Skip to main content
NEWF
Insurance

Certificate of Insurance Tracking Checklist: Eliminate Coverage Gaps Before They Become Claims

Unverified COIs expose your organization to subcontractor and vendor liability. This checklist covers COI verification workflows, renewal tracking, coverage gap detection, and the documentation underwriters expect to see.

Profile picture of Newf Technology, Inc.

Newf Technology, Inc.

12 min read

Certificate of Insurance Tracking Checklist: Eliminate Coverage Gaps Before They Become Claims

A Certificate of Insurance proves that a vendor, subcontractor, or business partner carries the insurance coverage your contract requires. It doesn't prove that the coverage will be in place tomorrow.

COIs are snapshots in time. They confirm coverage as of the issuance date—but policies can be canceled, non-renewed, or materially changed after the certificate is issued. If you accept a COI at the start of a contract and never verify again, you have no idea whether that vendor still carries adequate coverage six months later.

When a claim occurs and the vendor's coverage has lapsed, the liability falls to you. Your contract may say the vendor is responsible, but a contract with an uninsured vendor is worth exactly what you can collect from that vendor—which, for many subcontractors and smaller vendors, is nothing.

This checklist provides a structured approach to COI management that closes coverage gaps before they become financial exposure.

Part 1: COI Verification at Onboarding

Before any vendor, subcontractor, or business partner begins work, verify these items on their Certificate of Insurance:

Basic Certificate Verification

  • Certificate holder: Verify that your organization is listed as the certificate holder with the correct legal entity name
  • Named insured: Confirm the named insured matches the legal entity you have a contract with (not a parent company, subsidiary, or DBA)
  • Certificate date: Verify the certificate is current (not expired)
  • Insurance carrier(s): Confirm the carriers are admitted in your state and have an AM Best rating of A- VII or better
  • Policy numbers: Record all policy numbers for tracking
  • Policy effective and expiration dates: Note when each policy expires for renewal tracking

Coverage Verification

Verify that the COI confirms coverage that meets your contractual requirements:

General Liability:

  • Occurrence form (not claims-made, unless specifically accepted)
  • Per occurrence limit meets your minimum (common: $1,000,000)
  • General aggregate limit meets your minimum (common: $2,000,000)
  • Products/completed operations aggregate meets your minimum
  • Personal and advertising injury coverage is included
  • Your organization is listed as an additional insured (AI) on the general liability policy

Workers' Compensation:

  • Coverage is confirmed for the state(s) where work will be performed
  • Statutory limits are shown (Part A)
  • Employer's liability limits meet your minimum (common: $1,000,000 each accident)
  • If the vendor operates in a monopolistic state fund state, verify state fund coverage separately

Auto Liability (if vendor operates vehicles on your behalf):

  • Combined single limit meets your minimum (common: $1,000,000)
  • Coverage includes hired and non-owned autos (if applicable)
  • Your organization is listed as additional insured (if required by contract)

Umbrella/Excess Liability:

  • Follow-form over general liability, auto, and employer's liability
  • Per occurrence and aggregate limits meet your minimum
  • Your organization is listed as additional insured

Professional Liability/E&O (for professional service vendors):

  • Per claim and aggregate limits meet your minimum
  • Retroactive date predates the start of your contract
  • Extended reporting period (tail) provisions are understood

Cyber Liability (for vendors handling sensitive data):

  • Per claim and aggregate limits meet your minimum
  • Coverage includes data breach response, regulatory defense, and third-party liability
  • Technology errors and omissions are included if applicable

Additional Insured Verification

Being listed as an "additional insured" on a vendor's policy is critical—it gives you direct rights under their policy if a claim arises from their work.

  • Verify additional insured status is noted on the COI
  • Request a copy of the additional insured endorsement (the COI alone doesn't create additional insured status—the actual endorsement does)
  • Confirm the endorsement is the correct form (ISO CG 20 10 or CG 20 37, or equivalent)
  • Verify the endorsement covers ongoing and completed operations (not just ongoing)

Waiver of Subrogation

  • Verify waiver of subrogation is noted on the COI for applicable policies
  • Confirm the waiver of subrogation endorsement is attached to the policy (not just noted on the COI)
  • Verify the waiver applies to your specific organization

Part 2: COI Documentation and Storage

Required Documentation Per Vendor

For each vendor or subcontractor, maintain a file containing:

  • Current Certificate of Insurance
  • Copies of additional insured endorsements
  • Copies of waiver of subrogation endorsements
  • Contract or master service agreement with insurance requirements
  • Record of any coverage deficiencies noted and vendor's response
  • Historical COIs (retain for at least 3 years after contract termination)

