Getting a new vendor to work-ready status involves more moving parts than most teams realize — until something goes wrong. A missed W-9 delays a payment. An expired COI surfaces during an audit. A contract that was never signed becomes a dispute you cannot win.
This checklist covers every step, in the order they typically need to happen.
Before You Invite the Vendor
Before you send a single link or email, define what you actually need from this vendor.
- Determine vendor type. 1099 independent contractor, LLC, corporation, or foreign entity? Each has different document requirements.
- Identify required documents. At minimum: W-9, Certificate of Insurance (if they have employees or enter your premises), any professional licenses required for their work, and your standard contract.
- Set minimum insurance requirements. Define required coverage types (general liability, professional liability, workers comp) and minimum limits before you ask the vendor to provide a COI.
- Create or assign the onboarding group. Group vendors by type so the right requirements are applied automatically.
Documents to Collect
W-9
Required for any vendor you will pay more than $600 in a calendar year. Collect this before the first payment, not after.
What to verify: legal name matches what they do business as, TIN is present and correctly formatted, entity type is selected, signature and date are present.
Certificate of Insurance (COI)
Required for any vendor who has employees, operates equipment on your site, or could cause property damage or bodily injury.
What to verify: your company is listed as a certificate holder, coverage types match your requirements, coverage limits meet your minimums, effective dates cover the expected work period, and the insured name matches the vendor entity.
Professional or Business License
Required if the vendor's work is regulated — contractors, electricians, healthcare providers, financial advisors, attorneys, engineers, and many others.
What to verify: license is active (not expired or suspended), license number matches public records, and the license covers the specific work being performed.
Contract or Service Agreement
Should be signed before any work begins. Digital signatures are legally enforceable. Capture the signature with a timestamp, the signer's name and title, and a record of what version of the contract was signed.
ACH Authorization
If you pay vendors via direct deposit, collect a signed ACH authorization form that includes routing number, account number, account type, and an electronic signature authorizing the transfer.
Tax Exemption Certificate
If the vendor claims tax-exempt status, collect the certificate before your first payment and verify it is valid for your jurisdiction.
System Setup Steps
Once documents are collected and verified:
- Enter vendor into your payment system (AP, payroll, or ERP)
- Set the vendor's eligibility status to "cleared to pay"
- Set expiration reminders for COI, licenses, and any time-limited documents
- Assign the vendor to the correct team or project in your project management system
- Record the onboarding completion date
Common Mistakes to Avoid
Accepting expired documents. An insurance certificate that expired last month provides zero coverage. Always check the effective date.
Skipping the COI for small vendors. The size of the vendor is not the relevant variable — the nature of the work is. A one-person plumber can cause more damage than a hundred-person software company.
Collecting documents but not verifying them. Receiving a W-9 and filing it without checking the TIN is as risky as not collecting it at all. Verification is part of collection.
Onboarding without a signed contract. Verbal agreements and email chains are not contracts. Get a signed document.
Not tracking expirations. A compliant vendor today can become non-compliant in three months when their COI renews at lower coverage. Expiration tracking is not optional.
How to Keep This Process Consistent
The most common failure mode is not the first onboarding — it is the fifteenth. When the process lives in someone's head, it degrades with every new hire and every busy quarter.
Document the process. Assign ownership. Use a system that enforces the checklist rather than relying on memory.
A vendor compliance platform like Oncomply handles the collection, validation, and tracking automatically — so the checklist runs itself regardless of who is doing the onboarding.