How to Track Certificates of Insurance

A certificate of insurance is a one-page document that proves a contractor or vendor carries active coverage. When you hire someone to work on your property or facility, you need that document — and you need to know it's still valid before work begins.

Most businesses collect these certificates at the start of a vendor relationship and then forget about them. Policies expire. Vendors let coverage lapse. And unless someone is actively watching those dates, the certificate sitting in a folder may have been invalid for months before anyone notices.

This guide explains how to build a reliable COI tracking process — whether you're managing a handful of vendors or hundreds of them.

What a Certificate of Insurance Actually Tells You

A standard COI, typically issued on an ACORD 25 form, shows the following:

• The types of coverage the vendor carries (general liability, workers' comp, auto, umbrella)
• The policy limits for each coverage type
• The effective and expiration dates for each policy
• The certificate holder — your organization — listed in the lower left
• Whether your organization is listed as an additional insured

Reading a COI isn't complicated, but there are a few things that trip up property managers and operations teams. The expiration dates on a COI don't always line up — a general liability policy might expire in March while the workers' comp policy expires in August. Each line item has its own date, and each one needs to be tracked separately.

Why COI Tracking Matters

When a contractor without valid insurance causes property damage or injures someone on your site, the claim doesn't automatically go to their carrier. If their policy had lapsed, or if their coverage limits weren't sufficient, your organization becomes the first line of defense.

A contractor who was properly insured last year may not be insured today. Annual renewals get missed. Small contractors sometimes drop coverage during slow seasons to cut costs. Without a system that catches these expirations, you have no way to know.

The liability exposure is real. A slip-and-fall on a property where a contractor had let their policy lapse can result in six-figure settlements. Courts have consistently held that property owners and managers share responsibility when they fail to verify contractor insurance before allowing work to proceed.

The Manual Tracking Process

For businesses managing fewer than 20 vendors, a manual process can work — but it requires discipline and a consistent workflow.

Step 1: Request the certificate before work begins

Make COI collection a condition of engagement. Before a contractor sets foot on your property, request a certificate directly from their insurance agent or broker. Accept certificates only from the issuing agent — not from the contractor themselves — to reduce the chance of altered documents.

Step 2: Verify the coverage meets your requirements

Check that the coverage types and limits match what you require. Most property managers require at minimum: general liability ($1M per occurrence / $2M aggregate), workers' compensation (statutory limits), and automobile liability ($1M combined single limit). If your contracts require additional insured status, confirm your organization is named on the certificate.

Step 3: Log the certificate with all expiration dates

Create a record for each vendor that includes every policy line and its expiration date. Don't just note the earliest expiration — track each coverage type separately, because they renew on different schedules.

Step 4: Set reminders before expiration

Set calendar reminders at 60 days, 30 days, and 7 days before each policy expires. When a reminder fires, contact the vendor immediately and request an updated certificate. Don't wait until the day of expiration — insurance agents take time to issue certificates, and delays are common.

Step 5: Replace expired certificates promptly

When a renewed certificate arrives, update your records and file the new document. Archive the old one — don't delete it. Regulators and insurance adjusters sometimes ask for historical records.

Why Spreadsheets Eventually Fail

Spreadsheets are a reasonable starting point. They're free, familiar, and flexible enough to capture the basics. But they have structural limitations that become serious problems as vendor counts grow.

No automated reminders. A spreadsheet doesn't send you an alert when a policy is about to expire. You have to remember to check it — which means the whole system depends on consistent manual review. A busy week, a staff change, or a simple oversight can let an expiration slip through undetected.

No version control. When a new certificate comes in, someone updates the spreadsheet. But the old certificate is gone. If you ever need to prove what coverage a vendor had on a specific date — during litigation, for example — you may not have the documentation.

No audit trail. Spreadsheets don't record who made a change or when. If a cell gets accidentally edited or deleted, there's no way to know.

