· Updated June 3, 2026

What Is a COI Vendor? Requirements, How to Request, and Tracking | COI File

Everything about COI vendors: what a certificate of insurance vendor is, insurance requirements by vendor type, how to request a COI, and how to track vendor compliance.

Every property manager, general contractor, and facilities director deals with vendors who need to provide certificates of insurance — but the process is rarely straightforward. Some vendors send a COI within 24 hours. Others require three follow-up emails, two phone calls, and a strongly worded letter. And even when a COI arrives, you still have to verify it's correct, complete, and actually covers the work being done.

This guide covers everything you need to know about COI vendors: what a COI vendor is, what insurance requirements apply to different vendor types, how to request a COI the right way, and how to track vendor compliance without losing your sanity.

What Is a COI Vendor?

A COI vendor is any third-party service provider — contractor, subcontractor, tradesperson, or supplier — who is required to provide a certificate of insurance (COI) as a condition of working on your property. The term "COI vendor" isn't a legal designation; it's industry shorthand for any vendor subject to insurance verification requirements.

In practice, nearly every vendor who performs physical work on your property is a COI vendor. The certificate of insurance they provide serves as proof that they carry active liability insurance, workers' compensation coverage, and any other required policies — protecting both the vendor and you from financial exposure if something goes wrong.

The relationship is straightforward: the vendor purchases insurance to cover their business operations, their insurance agent issues a certificate of insurance summarizing that coverage, and you — the certificate holder — receive and verify the COI before allowing the vendor to start work. If the vendor's coverage lapses or is insufficient, your organization may be liable for incidents that occur during their work.

Why Vendors Need to Provide COIs

Vendors need to provide certificates of insurance for three fundamental reasons: contractual obligations, legal liability, and your own risk management requirements.

Most vendor contracts and service agreements include insurance requirements as a core term. These clauses typically specify minimum coverage types and limits — $1,000,000 per occurrence for general liability is standard — and require the vendor to name the hiring party (you) as an additional insured. The COI is the document that proves compliance with these contractual terms. Without it, the vendor is in breach of contract before they even start work.

From a liability standpoint, requiring a COI shifts the financial burden of accidents and injuries from your organization to the vendor's insurance carrier. If a vendor's employee is injured on your property, their workers' compensation policy covers it — not your general liability policy. If a vendor damages a tenant's property, their general liability policy pays the claim. The COI confirms this transfer of risk has actually occurred.

For your own risk management, systematically collecting and verifying vendor COIs demonstrates due diligence to your insurance carrier, lenders, and property owners. During an insurance audit or claim investigation, having organized, current COIs on file for every vendor can mean the difference between your carrier covering a loss and denying it due to failure to enforce risk transfer.

Insurance Requirements by Vendor Type

Not all vendors carry the same insurance or need the same coverage. Insurance requirements vary significantly by trade, based on the level of risk the vendor's work presents. Here are standard requirements for common vendor types:

HVAC Technicians

HVAC work involves electrical systems, refrigerants, and often rooftop access — all presenting injury and property damage risks. Minimum requirements: General Liability $1M/$2M, Workers' Compensation statutory limits, and additional insured endorsement. If the HVAC contractor performs installation work (not just maintenance), consider requiring umbrella/excess liability of $2M+ and pollution liability for refrigerant handling.

Landscaping and Grounds Maintenance

Landscapers operate heavy equipment (mowers, trimmers, blowers) that can cause property damage or injury, and often apply chemicals. Minimum requirements: General Liability $1M/$2M, Workers' Compensation statutory limits, and additional insured endorsement. If they apply pesticides or herbicides, require pollution liability coverage. Auto liability of $1M if they operate vehicles on your property.

Cleaning and Janitorial Services

Janitorial staff work after hours, often unsupervised, with access to all areas of your property. Minimum requirements: General Liability $1M/$2M, Workers' Compensation statutory limits (janitorial injuries are among the most common workplace claims), additional insured endorsement, and employee dishonesty/crime coverage if they handle keys or access codes.

Electrical Contractors

Electrical work is high-risk — faulty wiring can cause fires, and live electrical work can cause serious injury or death. Minimum requirements: General Liability $2M/$4M (higher than standard due to fire risk), Workers' Compensation statutory limits, additional insured endorsement, and umbrella/excess liability of $2M+. Require proof of licensing and bonding.

Plumbing Contractors

Plumbing work carries water damage risk — a single failed pipe connection can cause tens of thousands in property damage. Minimum requirements: General Liability $1M/$2M, Workers' Compensation statutory limits, additional insured endorsement, and pollution liability if they handle sewage or hazardous materials. Consider requiring completed operations coverage extending 2+ years after work is finished.

Roofing Contractors

Roofing is one of the highest-risk trades — falls are the leading cause of construction fatalities, and roof leaks can cause extensive interior damage. Minimum requirements: General Liability $2M/$4M, Workers' Compensation statutory limits (roofing has some of the highest workers' comp rates of any trade), additional insured endorsement, and umbrella/excess liability of $5M+. Verify the vendor carries adequate fall protection equipment and safety certifications.

