TrackMyVendor
Login Sign up free
COI Review
Free Checklist
8 min read · Updated March 2026

COI Audit Checklist: 8 Things to Check Before Approving Any Certificate of Insurance

A certificate of insurance is a one-page summary — and it can look perfectly fine while hiding a problem that leaves you holding the liability. Insurers issue COIs quickly, agents sometimes issue them with outdated information, and subs occasionally submit certificates from a prior project without updating the holder or limits. Before you approve a COI and allow a sub or vendor on-site, work through these eight checks.

Important: A certificate of insurance is not a policy. It is a summary issued by the agent — not the carrier — and is not legally binding on the insurer. An ACORD 25 certificate can show active coverage while the actual policy has been canceled. The eight checks below are the difference between a COI that actually protects you and one that just looks like it does.

In this checklist

  1. Verify the named insured matches your contract
  2. Confirm you are listed as certificate holder and additional insured
  3. Check that all required coverage types are present
  4. Confirm coverage limits meet your project minimums
  5. Check policy expiration dates against your project timeline
  6. Identify whether the policy is occurrence or claims-made
  7. Verify waiver of subrogation is endorsed
  8. Confirm the cancellation notice provision
Common COI red flags · Automate this checklist · FAQ
1

Verify the named insured matches your contract

ACORD 25 location: "Insured" block, top-left

Confirm the legal business name and address match exactly what appears in your subcontract or vendor agreement.

A common mistake: the sub operates under a DBA, but the policy is issued to the LLC. If a claim is made, coverage applies to the policyholder — not the name on your contract. If the names do not match precisely, require a corrected certificate before proceeding. A single missing word like "LLC" can create an argument about whether coverage applies at all.

What to confirm

  • Legal entity name matches the contract exactly.
  • Address matches the business address in your contract..
2

Confirm you are listed as certificate holder and additional insured

ACORD 25 location: Certificate holder box (lower-right) + Description of Operations or endorsement pages

Confirm your company name and address appear in the certificate holder box. Then verify you are listed as an additional insured in the Description of Operations or on attached endorsement pages.

Being a certificate holder simply means you receive notification of changes — it gives you no coverage rights. Being listed as an additional insured means you can make a claim directly if the sub's work causes a loss. Without additional insured status, you are relying on your own policy to cover something your sub caused. Require primary and non-contributory status in your subcontract so the sub's policy responds before yours does.

What to confirm

  • Your company name and address appear in the certificate holder box.
  • Additional insured language appears in Description of Operations or on an attached endorsement.
  • "Primary and non-contributory" language is present..
3

Check that all required coverage types are present

ACORD 25 location: Coverage summary boxes in the body of the form

Confirm every coverage type your contract requires is listed with a policy number and active dates.

Standard construction requirements typically include Commercial General Liability, Workers' Compensation / Employer's Liability, Commercial Auto, and Umbrella/Excess Liability. Some scopes require additional lines: Professional Liability for design-build subs, Pollution Liability for environmental work. If a required coverage type does not appear on the certificate, treat it as a missing policy — not an omission. Require documentation before proceeding.

What to confirm

  • General Liability present.
  • Workers' Compensation / Employer's Liability present.
  • Commercial Auto present (if vehicles used).
  • Umbrella/Excess Liability present.
  • Any contract-required specialty coverage present..
4

Confirm coverage limits meet your project minimums

ACORD 25 location: Per-occurrence and aggregate amounts under each coverage type

Compare each figure against the minimum limits specified in your subcontract or your prime contract's flow-down requirements.

This is where most mistakes happen at scale. A sub may carry General Liability, but if the project requires $2,000,000 per occurrence and the COI shows $1,000,000, they are out of compliance regardless of how current the policy is. Write your project minimums into your subcontract before requesting COIs. Also check the aggregate: a sub who has had a prior claim during the same policy period may have a depleted aggregate even if the per-occurrence limit looks correct.

What to confirm

  • Per-occurrence limit meets contract minimum.
  • Aggregate limit meets contract minimum.
  • Umbrella/Excess limit fills any gap between primary limits and contract requirements..
5

Check policy expiration dates against your project timeline

ACORD 25 location: Effective and expiration dates for each coverage line

Confirm every required policy is active today and will remain active through the end of your project. Note that different coverage lines often renew at different times.

Annual policies are the standard, which means a COI collected at the start of a multi-month project will expire before the work is complete. Note the expiration date of each coverage line and build in a process to request a renewed certificate 30 days before each policy lapses. Also verify the effective date — a certificate issued today for a policy that starts next week means the sub has no current coverage.

What to confirm

  • All policies are currently active (effective date is in the past).
  • All policies expire after the project completion date — or a renewal process is in place.
  • Effective dates and expiration dates are noted for follow-up..
6

Identify whether the policy is occurrence or claims-made

ACORD 25 location: Policy type checkboxes next to General Liability (and Professional Liability, if applicable)

Require occurrence-form General Liability. If a sub carries claims-made, require evidence of continuous coverage or a tail period of at least three years past project completion.

An occurrence policy covers incidents that happen during the policy period, regardless of when the claim is filed. A claims-made policy only covers claims filed while the policy is active — if the policy lapses after a project ends and a claim comes in six months later, there may be no coverage unless the sub purchased tail coverage (extended reporting period). For most subcontracted work, require occurrence-form General Liability. If a sub carries claims-made, require a tail that extends at least three years past project completion.

