctl-cli-tool) + +##### Book an event +Please see [handbook/engineering#book-an-event](https://www.fleetdm.com/handbook/engineering#book-an-event) + +##### Order SWAG +Please see [handbook/engineering#order-swag](https://www.fleetdm.com/handbook/engineering#order-swag) + + + + diff --git a/handbook/business-operations/business-operations.rituals.yml b/handbook/finance/finance.rituals.yml similarity index 60% rename from handbook/business-operations/business-operations.rituals.yml rename to handbook/finance/finance.rituals.yml index fec505589810..0aaea82a6c30 100644 --- a/handbook/business-operations/business-operations.rituals.yml +++ b/handbook/finance/finance.rituals.yml @@ -3,40 +3,30 @@ startedOn: "2024-02-12" frequency: "Weekly" description: "At the start of every week, check the Salesforce reports for past due invoices, non-invoiced opportunities, and past due renewals. Report findings to in the `#g-sales` channel." - moreInfoUrl: "https://fleetdm.com/handbook/business-operations#communicate-the-status-of-customer-financial-actions" + moreInfoUrl: "https://fleetdm.com/handbook/finance#communicate-the-status-of-customer-financial-actions" dri: "ireedy" autoIssue: - labels: [ "#g-business-operations" ] + labels: [ "#g-finance" ] repo: "confidential" - task: "AP invoice monitoring" startedOn: "2024-04-01" frequency: "Weekly" description: "Look for new accounts payable invoices and make sure that Fleet's suppliers are paid." - moreInfoUrl: "https://fleetdm.com/handbook/business-operations#process-a-new-vendor-invoice" + moreInfoUrl: "https://fleetdm.com/handbook/finance#process-a-new-vendor-invoice" dri: "ireedy" autoIssue: - labels: [ "#g-business-operations" ] - repo: "confidential" -- - task: "Inform managers about hours worked" - startedOn: "2024-02-09" - frequency: "Weekly" - description: "Gather hours worked for anyone who gets paid hourly by Fleet, and get those hours approved by their manager." - moreInfoUrl: "https://fleetdm.com/handbook/business-operations#inform-managers-about-hours-worked" - dri: "ireedy" - autoIssue: - labels: [ "#g-business-operations" ] + labels: [ "#g-finance" ] repo: "confidential" - - task: "KPI roundup + weekly update" + task: "KPI roundup" startedOn: "2024-02-16" frequency: "Weekly" - description: "Create the weekly KPI issue, complete the BizOps update and ensure all other inputs are completed on time." - moreInfoUrl: "https://fleetdm.com/handbook/business-operations#update-weekly-kpis" - dri: "hollidayn" + description: "Create the weekly KPI issue, complete the finance update." + moreInfoUrl: "https://fleetdm.com/handbook/finance#update-weekly-kpis" + dri: "ireedy" autoIssue: - labels: [ "#g-business-operations" ] + labels: [ "#g-finance" ] repo: "confidential" - task: "Key review prep" @@ -46,7 +36,7 @@ moreInfoUrl: "https://fleetdm.com/handbook/company/leadership#key-reviews" dri: "jostableford" autoIssue: - labels: [ "#g-business-operations" ] + labels: [ "#g-finance" ] repo: "confidential" - task: "Prioritize for next sprint" # Title that will actually show in rituals table @@ -56,38 +46,38 @@ moreInfoUrl: "https://fleetdm.com/handbook/company/why-this-way#why-make-work-visible" #URL used to highlight "description:" test in table dri: "jostableford" # DRI for ritual (assignee if autoIssue) (TODO display GitHub proflie pic instead of name or title) autoIssue: # Enables automation of GitHub issues - labels: [ "#g-business-operations" ] # label to be applied to issue + labels: [ "#g-finance" ] # label to be applied to issue repo: "confidential" # The GitHub repo that issues will be created in -- - task: "Vanta check" # TODO tie this to a responsibility - startedOn: "2024-04-01" - frequency: "Monthly" - description: "Look for any new actions in Vanta due in the upcoming months and create issues to ensure they're done on time." - moreInfoUrl: - dri: "jostableford" - autoIssue: - labels: [ "#g-business-operations" ] - repo: "confidential" - task: "Reconcile monthly recurring expenses" startedOn: "2024-02-28" frequency: "Monthly" description: "Each month, update the inputs in “The numbers” spreadsheet to reflect the actuals for recurring non-personnel spend, and identify any unexpected increase or decrease in spend." - moreInfoUrl: "https://fleetdm.com/handbook/business-operations#reconcile-monthly-recurring-expenses" + moreInfoUrl: "https://fleetdm.com/handbook/finance#reconcile-monthly-recurring-expenses" dri: "jostableford" autoIssue: - labels: [ "#g-business-operations" ] + labels: [ "#g-finance" ] repo: "confidential" - task: "Monthly accounting" startedOn: "2024-02-28" frequency: "Monthly" description: "Create the monthly close GitHub issue and walk through the steps. This process includes fulfilling the monthly reporting requirement for SVB." - moreInfoUrl: "https://fleetdm.com/handbook/business-operations#process-monthly-accounting" + moreInfoUrl: "https://fleetdm.com/handbook/finance#process-monthly-accounting" dri: "hollidayn" autoIssue: - labels: [ "#g-business-operations" ] + labels: [ "#g-finance" ] repo: "confidential" +- + task: "Run regular payroll" + startedOn: "2024-02-24" + frequency: "Monthly" + description: "Verify auto-populated payroll for all full time employees is accurate, and approve for processing." + moreInfoUrl: "https://fleetdm.com/handbook/finance#run-payroll" + dri: "jostableford" + autoIssue: + labels: [ "#g-finance" ] + repo: "confidential" - task: "Monthly mail review" # TODO tie this to a responsibility startedOn: "2024-04-15" @@ -96,86 +86,62 @@ moreInfoUrl: null dri: "ireedy" autoIssue: - labels: [ "#g-business-operations" ] + labels: [ "#g-finance" ] repo: "confidential" -- - task: "Run regular payroll" - startedOn: "2024-02-24" - frequency: "Monthly" - description: "Verify auto-populated payroll for all full time employees is accurate, and approve for processing." - moreInfoUrl: "https://fleetdm.com/handbook/business-operations#run-payroll" - dri: "jostableford" - autoIssue: - labels: [ "#g-business-operations" ] - repo: "confidential" - task: "Run US contractor payroll" startedOn: "2024-02-28" frequency: "Monthly" description: "Manually process US contractor payroll by verifying and syncing time contractor worked, then processing payment." - moreInfoUrl: "https://fleetdm.com/handbook/business-operations#run-us-contractor-payroll" + moreInfoUrl: "https://fleetdm.com/handbook/finance#run-us-contractor-payroll" dri: "jostableford" autoIssue: - labels: [ "#g-business-operations" ] + labels: [ "#g-finance" ] repo: "confidential" - task: "Run US commission payroll" startedOn: "2024-01-31" frequency: "Monthly" description: "Verify closed-won deal amounts, use commission calculators to determine commissions owed, and process payroll." - moreInfoUrl: "https://fleetdm.com/handbook/business-operations#run-us-commission-payroll" + moreInfoUrl: "https://fleetdm.com/handbook/finance#run-us-commission-payroll" dri: "jostableford" autoIssue: - labels: [ "#g-business-operations" ] + labels: [ "#g-finance" ] repo: "confidential" -- - task: "Recognize and benchmark workiversaries" - startedOn: "2024-07-15" - frequency: "Bimonthly" - description: "Identify workiversaries coming up in the next two months and follow the steps to ensure they're recognized and benchmarked" - moreInfoUrl: "https://fleetdm.com/handbook/business-operations#recognize-employee-workiversaries" - dri: "ireedy" - task: "Run bonus payroll" startedOn: "2024-01-31" frequency: "Quarterly" description: "Verify completion of any objective or outcome based bonus plans, and process payroll." - moreInfoUrl: "https://fleetdm.com/handbook/business-operations#run-us-commission-payroll" # TODO update linked process and add a new process that captures MBO payment + moreInfoUrl: "https://fleetdm.com/handbook/finance#run-us-commission-payroll" # TODO update linked process and add a new process that captures MBO payment dri: "jostableford" - task: "Review state filings for the previous quarter" startedOn: "2024-07-19" frequency: "Quarterly" description: "Verify that state filings have been successfully submitted for the previous quarter" - moreInfoUrl: "https://fleetdm.com/handbook/business-operations#review-state-employment-tax-filings-for-the-previous-quarter" + moreInfoUrl: "https://fleetdm.com/handbook/finance#review-state-employment-tax-filings-for-the-previous-quarter" dri: "ireedy" - task: "Investor reporting" startedOn: "2024-03-31" frequency: "Quarterly" description: "Provide updated metrics for CRV in Chronograph." - moreInfoUrl: "https://fleetdm.com/handbook/business-operations#report-quarterly-numbers-in-chronograph" + moreInfoUrl: "https://fleetdm.com/handbook/finance#report-quarterly-numbers-in-chronograph" dri: "hollidayn" - task: "Quartlery finance check" startedOn: "2024-03-31" frequency: "Quarterly" description: "Every quarter, we check Quickbooks Online (QBO) for discrepancies