Which Vendors Need a Certificate of Insurance?

Jul 11, 2026 Last updated July 2026

Read any certificate of insurance free. Upload an ACORD 25 and let AI pull the data in seconds.

PDF, JPG, PNG, BMP, HEIC, TIFF

Upload your certificates of insurance

Last updated July 2026.

Any vendor whose work could cause bodily injury, property damage or a professional loss you could be blamed for should provide a certificate of insurance before they start. In practice that means contractors, anyone who comes on site, anyone who handles your property or data, and any professional whose advice you rely on. Low risk vendors who deliver a boxed product and never touch your premises are the usual exceptions, but the safe default is to require a COI and waive it deliberately, not by accident.

Requiring a certificate from every vendor is overkill, and requiring one from none of them is a real exposure. The right answer is a simple risk test applied consistently, so nobody slips through because a manager was busy. Here is how to decide which vendors need a COI and what to ask them for.

Which vendors need a certificate of insurance?

A vendor needs a certificate of insurance whenever their work creates a risk that could become your liability. The clearest cases are vendors who perform physical work, come onto your property, take custody of your property or data, or provide professional services you depend on. If a mistake, injury or accident tied to that vendor could lead to a claim against your business, you want their insurance to respond first, and a certificate is how you confirm the coverage exists.

The vendors almost every business should require a COI from include general contractors and subcontractors, maintenance and repair services, cleaning crews, delivery and freight carriers, security firms, IT and managed service providers, staffing agencies, event vendors, and any consultant or professional whose advice carries financial weight. The common thread is that each can cause a loss you could be pulled into.

Do all vendors need a certificate of insurance?

No. A vendor who poses no realistic liability to your business does not strictly need to provide a certificate. A company that ships you office supplies, a software vendor you access entirely in the cloud, or a one time low value purchase from a retailer generally will not touch your premises, your property or your customers in a way that creates exposure. Requiring a COI from those vendors adds friction without reducing risk.

The caution is that the exceptions are narrower than they look. A software vendor that stores your customer data does carry a data breach exposure, and a delivery driver who steps onto your loading dock does create an injury exposure. When in doubt, the cost of asking for a certificate is low and the cost of a gap is high, so require it and grant exceptions deliberately rather than skipping the question.

What types of vendors should provide a COI?

It helps to group vendors by the kind of risk they bring, because that also tells you what coverage to require.

Vendor typeMain riskCoverage commonly required
Contractors and subcontractorsBodily injury, property damage on siteGeneral liability, workers compensation, auto, additional insured
Cleaning and maintenanceInjury, damage, theft while on premisesGeneral liability, workers compensation, sometimes a janitorial bond
Delivery and freightAuto accidents, cargo loss, dock injuryCommercial auto, motor truck cargo, general liability
IT and technology providersData breach, system failure, professional errorProfessional liability, cyber liability, general liability
Professional servicesFinancial loss from bad adviceProfessional liability (errors and omissions)
Staffing agenciesWorker injury, acts of placed workersWorkers compensation, general liability, additional insured

Matching the requirement to the risk keeps you from asking a consultant for cargo insurance or letting a contractor on site without workers compensation. Our full list of vendor insurance requirements breaks down typical limits for each.

When should you require a certificate of insurance from a vendor?

Require the certificate before the vendor starts work, not after, and make it part of onboarding rather than an afterthought. The certificate should be collected, read and verified as a condition of approval, so a vendor cannot begin work, come on site or receive a purchase order until their coverage is confirmed. Collecting it afterward defeats the purpose, because the exposure begins the moment work starts.

You should also re run the check at renewal. A certificate expires, and a vendor you cleared in January can be uninsured by July without telling you. Building a certificate requirement into onboarding and tracking every expiration date is how you keep the gap closed. Bundling the COI with the rest of your intake, the contract, the W9 and any licenses, is the pattern in a good vendor onboarding checklist. Once a vendor is approved and you begin paying them, keeping those payment records clean matters too, and if your vendor spend lives in a spreadsheet you can turn that CSV into a QuickBooks file instead of entering it by hand.

What insurance should you require from a vendor?

The baseline for most vendors is commercial general liability, usually at a one to two million dollar per occurrence limit, plus workers compensation for any vendor with employees who come on site. From there you add coverage that matches the specific risk: commercial auto for anyone who drives for the job, professional liability for advice and design, cyber liability for anyone handling your data, and a janitorial or fidelity bond for vendors with access to cash or valuables.

Beyond the coverage types, require the endorsements that make the coverage work for you: additional insured status so the vendor policy protects your business, and a waiver of subrogation so their insurer cannot come after you. A certificate that shows the right limits but omits the additional insured endorsement leaves you a step short, which is why verification checks the endorsements and not just the dollar figures.

Can you hire a vendor without a certificate of insurance?

You can, but you are accepting the vendor risk yourself if you do. Without a certificate, you have no confirmation the vendor carries coverage, and if an injury, accident or loss tied to their work leads to a claim, it can land on your business and your policy. For a low risk vendor that never touches your operations, that may be an acceptable trade. For anyone doing physical work, coming on site or handling your property or data, hiring without a COI is a gamble that a single claim can make very expensive.

The better path than skipping the certificate is making it easy to collect and verify, so requiring one from every meaningful vendor does not slow you down. That is what software solves: certificates read automatically, checked against your rules, and tracked to renewal. Small teams especially benefit, since the same requirement scales without adding staff, which is the idea behind COI tracking for small business.

Putting it into practice

Set one rule: any vendor whose work could become your liability provides a certificate of insurance before they start, matched to the risk they bring, verified rather than filed, and tracked to expiration. Apply it consistently and the question of which vendors need a COI answers itself, because the risk test decides, not whoever happens to handle the setup. To see the checks run automatically, upload a vendor certificate to our vendor insurance compliance software and watch the AI read and verify it in seconds.