What to confirm

  • General Liability is occurrence-form.
  • If claims-made, tail coverage or continuous coverage documentation is on file..
7

Verify waiver of subrogation is endorsed

ACORD 25 location: Description of Operations box, or separate endorsement pages

Look for language indicating a waiver of subrogation in your favor. A note in the Description of Operations box alone is not sufficient — verify the endorsement form number.

Subrogation is an insurer's right to pursue a third party that caused a loss. Without a waiver of subrogation, if your sub's insurer pays a claim caused partly by your actions, they can turn around and sue you to recover what they paid. A waiver of subrogation endorsement prevents the sub's insurer from pursuing you. If the Description of Operations box is empty or only references additional insured status, ask for the endorsement form number confirming the waiver.

What to confirm

  • Waiver of subrogation language appears in Description of Operations or on an attached endorsement.
  • Endorsement form number is available if requested..
8

Confirm the cancellation notice provision

ACORD 25 location: Cancellation clause at the bottom of the form

If your contract requires 30-day written notice of cancellation, verify this is endorsed on the policy — not just stated in your subcontract.

The standard ACORD 25 language provides for "endeavor to" notify certificate holders of cancellation — which is not a binding obligation. Without a binding cancellation notice endorsement, a sub's policy can be canceled and you may not find out until after a loss. Check whether your subcontract specifies a required notice period and whether the certificate or endorsement actually reflects it.

What to confirm

  • Required cancellation notice period is endorsed on the policy (not just stated in the contract).
  • Certificate holder address is current so notifications reach the right person..

Common COI Red Flags

Stop and request clarification before approving if you see any of the following:

Certificate date is more than 90 days old

Agents can re-issue certificates at any time. An old certificate date does not mean coverage has lapsed, but it raises the question of whether the certificate reflects the current policy state. Request a current certificate.

Description of Operations box is blank

On projects where you have negotiated specific endorsements — additional insured status, waiver of subrogation, primary and non-contributory — those provisions should appear here or on attached endorsement pages. A blank box may mean those endorsements were never added to the policy.

The insured's address is a PO Box or does not match your contract

This can indicate the policy was issued to a different entity than the one you contracted with. Require a corrected certificate showing the business address that matches your subcontract.

Coverage limits are significantly below standard for commercial work

A General Liability limit of $300,000 per occurrence is well below what most commercial projects require and suggests the sub purchased a minimum-cost personal policy. Verify the policy type matches the work scope.

Workers' Compensation shows "Not Applicable" or is listed as waived

In states where WC is optional (Texas) or exempt thresholds apply, subs can legally opt out. But if a worker is injured without WC coverage, the liability exposure falls on you. Require WC contractually regardless of state law, and if a sub claims exemption, require documentation of their exempt status.

Stop reviewing COIs field by field

If you are reading through ACORD 25 forms manually for every sub on every project, this checklist will help you catch more — but you will still be doing the work line by line.

TrackMyVendor's COI Intelligence feature does this automatically. Upload a COI PDF and the AI extracts the named insured, certificate holder, coverage types, per-occurrence and aggregate limits, effective and expiration dates, and the Description of Operations text. Every field in this checklist is pulled into structured data in seconds — and coverage amounts are automatically compared against the minimums you set for your organization or project.

Expiration dates drive automatic reminders at 90, 60, 30, and 7 days before each policy lapses. For GCs managing 10 or more active subs, or property managers handling multiple properties, the manual review process described in this checklist takes 10–20 minutes per COI. At 30 subs, that is hours of work that should not require human attention.

Start free — upload your first COI and see it parsed in seconds

No credit card required. First 25 vendors free.

Frequently Asked Questions

Does a certificate of insurance guarantee I am covered if something goes wrong?
No. A COI is a summary document issued by an insurance agent. It is not the policy itself and is not legally binding on the carrier. It is evidence that a policy existed at the time of issuance — not a guarantee that the policy is currently active or that a claim will be covered. The only guarantee of coverage comes from the policy and its endorsements. For high-stakes projects, ask to see the actual declarations page and any additional insured endorsements directly.
What is the difference between a certificate holder and an additional insured?
A certificate holder is listed on the COI to receive notifications of policy changes or cancellations — it gives you no coverage rights. An additional insured is added to the actual policy by endorsement, which gives you the right to make a claim directly if the sub's work causes a loss. Your COI can show your name in the holder box without you having any additional insured protection.
My sub says the waiver of subrogation is included — do I need it in writing?
Yes. Verbal assurances and contract language stating that a waiver is required do not bind the insurer. The waiver must be endorsed on the policy itself. Ask for the endorsement form number and, for large projects, request a copy of the endorsement directly. If the sub's agent cannot provide an endorsement form number, the waiver is not on the policy.
How long should I keep COIs after a project ends?
Keep COIs for at least as long as your state's statute of limitations for construction defect claims — typically three to ten years depending on the state and claim type. In California, the statute of limitations for latent construction defects runs ten years. In Texas, the general limitations period for construction defects is ten years from substantial completion. Do not discard COIs when a project closes.

Related Resources

COI Intelligence: Automated Parsing → How to Track Subcontractor Insurance → TX Subcontractor Insurance Requirements → FL Subcontractor Insurance Requirements → 5-Minute Contractor Verification Checklist →