How to Verify Vendor Insurance: A Step-by-Step Checklist

Accepting a certificate of insurance from a vendor is not the same as verifying their insurance. A COI can be outdated, contain errors, represent inadequate coverage, or in rare cases, be fraudulent. Proper verification means checking every relevant field against your requirements, confirming key endorsements, and documenting the results.

This guide provides a step-by-step checklist for the complete vendor insurance verification process -- from initial request through ongoing monitoring.

Why Verification Matters

Verification gaps are where liability exposure lives. The most common gaps in property management vendor programs are:

• Accepting a COI without checking that limits meet contract requirements
• Missing additional insured endorsements (checkbox on COI, no actual endorsement)
• No waiver of subrogation on workers' compensation
• Coverage that lapsed between the date the COI was issued and when work was performed
• Named insured on the COI does not match the legal entity performing the work

Each of these gaps is invisible until a claim occurs. At that point, your organization is exposed for losses that you believed were covered by the vendor's insurance. The verification checklist below closes each of these gaps.

---

Pre-Verification: Set Your Requirements

Before you can verify compliance, you need defined requirements. If you have not already documented your vendor insurance requirements by risk tier, do that first. For a framework, see COI Tracking for Property Managers.

At minimum, your requirements should specify:

• Required coverage types by vendor category
• Minimum limits for each coverage type
• Required endorsements (additional insured forms, waiver of subrogation)
• The exact legal names of entities to be named as additional insured and certificate holder

---

Step 1: Request the COI (and Set Expectations Upfront)

Who: Your compliance team or the project/property manager responsible for the vendor relationship.

What to do:

• Send a written COI request that specifies your exact requirements: coverage types, minimum limits, endorsement forms (CG 20 10, CG 20 37), and the legal names of entities to be listed.
• Specify a deadline -- typically the later of 5 business days from the request or the date before work begins, whichever comes first.
• Request that the certificate be sent by the vendor's insurance broker, not by the vendor directly. Broker-issued certificates are harder to fraudulently modify.
• State that no site access will be authorized until a compliant COI is received and verified.

What to watch for:

• Vendor who claims they will "get it to you when they can." Set a firm deadline and hold it.
• Vendor who submits a COI themselves rather than having the broker send it. This is not necessarily a problem, but it warrants additional scrutiny on the document.

---

Step 2: Confirm the Named Insured

Who: Whoever reviews incoming COIs.

Checklist:

• [ ] Named insured on the COI matches the exact legal entity name in your vendor contract
• [ ] Entity type suffix is correct (LLC vs. Inc. vs. Corp. vs. no suffix)
• [ ] If the vendor operates under a DBA (doing business as), confirm the underlying legal entity -- the DBA alone is not sufficient

If there is a mismatch: Contact the vendor and their broker immediately. Request a corrected certificate that reflects the vendor's actual legal entity name as it appears in your contract. Do not approve site access based on a certificate with a mismatched entity name.

---

Step 3: Verify Coverage Types Are Present

Checklist -- for standard property maintenance vendors:

• [ ] Commercial General Liability (CGL) is present
• [ ] Workers' Compensation is present (or documented exemption for sole proprietors)
• [ ] Commercial Auto is present if the vendor operates vehicles

Additional for Tier 1 (high-risk) vendors:

• [ ] Umbrella/Excess Liability is present
• [ ] Employer's Liability is present alongside Workers' Compensation

If a required coverage type is missing: Issue a deficiency notice specifying the missing coverage. Do not approve site access. Allow the vendor to submit a corrected certificate but do not accelerate any work until compliance is confirmed.

---

Step 4: Check Policy Dates

Checklist:

• [ ] Policy effective date is in the past (coverage has started)
• [ ] Policy expiration date is in the future
• [ ] Coverage period spans the full period during which the vendor will perform work
• [ ] Certificate issue date is recent -- a certificate issued more than 60 days ago may not reflect current policy status

Notes:

• For workers' compensation, confirm the policy period covers the dates of scheduled work.
• If a vendor is performing work that spans a policy renewal period, obtain an updated certificate before the renewal date. Do not wait until the expiration date passes.