and follow up with accounting providers for any quirks found." - moreInfoUrl: "https://fleetdm.com/handbook/business-operations#check-finances-for-quirks" + moreInfoUrl: "https://fleetdm.com/handbook/finance#check-finances-for-quirks" dri: "jostableford" -- - task: "Quarterly grants" - startedOn: "2024-02-01" - frequency: "Quarterly" - description: "Create the equity grants GitHub issue and walk through the steps." - moreInfoUrl: "https://fleetdm.com/handbook/business-operations#grant-equity" - dri: "hollidayn" - task: "Deliver annual report for venture line" startedOn: "2024-12-01" frequency: "Annually" description: "Within 60 days of the new year, provide financial statements to SVB, along with board-approved projections for the new year" - moreInfoUrl: "https://fleetdm.com/handbook/business-operations#deliver-annual-report-for-venture-line" + moreInfoUrl: "https://fleetdm.com/handbook/finance#deliver-annual-report-for-venture-line" dri: "jostableford" - task: "Tax preparation" # TODO tie this to a responsibility diff --git a/handbook/sales/README.md b/handbook/sales/README.md index 126a67b8d5b7..2c37b1889dc1 100644 --- a/handbook/sales/README.md +++ b/handbook/sales/README.md @@ -41,12 +41,12 @@ Once the standard Fleetie onboarding issue is complete, create a new ["Sales tea During the buying cycle, the champion will need to start the process to secure funding in cooperation with the economic buyer and the finance org. -All quotes and purchase orders must be approved by CRO before being sent to the prospect or customer. Often, the CRO will request Fleet business operations/legal of any unique terms required. +All quotes and purchase orders must be approved by CRO before being sent to the prospect or customer. Often, the CRO will request legal review of any unique terms required. The Fleet owner of the opportunity (usually AE or CSM) will prepare a quote and/or a Purchase Order when requested. - Because the champion may need to socialize "what is Fleet" or "what are we getting when buying Fleet," it is most often best to send the quote in [slide form](https://docs.google.com/presentation/d/15kbqm0OYPf1OmmTZvDp4F7VvMERnX4K6TMYqCYNr-wI/edit?usp=sharing). - Docusign can be used to create a [standard Purchase Order](https://www.loom.com/share/Loom-Message-16-January-2023-2ba8cf195ec645ebabac267d7df59823?sid=214f8c6b-beb3-427a-a3a8-e8c20b5dc350) if no special terms or pricing are needed. -- Before sending to prospect, work with the Business operations team to verify if sales tax needs to be charged and, if so, how much. +- Before sending to prospect, work with the Finance team to verify if sales tax needs to be charged and, if so, how much. ### Obtain a copy of Fleet's W-9 @@ -199,7 +199,7 @@ Temp Transfer to: Temp technical DRI 1. If a customer has no objections to using Fleet's NDA, route the NDA to them for signature using the "🙊 NDA (Non-disclosure agreement)" template in [DocuSign](https://apps.docusign.com/send/home). > If a customer would like to review the NDA first, download a .docx of [Fleet's NDA](https://docs.google.com/document/d/1gQCrF3silBFG9dJgyCvpmLa6hPhX_T4V7pL3XAwgqEU/edit?usp=sharing) and send it to the customer. 2. If the customer has no objections, route the NDA using the template in DocuSign (do not upload and use the copy you emailed to the customer). -3. If the customer "redlines" (i.e. wants to change) the NDA, follow the [contract review process](https://fleetdm.com/handbook/company/communications#getting-a-contract-reviewed) so that BizOps can look over any proposed changes and provide guidance on how to proceed. +3. If the customer "redlines" (i.e. wants to change) the NDA, follow the [contract review process](https://fleetdm.com/handbook/company/communications#getting-a-contract-reviewed) so that Digital Experience can look over any proposed changes and provide guidance on how to proceed. ### Create a customer agreement @@ -212,12 +212,12 @@ Temp Transfer to: Temp technical DRI - **Standard terms:** For all subscription agreements, NDAs, and similar contracts, Fleet maintains a [standard set of terms and maximum allowable adjustments for those terms](https://docs.google.com/spreadsheets/d/1gAenC948YWG2NwcaVHleUvX0LzS8suyMFpjaBqxHQNg/edit#gid=1136345578). Exceptions to these maximum allowable adjustments always require CEO approval, whether in the form of redlines to Fleet's agreements or in terms on a prospective customer's