They don't scale. At 15 vendors, a spreadsheet is manageable. At 75 vendors, each with three or four separate policy expiration dates, you're managing 200+ individual dates across a single document. The error rate climbs proportionally.

Spreadsheet vs. Software: A Direct Comparison

Capability	Spreadsheet	COI Tracking Software
Expiration date tracking	Manual entry, no alerts	Automatic alerts at 60/30/7 days
Document storage	Separate email folder or file share	Attached to each vendor record, searchable
Vendor submissions	Manual receipt, manual entry	Vendors upload directly via shared link
Reminder workflow	Manual calendar entries	Automated emails to vendor and your team
Compliance dashboard	None — requires manual review	Live status for all vendors at a glance
Audit trail	None	Full history of submissions and changes
Staff dependency	High — breaks if one person is unavailable	Low — system runs independently
Setup time	Hours to build, ongoing maintenance	15–30 minutes to launch

Best Practices for Growing Organizations

Whether you're using a spreadsheet or software, these practices reduce compliance gaps regardless of your vendor count.

Collect certificates before work begins, not after. A vendor who has already started work is much harder to pause for a compliance issue. Make certificate submission a prerequisite for your onboarding checklist, not a follow-up task.

Don't accept certificates from the contractor directly. Request certificates directly from the issuing insurance agent. Altered COIs are not uncommon — the issuing agent's contact information provides a verification path that self-submitted documents don't.

Track each policy line independently. A vendor's general liability may expire in April while their workers' comp expires in October. Treating the entire vendor as "compliant" when only one policy is current is a significant liability gap.

Build your minimum requirements into your contracts. If your contracts specify the insurance types and limits you require, you have a legal basis for removing a vendor who falls out of compliance. Without that language, enforcement becomes difficult.

Do an annual audit. Even with automated tracking, run a full audit once a year. Pull every vendor record, verify coverage is still appropriate for the current scope of work, and confirm additional insured endorsements are still active where required.

Frequently Asked Questions

How often should I request updated certificates?

At minimum, at the point of renewal for each policy. For ongoing vendor relationships, this typically means once a year — but some policies renew more frequently. The safest practice is to track every policy line individually and request a new certificate each time any line nears expiration.

What should my minimum insurance requirements be?

This depends on the type of work and your jurisdiction. A general starting point for most commercial properties: general liability ($1M per occurrence / $2M aggregate), workers' compensation (statutory limits), and commercial auto ($1M CSL). For higher-risk work, an umbrella policy of $2M or more is common. Consult your own insurance advisor to confirm requirements for your specific situation.

Can I verify a certificate's validity directly?

Yes — and you should. The certificate lists the issuing agent's name and phone number. A quick call confirms whether the policy shown on the certificate is still active. For high-value contractor relationships, this is worth doing even when you have a recent certificate on file.

What if a vendor refuses to provide a certificate?

Don't allow work to proceed. A vendor who won't provide a certificate either doesn't carry the required coverage or doesn't want you to know what coverage they carry. Either way, the risk to your organization is unacceptable. This should be a non-negotiable condition in your vendor agreements.

How long should I retain expired certificates?

Retain expired certificates for at least seven years, or longer if your jurisdiction or industry has specific requirements. Insurance claims and litigation can arise years after an incident, and having the historical certificate on file demonstrates that you performed due diligence at the time of the vendor relationship.

Conclusion

Tracking certificates of insurance is not complicated, but it does require a consistent process. The businesses that get into trouble aren't the ones who don't know what a COI is — they're the ones who collected certificates at the start of a vendor relationship and assumed they were covered indefinitely.

Policies expire. Vendors change carriers. Coverage lapses happen without warning. A tracking system — whether a well-maintained spreadsheet or purpose-built software — is what stands between your organization and an uninsured contractor incident.

For small vendor portfolios, a disciplined manual process works. As your vendor count grows past 25–30, the case for automation becomes difficult to ignore. The time saved on manual follow-up alone typically pays for itself within the first month.