OnComply
Back to Blog
ComplianceMarch 8, 2026·4 min read

How to Collect and Track Certificates of Insurance from Vendors

Everything operations teams need to know about COI collection — what to check, how to validate coverage, and how to track renewals without a spreadsheet.

A Certificate of Insurance is one of the most commonly required vendor documents and one of the most commonly mishandled. Companies collect COIs, file them, and forget them — until an audit, an incident, or a vendor relationship gone wrong surfaces the problem.

This guide covers what a COI actually contains, what to verify when you receive one, and how to build a system that does not depend on calendar reminders and email chains.

What a Certificate of Insurance Actually Is

A COI is a summary document issued by an insurance broker or insurer that confirms a policyholder has active coverage. It is not the policy itself. It summarizes key facts: the insured entity, the coverage types, the coverage limits, the policy period, and who is listed as additional insured or certificate holder.

The most common form is the ACORD 25, which is the standard format used across nearly all commercial insurance.

What to Check on Every COI

Insured Name

The name on the COI must match the legal name of the vendor entity you are contracting with. A COI in the name of "Smith Construction" does not cover work performed by "Smith Construction LLC" — these are legally distinct entities.

Your Company as Certificate Holder

Your company name and address should appear in the "Certificate Holder" box. This is not just a formality — it ensures the certificate was actually issued for your relationship with this vendor, not recycled from another client.

Coverage Types

The coverage types you require depend on the nature of the work. The most commonly required:

  • General Liability — covers bodily injury and property damage caused by the vendor's operations
  • Workers' Compensation — required if the vendor has employees; covers injuries to their workers
  • Professional Liability (E&O) — required for professional services (consulting, technology, accounting, legal)
  • Commercial Auto — required if vendor vehicles are used in connection with your work
  • Umbrella/Excess — provides additional coverage above primary policy limits

Coverage Limits

Every industry and work type has different appropriate minimums. A technology consultant may need $1M in professional liability. A contractor doing work on your property may need $2M in general liability. Know your requirements before you collect COIs, not after.

Policy Period

Check the effective date and expiration date. The coverage must be active during the period the vendor is working for you. If the expiration date falls before the expected project end date, require a renewal certificate.

Additional Insured Status

For many vendor relationships, you should be listed as an additional insured on the vendor's policy — not just a certificate holder. These are different. Certificate holder means you receive notice if the policy is cancelled. Additional insured means you are actually covered under the policy. Know which one your contracts require.

How to Validate a COI

Receiving a COI is not the same as verifying it. A COI can be fraudulent, outdated, or technically valid but insufficient for your requirements.

Steps to validate:

  1. Check the broker's information. A legitimate COI lists the producing broker with contact information. For high-value vendor relationships, call the broker directly to confirm the policy is in force.
  2. Verify coverage limits meet your requirements. Compare the per-occurrence and aggregate limits against your minimums.
  3. Check the insured name carefully. Entity names are often very similar between related companies.
  4. Confirm your company is listed correctly. Misspellings or outdated addresses are common.
  5. Note the expiration date. Set a reminder 30 days before it expires.

The Expiration Problem

COIs typically renew annually. If you collected a valid COI in January and do not follow up, by February of the next year you have a vendor working for you with no verified coverage.

The operational reality is that most companies have no reliable way to track COI expirations across more than a handful of vendors. Spreadsheets break down around 20 vendors. Calendar reminders get missed. Email threads get lost.

The correct solution is a system that tracks expiration dates automatically and alerts you — and can send the vendor a renewal request — before the coverage lapses. This is the core function of vendor compliance software.

How Often to Renew

Request a new COI at every annual renewal, at the start of every new project, and any time the vendor's insurance situation may have changed. If you have reason to believe coverage may have lapsed, verify with the broker directly.

All posts
Start Free TrialBook Demo
W-9 CollectionCOI TrackingACH AuthorizationDocument Fill & SignAutomated ValidationRenewal RemindersCan-Work / Can-Pay ControlsVendor PortalCompliance DashboardWebhook IntegrationsEligibility APIAudit-Ready ExportsLicense TrackingGrace Period ManagementCustom FormsW-9 CollectionCOI TrackingACH AuthorizationDocument Fill & SignAutomated ValidationRenewal RemindersCan-Work / Can-Pay ControlsVendor PortalCompliance DashboardWebhook IntegrationsEligibility APIAudit-Ready ExportsLicense TrackingGrace Period ManagementCustom Forms