own contract. -> All non-standard (from another party) subscription agreements, NDAs, and similar contracts require legal review from the Business Operations department before being signed. [Create an issue to request legal review](https://github.com/fleetdm/confidential/blob/main/.github/ISSUE_TEMPLATE/contract-review.md). +> All non-standard (from another party) subscription agreements, NDAs, and similar contracts require legal review from the Contracts and Compliance department before being signed. [Create an issue to request legal review](https://github.com/fleetdm/confidential/blob/main/.github/ISSUE_TEMPLATE/contract-review.md). ### Close a new customer deal -To close a deal with a new customer (non-self-service), create and complete a GitHub issue using the ["Sale" issue template](https://github.com/fleetdm/confidential/issues/new?assignees=hughestaylor&labels=%23g-business-operations&projects=&template=3-sale.md&title=New+customer%3A+_____________). +To close a deal with a new customer (non-self-service), create and complete a GitHub issue using the ["Sale" issue template](https://github.com/fleetdm/confidential/issues/new?assignees=alexmitchelliii&labels=%23g-sales&projects=&template=3-sale.md&title=New+customer%3A+_____________). ### Change customer credit card number @@ -227,8 +227,8 @@ You can help a Premium license dispenser customers change their credit card by d ### Process a security questionnaire -- The AE will [use the handbook](https://fleetdm.com/handbook/company/communications#vendor-questionnaires) to answer most of the questions with links to appropriate sections in the handbook. After this first pass has been completed, and if there are outstanding questions, the AE will [assign the issue to Business Operations (#g-business-operations)](https://fleetdm.com/handbook/business-operations#contact-us) with a requested timeline for completion defined. -- BizOps consults the handbook to validate that nothing was missed by the AE. After the second pass has been completed, and if there are outstanding questions, BizOps will [reassign the issue to Sales (#g-sales)](https://fleetdm.com/handbook/sales#contact-us) for intake. +- The AE will [use the handbook](https://fleetdm.com/handbook/company/communications#vendor-questionnaires) to answer most of the questions with links to appropriate sections in the handbook. After this first pass has been completed, and if there are outstanding questions, the AE will [assign the issue to Digital Experience (#g-digital-experience)](https://fleetdm.com/handbook/digital-experience#contact-us) with a requested timeline for completion defined. +- Digital Experience consults the handbook to validate that nothing was missed by the AE. After the second pass has been completed, and if there are outstanding questions, Digital Experience will [reassign the issue to Sales (#g-sales)](https://fleetdm.com/handbook/sales#contact-us) for intake. - The issue will be assigned to the Solutions Consultant (SC) associated to the opportunity in order to complete any unanswered questions. - The SC will search for unanswered questions and confirm again that nothing was missed from the handbook. Content missing from the handbook will need to be added via PR by the SC. Any unanswered questions after this pass has been completed by the SC will need to be [escalated to the Infrastructure team (#g-customer-success)](https://fleetdm.com/handbook/customer-success#contact-us) with the requested timeline for completion defined in the issue. Once complete, the infra team will assign the issue back to the #g-sales board. - Any questions answered by the infra team will be added to the handbook by the SC. diff --git a/website/assets/resources/security-awareness/2022-05-security-awareness-slides.md b/website/assets/resources/security-awareness/2022-05-security-awareness-slides.md index f3fad15238e7..f1fbefd163fa 100644 --- a/website/assets/resources/security-awareness/2022-05-security-awareness-slides.md +++ b/website/assets/resources/security-awareness/2022-05-security-awareness-slides.md @@ -132,7 +132,7 @@ BEC leverages our willingness to help people. ## Money transfers -We have a strict process related to payments and wire transfers. If you are in the BizOps team, make sure you are aware of it. +We have a strict process related to payments and wire transfers. If you are in the Digital Experience team, make sure you are aware of it. ## Working from shady networks and cool locations @@ -179,7 +179,7 @@ Undoing git history is complicated. Consider this secret forever leaked. 