Security Services

Security personnel interact with the public and may use force, creating assault/battery and false arrest exposure. Minimum requirements: General Liability $1M/$2M with assault and battery coverage (not automatically included), Workers' Compensation statutory limits, additional insured endorsement, and professional liability/errors and omissions coverage. Auto liability of $1M if they operate patrol vehicles.

IT and Technology Vendors

IT vendors handle sensitive data and network access rather than physical work, but the liability exposure is significant. Minimum requirements: Professional Liability/Errors and Omissions $1M+, Cyber Liability $1M+ (covering data breach response, notification costs, and regulatory fines), and General Liability $1M/$2M if they work on site. Technology E&O coverage is more important than general liability for most IT vendors.

How to Request a COI from a Vendor

Requesting a COI should be part of your standard vendor onboarding process — not an afterthought. Here's the most effective approach:

Include Insurance Requirements in Your Contract

Your vendor agreement or service contract should include a dedicated insurance requirements section. Don't bury it in the fine print — make it a standalone section the vendor must acknowledge. Specify the exact coverage types and limits required, the additional insured endorsement needed (by form number — e.g., CG 2010 07/04), and the deadline for submission (before any work begins).

COI Request Email Template

Use this template when requesting a COI from a vendor — it covers all the details insurance agents need to issue the correct certificate. Replace the bracketed information with your specifics:

Subject: Certificate of Insurance Required — [Project Name / Property Address]

Hi [Vendor Contact Name],

Before work can begin at [Property Address / Project Name], we need your insurance agent to provide a certificate of insurance meeting the following requirements:

Certificate Holder:
[Your Organization's Legal Name]
[Your Mailing Address]

Required Coverage:

  • General Liability: $1,000,000 per occurrence / $2,000,000 aggregate
  • Automobile Liability: $1,000,000 combined single limit
  • Workers' Compensation: Statutory limits
  • Umbrella/Excess Liability: $2,000,000 (if applicable)

Required Endorsements:

  • Additional Insured — CG 2010 (07/04) naming [Your Organization's Legal Name]
  • Waiver of Subrogation — CG 2404 in favor of [Your Organization's Legal Name]
  • Primary and Non-Contributory language in Description of Operations

Please have your insurance agent email the certificate and endorsements to [Your Email Address] by [Date — typically 5-7 business days before work start date].

Work cannot begin until a compliant COI is received and verified.

Thank you,
[Your Name]
[Your Title]
[Your Phone Number]

What to Ask For Beyond the COI

The ACORD 25 alone is not enough. Always request: the additional insured endorsement (actual form, not just a mention on the COI), the waiver of subrogation endorsement if required by your contract, and the vendor's insurance agent's direct contact information. For high-risk vendors, also request the policy declarations page, which provides more detail than the summary-level COI.

How to Track Vendor COIs

Collecting COIs is step one. Tracking them — monitoring expiration dates, verifying renewals, and maintaining organized records — is the ongoing challenge that breaks most manual systems.

Manual COI Tracking (Spreadsheets)

The spreadsheet approach works like this: you create columns for vendor name, policy type, policy number, coverage limits, effective date, expiration date, and additional insured status. Every time a COI comes in — new vendor or renewal — you manually type all the data into the spreadsheet. You set calendar reminders for expiration dates and send individual emails to vendors whose certificates are expiring.

This works for portfolios of 5-10 vendors. At 20 vendors, you'll spend 2-3 hours per week on COI data entry and follow-ups. At 50 vendors, it's 5-8 hours weekly. At 100+, manual tracking becomes a full-time job that's prone to errors — missed expirations, data entry mistakes, and version control problems when multiple team members edit the same spreadsheet. Studies show 30-40% of COIs in manually tracked portfolios are expired at any given time.

COI Tracking Software

COI tracking software automates the entire vendor COI lifecycle. You upload a certificate (or the vendor uploads it through their portal), AI extracts all the data in under 30 seconds, and the system automatically checks compliance against your requirements. Expiration alerts go out to vendors at configurable intervals — 60, 30, 14, and 7 days before expiry — without you lifting a finger. Your compliance dashboard shows every vendor's status at a glance: green (compliant), yellow (expiring soon), red (expired or non-compliant).

For property managers and general contractors managing 20+ vendors, COI tracking software pays for itself in saved time within the first month. Platforms like COI File start at $29/month with a free tier for up to 5 vendors — see pricing for details.

What Happens When a Vendor's COI Expires

When a vendor's COI expires, the vendor is working on your property without verified insurance coverage. This creates immediate liability exposure. If an incident occurs during the coverage gap — an injury, property damage, or third-party claim — the vendor's insurance won't cover it, and your organization may be held responsible.