COI Registry

Maintain a centralized registry tracking:

  • Vendor name and contact information
  • Contract effective date and term
  • Insurance requirements per contract
  • Current COI on file (yes/no)
  • COI expiration date for each policy
  • Additional insured endorsement on file (yes/no)
  • Waiver of subrogation endorsement on file (yes/no)
  • Date of last verification
  • Notes on any coverage gaps or exceptions

Part 3: Ongoing Monitoring and Renewal

Renewal Tracking Workflow

COIs expire. Coverage lapses. Vendors change carriers. Without a systematic renewal process, gaps develop.

60 Days Before Expiration:

  • Generate renewal alert from your tracking system
  • Identify all vendors with COIs expiring in the next 60 days
  • Send renewal request to each vendor's insurance contact

30 Days Before Expiration:

  • Follow up with vendors who have not provided updated COIs
  • Escalate to vendor's primary contact (project manager, account manager)
  • Notify your project or operations managers about potential coverage gaps

At Expiration:

  • If updated COI has not been received, issue a formal notice of non-compliance
  • Determine whether work should be suspended until coverage is confirmed
  • Document the gap for your records (date coverage expired, date renewed COI was received)

After Renewal:

  • Verify updated COI against the same criteria as initial onboarding (limits, endorsements, carrier rating)
  • Update your registry with new policy numbers and expiration dates
  • File the updated COI with the vendor record

Mid-Term Monitoring

Between renewal dates, monitor for these events that can affect coverage:

  • Vendor mergers or acquisitions: New entity may not be covered under existing policy
  • Policy cancellation notices: If you are listed as an additional insured, you may receive cancellation notices from the carrier—review them immediately
  • Scope changes: If the vendor's scope of work changes, verify that their existing coverage still applies
  • Claims events: If a claim occurs involving a vendor, verify their coverage is active and applicable before assuming it will respond
  • Carrier downgrades: Monitor AM Best ratings for carriers insuring high-risk vendors

Part 4: Coverage Gap Analysis

Common Coverage Gaps

These are the most frequently identified gaps in COI management programs:

Gap 1: Additional Insured Endorsement Missing or Deficient

  • COI notes additional insured status, but no endorsement is actually attached to the policy
  • Endorsement only covers ongoing operations (not completed operations)
  • Endorsement has restrictive language limiting coverage to specific project or location

Gap 2: Workers' Compensation Coverage Lapse

  • Vendor operating in a state not covered by their policy
  • Policy expired and was not renewed
  • Vendor switched from insured to non-subscriber status without notification

Gap 3: Auto Liability Insufficient

  • Vendor operates vehicles on your project but auto coverage is not verified
  • Hired and non-owned auto coverage not included (relevant when vendor employees use personal vehicles for work)
  • Limits inadequate for the exposure (single occurrence could exceed limits)

Gap 4: Professional Liability Not Required When It Should Be

  • Technology vendors, consultants, architects, engineers, and other professional service providers handling work where errors could cause financial harm
  • Claims-made policies with retroactive dates after the start of the engagement
  • No extended reporting (tail) coverage required after contract termination

Gap 5: Cyber Liability Not Addressed

  • Vendors with access to your IT systems, customer data, or other sensitive information
  • Cloud service providers without cyber coverage
  • Data processing vendors handling PII, PHI, or financial data

Gap Remediation Process

When a coverage gap is identified:

  1. Document the gap (what's missing, what's required by contract)
  2. Notify the vendor in writing of the deficiency
  3. Set a deadline for remediation (typically 10-15 business days)
  4. If the gap is critical (no workers' comp, no GL), suspend work until remediated
  5. If the vendor cannot or will not remediate, escalate to management for risk acceptance decision
  6. Document the resolution (coverage obtained, risk accepted, vendor terminated)

Part 5: Industry-Specific Requirements

Construction

Construction COI management is the most complex due to multi-tier subcontracting:

  • Verify COIs for all tiers of subcontractors (not just your direct subcontractors)
  • Require completed operations coverage for at least 3 years after project completion
  • Verify Builder's Risk or Installation Floater coverage for subcontractors installing permanent materials
  • Require Contractor's Pollution Liability for environmental risk subcontractors
  • Verify OCIP/CCIP (Owner/Contractor Controlled Insurance Program) enrollment if applicable