1. Don't panic. It's encrypted. 2. Post about it in #g-security. -3. In the thread in #g-security, inform someone from the BizOps team. They'll help you get a new one ASAP! +3. In the thread in #g-security, inform someone from the Digital Experience team. They'll help you get a new one ASAP! ## If... you lose your Yubikey(s) diff --git a/website/config/custom.js b/website/config/custom.js index 9bb96b75d5cc..249d5238e015 100644 --- a/website/config/custom.js +++ b/website/config/custom.js @@ -266,7 +266,7 @@ module.exports.custom = { 'handbook/company/product-groups.md': ['lukeheath', 'sampfluger88','mikermcneil'], 'handbook/company/open-positions.yml': ['@sampfluger88','mikermcneil'], 'handbook/digital-experience': ['sampfluger88','mikermcneil'], - 'handbook/business-operations': ['sampfluger88','mikermcneil'], + 'handbook/finance': ['sampfluger88','mikermcneil'], 'handbook/engineering': ['sampfluger88','mikermcneil', 'lukeheath'], 'handbook/product-design': ['sampfluger88','mikermcneil'], 'handbook/sales': ['sampfluger88','mikermcneil'], diff --git a/website/config/routes.js b/website/config/routes.js index d6a047034466..2252a7072945 100644 --- a/website/config/routes.js +++ b/website/config/routes.js @@ -331,7 +331,6 @@ module.exports.routes = { 'GET /use-cases/using-elasticsearch-and-kibana-to-visualize-osquery-performance': '/guides/using-elasticsearch-and-kibana-to-visualize-osquery-performance', 'GET /use-cases/work-may-be-watching-but-it-might-not-be-as-bad-as-you-think': '/securing/work-may-be-watching-but-it-might-not-be-as-bad-as-you-think', 'GET /docs/contributing/testing': '/docs/contributing/testing-and-local-development', - 'GET /handbook/people': '/handbook/business-operations', 'GET /handbook/people/ceo-handbook': '/handbook/ceo', 'GET /handbook/company/ceo-handbook': '/handbook/ceo', 'GET /handbook/growth': '/handbook/marketing#growth', @@ -351,8 +350,8 @@ module.exports.routes = { 'GET /device-management/fleet-user-stories-f100': '/success-stories/fleet-user-stories-wayfair', 'GET /device-management/fleet-user-stories-schrodinger': '/success-stories/fleet-user-stories-wayfair', 'GET /device-management/fleet-user-stories-wayfair': '/success-stories/fleet-user-stories-wayfair', - 'GET /handbook/security': '/handbook/business-operations/security', - 'GET /handbook/security/security-policies':'/handbook/business-operations/security-policies#information-security-policy-and-acceptable-use-policy',// « reasoning: https://github.com/fleetdm/fleet/pull/9624 + 'GET /handbook/security': '/handbook/digital-experience/security', + 'GET /handbook/security/security-policies':'/handbook/digital-experience/security-policies#information-security-policy-and-acceptable-use-policy',// « reasoning: https://github.com/fleetdm/fleet/pull/9624 'GET /handbook/handbook': '/handbook/company/handbook', 'GET /handbook/company/development-groups': '/handbook/company/product-groups', 'GET /docs/using-fleet/mdm-macos-settings': '/docs/using-fleet/mdm-custom-macos-settings', @@ -363,6 +362,7 @@ module.exports.routes = { 'GET /handbook/marketing': '/handbook/demand/', 'GET /handbook/customers': '/handbook/sales/', 'GET /handbook/product': '/handbook/product-design', + 'GET /handbook/business-operations': '/handbook/finance', 'GET /docs': '/docs/get-started/why-fleet', 'GET /docs/get-started': '/docs/get-started/why-fleet', @@ -379,8 +379,8 @@ module.exports.routes = { 'GET /docs/using-fleet/chromeos': '/docs/using-fleet/enroll-chromebooks', 'GET /docs/using-fleet/rest-api': '/docs/rest-api/rest-api', 'GET /docs/using-fleet/configuration-files': '/docs/configuration/configuration-files/', - 'GET /docs/using-fleet/application-security': '/handbook/business-operations/application-security', - 'GET /docs/using-fleet/security-audits': '/handbook/business-operations/security-audits', + 'GET /docs/using-fleet/application-security': '/handbook/digital-experience/application-security', + 'GET /docs/using-fleet/security-audits': '/handbook/digital-experience/security-audits', 'GET /docs/using-fleet/process-file-events': '/guides/querying-process-file-events-table-on-centos-7', 'GET /docs/using-fleet/audit-activities': '/docs/using-fleet/audit-logs', 'GET /docs/using-fleet/detail-queries-summary': '/docs/using-fleet/understanding-host-vitals',