Beyond the direct liability risk, an expired COI can trigger consequences up and down the chain: your insurance carrier may deny coverage on claims involving uninsured vendors (many policies include exclusions for such situations), your property owner or lender may cite you for compliance failure during an audit, and your organization's insurance premiums may increase if your carrier determines you've been lax in enforcing vendor insurance requirements.

The practical solution is systematic tracking with automated alerts. Set expiration reminders at multiple intervals — ideally 60, 30, 14, and 7 days before expiry — and configure the system to notify both you and the vendor. If a COI reaches the expiration date without a renewal, the vendor should be immediately suspended from work until a current certificate is provided. Enforce this policy without exception; one exception creates a precedent that's nearly impossible to unwind.

Vendor COI Compliance Checklist

Use this checklist when onboarding any new vendor and when processing annual renewals:

  1. Contract includes insurance requirements. The vendor agreement specifies required coverage types, limits, endorsements, and the deadline for COI submission.
  2. COI received and reviewed. ACORD 25 or equivalent certificate is on file with all fields completed — producer info, insured name, insurers, coverage types, limits, effective/expiration dates, certificate holder, and signature.
  3. Insured name verified. The name on the COI matches the vendor's legal business name and W-9. No mismatches, DBAs without corresponding legal entities, or outdated names.
  4. Certificate holder correct. Your organization's full legal name and correct mailing address appear in the certificate holder section.
  5. Coverage limits meet requirements. Each required coverage type is checked and limits meet or exceed your stated minimums.
  6. Additional insured endorsement received. You have a copy of the actual endorsement (CG 2010, CG 2037, or equivalent) — not just a mention on the COI.
  7. Waiver of subrogation received. If required, you have a copy of the CG 2404 or equivalent endorsement.
  8. Policy dates are current. The effective date is on or before today, and the expiration date is in the future. No gaps between prior and current policies.
  9. Insurer rating verified. Each insurance company listed is rated A- or better by A.M. Best.
  10. Signature present. The COI is signed and dated by the producer or their authorized representative.
  11. COI tracked in system. All data is entered into your COI tracking system with automated expiration alerts configured.
  12. Expiration date acknowledged. Your system will alert you and the vendor before expiry. The vendor knows they must provide a renewal 30+ days before expiration.

Frequently Asked Questions

Yes — any vendor performing work on your property should provide a valid certificate of insurance before starting work. This includes HVAC technicians, plumbers, electricians, landscapers, janitorial crews, roofers, elevator maintenance, fire suppression contractors, security services, and any other third-party service provider. The only exceptions are very minor, one-time services where the vendor is on site for under an hour and performs no work that could cause property damage or injury — but even then, requiring a COI is the safer practice.
If a vendor refuses or is unable to provide a certificate of insurance, do not let them start work. A vendor without insurance is an unacceptable liability. If they're a critical vendor with no alternative, require them to obtain at minimum a general liability policy before starting work — many insurers offer short-term or per-project policies. If they still refuse, find a replacement vendor who carries proper insurance. The risk of an uninsured vendor causing damage or injury on your property far outweighs the inconvenience of switching vendors.
Fraudulent COIs are more common than you might think. Red flags include: a producer who isn't a licensed insurance agent (verify their license number with your state's insurance department), an insurer with a low or unrated A.M. Best rating, policy numbers that don't follow standard formats, conflicting dates (effective date after today's date, expiration years in the past), the certificate holder name is different from what you provided, or the vendor is evasive when you ask to speak with their agent. When in doubt, call the insurance agent listed on the COI to verify coverage directly. AI-powered COI tracking software can also detect common fraud patterns automatically.
Functionally, a vendor COI and a subcontractor COI are the same document — both are certificates of insurance proving the party carries active coverage. The distinction is contractual: a vendor is hired directly by the property manager or owner, while a subcontractor is hired by a general contractor. In both cases, you should receive and verify the COI before work begins. For subcontractors, the general contractor is typically responsible for collecting and verifying COIs, but as the property manager, you should have access to verify compliance across all tiers.

Sources & References

  • International Risk Management Institute (IRMI) — Expert guidance on vendor insurance requirements, contractual risk transfer, and COI verification. irmi.com
  • Institute of Real Estate Management (IREM) — Industry standards for vendor management in commercial and multifamily property management. irem.org
  • Occupational Safety and Health Administration (OSHA) — Safety requirements by trade affecting insurance requirements for high-risk vendors. osha.gov
F

Firdaosh Bano

COI Compliance Specialist

Firdaosh Bano is a COI compliance specialist and the founder of COI File. She spent 6 years managing vendor compliance for commercial properties - tracking 2,000+ COIs across 150+ properties in spreadsheets before building the tool she wished she'd had. She writes about certificate of insurance compliance, vendor risk management, and making insurance tracking less painful for small teams.

Ready to simplify your COI tracking?

Join property managers and contractors who are ditching spreadsheets for good.

Start Free →