---

Step 5: Verify Coverage Limits

Checklist: Compare each limit on the COI against your documented requirements for this vendor's tier.

• [ ] General Liability -- Each Occurrence: ______ (required: ______)
• [ ] General Liability -- General Aggregate: ______ (required: ______)
• [ ] General Liability -- Products-Completed Operations Aggregate: ______ (required: ______)
• [ ] Commercial Auto -- Combined Single Limit: ______ (required: ______)
• [ ] Umbrella/Excess -- Each Occurrence: ______ (required: ______)
• [ ] Employer's Liability: ______ (required: ______)

If any limit is below your requirement: Issue a specific deficiency notice (e.g., "Your general liability per occurrence limit is $500,000; our requirement is $1,000,000"). Do not accept a COI that does not meet your limits. A vendor whose insurer cannot write adequate limits is a vendor who represents unacceptable risk.

---

Step 6: Verify Additional Insured Status

Step 6a -- COI Checkbox:

• [ ] Additional insured checkbox is marked on the Commercial General Liability line
• [ ] Description of operations identifies your organization by name and references the endorsement (CG 20 10, CG 20 37, or both)

Step 6b -- Endorsement Verification (for Tier 1 and Tier 2 vendors):

• [ ] Request the actual endorsement page from the vendor's broker
• [ ] Endorsement form number matches what was represented on the COI (CG 20 10 and/or CG 20 37)
• [ ] Named additional insured on the endorsement exactly matches your organization's legal entity name
• [ ] Endorsement is attached to the correct policy number
• [ ] No limiting language that restricts coverage to a specific location (if vendor works across multiple properties)

If additional insured status cannot be confirmed: Do not approve site access. This is one of the most important protections in your vendor compliance program. A vendor who cannot provide additional insured status is a vendor who will cost you significantly more if a claim arises.

For a full explanation of endorsement forms, see What Is an Additional Insured Endorsement?

---

Step 7: Verify Waiver of Subrogation

Checklist:

• [ ] Waiver of subrogation checkbox is marked on the Workers' Compensation line
• [ ] Description of operations or endorsement page confirms waiver applies to your organization
• [ ] For Tier 1 vendors: verify waiver is also present on the General Liability line

If waiver of subrogation is absent: Issue a deficiency notice. For vendors with employees working on your properties, this is a non-negotiable requirement. Without it, you remain exposed to subrogation claims from the worker's insurer.

For a full explanation of how subrogation waivers work, see What Is a Waiver of Subrogation?

---

Step 8: Confirm Your Entity Is the Certificate Holder

Checklist:

• [ ] Your organization's correct legal name appears in the certificate holder box
• [ ] Your organization's correct mailing address is listed
• [ ] The certificate holder entity matches the entity you specified in your requirements

If the certificate holder is wrong: The certificate was likely issued for a different relationship or reused from another job. Request a new certificate issued specifically to your organization.

---

Step 9: Read the Description of Operations Carefully

Checklist:

• [ ] No language limiting coverage to a specific project that excludes your work
• [ ] No language creating exceptions or carve-outs that reduce coverage
• [ ] Additional insured and waiver of subrogation language is consistent with the checkboxes
• [ ] No qualifiers like "per written contract only" without confirming your contract is the referenced agreement

Red flag language to watch for:

• "Coverage limited to [specific address]" when vendor works at multiple locations
• "Coverage applies only for [date range]" shorter than your work period
• "This certificate does not amend, extend, or alter coverage" -- this standard language is fine; but watch for language that follows it that does restrict coverage

---

Step 10: Confirm Policy Is Active (When in Doubt)

For high-value contracts, unfamiliar vendors, or when you have any reason to doubt a certificate's accuracy:

Checklist:

• [ ] Call the insurance carrier listed on the COI at the number from the carrier's public website (not from the certificate)
• [ ] Ask the carrier to confirm the policy number is active and the policy details match the COI
• [ ] Ask whether your organization is listed as additional insured
• [ ] Document the confirmation: date, time, carrier representative name, policy details confirmed

This step adds a few minutes per vendor but eliminates the risk of acting on a fraudulent or outdated certificate for your most important vendor relationships.