Healthcare

  • Verify professional liability (malpractice) coverage for clinical service providers
  • Confirm HIPAA compliance evidence alongside COI for vendors handling PHI
  • Require cyber liability for EHR vendors, cloud providers, and data processors
  • Verify medical device liability for equipment suppliers

Transportation and Logistics

  • Verify Motor Carrier Authority and operating permits alongside COI
  • Confirm auto liability limits meet FMCSA minimums ($750,000 to $5,000,000 depending on cargo)
  • Verify cargo insurance with limits appropriate for the goods being transported
  • Confirm trailer interchange coverage if applicable

Part 6: Audit Readiness

What Underwriters and Auditors Expect

Your insurance carriers, risk managers, and auditors will evaluate your COI program. Be ready to demonstrate:

  • Completeness: COIs on file for every vendor and subcontractor
  • Currency: All COIs are current (no expired certificates)
  • Adequacy: Coverage limits and types meet contractual requirements
  • Additional insured documentation: Endorsements (not just COI notations) on file
  • Tracking process: A documented system for monitoring renewals and managing gaps
  • Gap resolution: Records showing how coverage gaps were identified and resolved

Annual COI Program Audit Checklist

Conduct this audit annually:

  • Review COI registry for completeness against current vendor list
  • Identify any vendors performing work without a COI on file
  • Verify that all COIs reflect current coverage (not expired)
  • Confirm additional insured endorsements are on file for all required vendors
  • Review insurance requirements in contracts to ensure they're still appropriate for the work being performed
  • Assess carrier financial strength ratings for all vendor carriers
  • Document the audit results and corrective actions taken

How AlignSure Automates COI Management

AlignSure provides automated COI tracking within your Microsoft 365 environment:

  • Centralized COI registry: All vendor certificates, endorsements, and contract requirements in one searchable system
  • Automated renewal alerts: 90, 60, and 30-day notifications before COI expiration
  • Coverage gap detection: Automated comparison of actual coverage against contractual requirements
  • Vendor self-service portal: Vendors upload renewed COIs directly, reducing administrative burden
  • Compliance dashboards: Real-time visibility into COI status across all vendors and projects
  • Audit-ready reporting: Generate compliance reports on demand for underwriters, auditors, and management
  • Additional insured tracking: Separate tracking for endorsements with alert if endorsement is missing despite COI notation

The system eliminates the spreadsheet chaos of manual COI tracking and produces the systematic vendor oversight that underwriters reward with better terms.

Next Steps

  1. Inventory your current vendors: Create a complete list of every vendor, subcontractor, and service provider
  2. Verify current COIs: Check that you have a current, compliant COI for every active vendor
  3. Identify gaps: Compare actual coverage to your contractual requirements
  4. Establish a renewal process: Set up automated tracking and reminders for COI expirations
  5. Document your program: Write a COI management procedure that defines responsibilities, timelines, and escalation paths

Schedule a COI program assessment to identify coverage gaps and implement systematic tracking.

Tags

certificate of insuranceCOI trackingvendor complianceinsurance verificationrisk managementsubcontractor management

Get Compliance Insights That Actually Matter

Strategic frameworks for HIPAA, insurance compliance, and AI governance. Delivered weekly, written by practitioners who understand what auditors actually ask for.

Unsubscribe anytime. We respect your inbox.

Related Articles

Workers Compensation

Experience Modification Rate Improvement Playbook: Lower Your Workers' Comp Premiums

Your experience modification rate determines 40-60% of your workers' comp premium. This playbook covers EMR calculation, the specific levers that move it, and a 36-month improvement plan backed by data.

Profile picture of Newf Technology, Inc.
Newf Technology, Inc.11 min read
experience modification rateworkers compensationEMR reduction
Compliance

How to Calculate Compliance ROI (And Actually Convince Your CFO)

Compliance doesn't generate revenue. But it prevents catastrophic losses, reduces operational waste, and unlocks business opportunities. Here's how to quantify it.

Profile picture of Newf Technology, Inc.
Newf Technology, Inc.17 min read
compliance ROIcompliance business casecompliance software ROI
Compliance

Certificate of Insurance Requirements by Industry: What You Actually Need

COI requirements aren't one-size-fits-all. Healthcare, construction, tech, and property management face different coverage mandates—here's what your industry actually requires.

Profile picture of Newf Technology, Inc.
Newf Technology, Inc.19 min read
certificate of insuranceCOI requirementsvendor insurance

Ready to Transform Your Compliance Operations?

Talk to a Newf advisor about implementing evidence-ready compliance systems in your organization.

Schedule a Consultation