How to Ensure Vendor COI Compliance (Step-by-Step)
Read any certificate of insurance free. Upload an ACORD 25 and let AI pull the data in seconds.
PDF, JPG, PNG, BMP, HEIC, TIFF
Upload your certificates of insurance
Drop files here or click to upload
Up to 50 files
Uploading...
To ensure vendor COI compliance, set clear insurance requirements in the contract, collect a certificate of insurance from every vendor before work starts, check each certificate against the requirement that applies to that vendor, chase anything missing or expiring, and watch for mid-term cancellations. A vendor is compliant only while it carries the coverage, limits and endorsements you require and the policies stay in force.
Most teams think the hard part is collecting certificates. It is not. The hard part is everything after: knowing whether each certificate actually meets your requirements, keeping that true as policies renew and lapse, and being able to prove it months later when an auditor or a claim asks. This guide walks through the process that keeps vendors compliant instead of just on file.
What does vendor COI compliance mean?
Vendor COI compliance means a vendor carries the exact coverage, limits and endorsements your contract requires, and that those policies are in force right now. Compliance is a state, not a one-time event. A vendor that was compliant at onboarding becomes non-compliant the moment a policy lapses, a limit drops below your minimum, or a required endorsement is missing. Having a certificate on file does not make a vendor compliant, because the certificate itself can show short limits or missing coverage.
Step 1: Set clear insurance requirements
Compliance starts with a written standard. Decide the coverages, limits and endorsements each vendor must carry, and put them in the contract. Vary the requirement by vendor type: a janitorial service, a roofing contractor and an IT consultant carry very different risk, so holding them all to one generic template either over-demands coverage or lets a high-risk vendor pass on limits that were never enough. Spell out general liability, commercial auto, workers compensation, umbrella or excess, and whether you need to be named as additional insured with primary and noncontributory and waiver of subrogation endorsements. If you are not sure how much to require, our guide to vendor insurance requirements covers coverage types and limits by risk level.
Step 2: Collect a certificate before work begins
Request a COI from each vendor and set a deadline that lands before the vendor starts work or before you issue a purchase order. No certificate, no start. Collecting certificates after the fact is how uninsured vendors end up on site. Many teams pair this with the rest of vendor onboarding, gathering the signed agreement and a W-9 at the same time, so the insurance check is one part of a clean intake rather than a separate scramble.
Step 3: Check each certificate against the requirement
This is the step a spreadsheet cannot do. Read the certificate and compare it to the standard for that vendor. Confirm every required coverage is present, each limit meets or exceeds your minimum, the policy dates cover the work, and any required endorsement actually appears. Being named as certificate holder is not the same as being named as additional insured, so check the endorsement, not just the box. The table below is the checklist that separates a compliant certificate from a non-compliant one.
| Compliance check | Compliant | Non-compliant |
|---|---|---|
| Required coverages present | Every coverage type your requirement lists appears on the certificate | A required coverage such as general liability, auto or umbrella is missing |
| Limits meet the minimum | Each limit meets or exceeds the minimum you set for that vendor | A limit is below your minimum, including a short excess or umbrella layer |
| Additional insured | You are named as additional insured with the right endorsement | You are listed only as certificate holder, with no endorsement |
| Key endorsements | Primary and noncontributory and waiver of subrogation confirmed where required | A required endorsement is absent, so the contract protection is not in place |
| Policy in force | Effective and expiration dates cover the period of the work | The policy is expired, or was cancelled or non-renewed mid-term |
Step 4: Chase renewals and catch mid-term lapses
Certificates expire on a rolling basis, and policies get cancelled or non-renewed in the middle of a contract while the work continues. Checking compliance once and filing the certificate misses both. Set automated reminders that chase an expiring certificate before it lapses, and flag a cancelled policy the moment it is known, not at the date printed on the original certificate. This is where compliance quietly decays if you rely on email and a spreadsheet, because nobody is watching every vendor every day.
Step 5: Keep audit-ready proof of compliance
When an auditor, an insurer or a plaintiff asks whether a vendor was compliant on the day of an incident, you need dated evidence: what the requirement was, what the certificate showed, and that you verified it. Store every certificate, requirement and verification with a date, so you can reconstruct compliance as it stood on any past date. Email threads and a current spreadsheet cannot do that.
How do you track vendor COI compliance at scale?
You track vendor COI compliance at scale by replacing the manual checks with software that reads each certificate, scores it compliant or non-compliant against the right requirement, chases what is missing, and keeps the proof. Doing all five steps by hand works for a dozen vendors and breaks past a few dozen. COI compliance software turns a folder of PDFs into a live compliance status, so you can answer what percentage of vendors are compliant right now without rebuilding it from a spreadsheet. It is the same engine behind certificate of insurance verification and full vendor insurance compliance tracking.
What is the difference between collecting and verifying a COI?
Collecting a COI means receiving the document; verifying it means confirming the coverage, limits and endorsements meet your requirements and the policy is genuine and in force. A collected-but-unverified certificate gives a false sense of safety, because it can show coverage that falls short of what you require or a policy that has already lapsed. Verification is what turns a collected certificate into evidence of compliance. If you want to confirm a certificate is real, our guide on how to verify a certificate of insurance walks through spotting a fake.
How often should you check vendor COI compliance?
You should check vendor COI compliance continuously, not annually. Certificates expire and policies cancel throughout the year, so a yearly review leaves long windows where a vendor is non-compliant and nobody knows. The practical answer is to verify each certificate at onboarding, then monitor every vendor for expiration and mid-term cancellation on an ongoing basis, with automated reminders chasing renewals before coverage lapses.
Putting it together
Vendor COI compliance is five repeatable steps: set the requirement, collect the certificate, check it against the requirement, chase renewals and lapses, and keep the proof. The first two are easy and the last three are where compliance is won or lost. Once you have more than a handful of vendors, automating the checking, chasing and record-keeping is what keeps compliance from drifting. After a vendor clears compliance, the rest of vendor management is cleaner too: e-sign the vendor agreement that set those insurance requirements with online document e-signing, capture W-9s and licenses during intake with AI document data extraction, issue work to approved vendors through purchase order management software, and pay the compliant ones through accounts payable automation. Insurance compliance is the gate that protects everything downstream of it.