---

Step 11: Record and File the Verified COI

Checklist:

• [ ] Document the verification outcome in your compliance system (compliant or deficient)
• [ ] Note any deficiencies and the date they were issued
• [ ] File the verified COI with the vendor's complete compliance record
• [ ] Set an expiration alert at 90, 60, and 30 days before the earliest policy expiration date
• [ ] Note the date the next renewal certificate is required

A COI that is properly verified but not recorded and tracked provides only temporary value. The monitoring workflow is what maintains continuous compliance.

---

Ongoing Monitoring: The Step Most Programs Miss

Verification at onboarding protects you on the day you collect the certificate. Ongoing monitoring protects you every day thereafter.

Minimum monitoring requirements:

• Automated expiration alerts at 90, 60, and 30 days before each policy expiration
• Suspension workflow for vendors who do not provide updated certificates before expiration
• Annual audit of all vendor files to confirm documentation is current and complete
• Immediate re-verification when a vendor reports a change in their insurance

For details on building a complete monitoring workflow, see COI Tracking for Property Managers.

---

Quick Reference: Full Verification Checklist

1. [ ] COI request sent with specific requirements
2. [ ] Named insured matches legal entity in contract
3. [ ] All required coverage types are present
4. [ ] Policy dates cover the work period
5. [ ] All limits meet or exceed requirements
6. [ ] Additional insured checkbox marked (CGL)
7. [ ] Additional insured endorsement page received (Tier 1/2)
8. [ ] Waiver of subrogation checkbox marked (WC)
9. [ ] Certificate holder is your correct legal entity
10. [ ] Description of operations reviewed for limiting language
11. [ ] Policy confirmed active with carrier (if warranted)
12. [ ] Verified COI filed with expiration alerts set

---

Frequently Asked Questions

How long does vendor insurance verification take manually?

A thorough manual review of a single COI takes 10 to 20 minutes for an experienced reviewer. For a portfolio with 200 vendors and annual renewals, that is 33 to 67 hours per year in direct verification time -- before accounting for deficiency follow-up, endorsement requests, and documentation management. Automated COI processing reduces per-certificate review time to under 60 seconds for straightforward certificates.

What should I do when I receive a certificate that is over 30 days old?

Request an updated certificate. An older certificate reflects the state of the policy as of its issue date. Policies can change between the issue date and today. For any vendor performing current work, a fresh certificate is worthwhile.

How do I verify a vendor's workers' compensation if they claim to be a sole proprietor?

Request written documentation of the vendor's workers' compensation status. In most states, sole proprietors can legally self-exclude from workers' compensation. Confirm whether the vendor has any employees or subcontractors -- if they do, those individuals require coverage. If the vendor is truly a solo operator with no workers, a workers' compensation exclusion endorsement from their state is acceptable documentation.

Can a vendor reuse a certificate from another job?

Technically, a COI can be issued for one client and presented to another. The coverage on the underlying policy does not change based on who receives the certificate. However, the certificate holder should be your organization. A certificate issued to a different certificate holder should be replaced with one correctly naming your organization.

What are the signs that a certificate of insurance might be fraudulent?

Warning signs include: the certificate was sent directly by the vendor rather than their broker; the document appears modified (misaligned text, inconsistent fonts, suspicious white space); the policy number cannot be verified with the listed carrier; the carrier name is unfamiliar and not in your state's licensed insurer database; the broker does not have a verifiable web presence or license. When in doubt, call the carrier to confirm.

---

COIPulse automates steps 2 through 12 of this checklist -- extracting every field, comparing against your requirements, flagging deficiencies, and setting expiration alerts automatically. For property management companies handling dozens to hundreds of vendor relationships, this transforms a 15-minute-per-certificate process into a seconds-per-certificate process. Start a free trial or run your COI through our grader to see how your current vendor documentation holds up.