Skip to content
Menu
Professional reviewing documents with colorful tabs at desk with coffee

What Is a Certificate of Insurance? The Complete Guide

What Is a Certificate of Insurance? The Complete Guide
13:26

A certificate of insurance (COI) is a standardized document issued by an insurance carrier or broker that summarizes a policyholder's active coverage, including coverage types, policy limits, effective dates, and named insureds. It confirms four critical details: proof that a policy exists, the types of coverage in force (general liability, workers' compensation, auto, umbrella), the policy limits for each coverage type, and the dates during which coverage is active.

Organizations require COIs to verify that contractors, vendors, tenants, and other third parties carry adequate insurance before those parties begin work or occupy a space. Risk managers, property managers, and general contractors request COIs as a standard step in vendor onboarding and lease execution. Basically, any time a third party's activities could create liability exposure for the requesting organization.

Before diving in, here's what this guide covers:

Key takeaways

  1. A COI is a snapshot, not a guarantee. The document reflects coverage at the moment it was issued. Policies can lapse, be cancelled, or have limits reduced after a COI is printed—and the certificate won't update automatically.
  2. COI tracking covers three distinct functions. Collection, verification, and ongoing monitoring are each separate steps. Most compliance failures happen in the third, as organizations collect certificates but don't track expirations or mid-term policy changes.
  3. Most COI verification errors trace back to one form field. The description of the operations box on an ACORD 25 is where requirements are stated, and where mismatches between what's written and what's really endorsed are most often missed.
  4. A COI is not a substitute for an additional insured endorsement. Being listed as a certificate holder gives you notice of a cancellation. Being named as an additional insured is what extends coverage to your organization. The two are not the same, and the distinction matters when a claim is filed.
  5. Manual tracking becomes unreliable above roughly 25–50 active vendors. Below that threshold, a spreadsheet is manageable. Above it, the volume of expirations, renewals, and mid-term changes creates gaps that go unnoticed.

What is a certificate of insurance?

A certificate of insurance is a one-page summary document, not a policy. It doesn't create coverage, modify coverage, or extend coverage to anyone who receives it. What it does is confirm, at the time of issuance, that a named insured holds one or more active insurance policies meeting specified parameters.

The document is issued by the policyholder's insurance agent or broker, typically in response to a request from a business requiring proof of coverage before allowing a contractor or vendor to work on their behalf.

What a COI is not

A COI is not a contract, a warranty, or a binding insurance agreement. It cannot be used to make a claim. If there's a dispute about what a policy genuinely covers, the policy document—not the certificate—is the controlling instrument.

COIs also don't confirm that the policy remains in force after the issue date. A certificate issued in January reflects coverage as of January. If the policyholder lets coverage lapse in March, the January COI is no longer accurate, and any organization relying on it may not know.

COI vs. the insurance policy itself

The difference is fundamental. A certificate summarizes key terms; the policy defines them. The policy document specifies exclusions, sub-limits, conditions for coverage, and endorsements that may materially affect what's truly covered. A COI rarely reflects the full picture.

This is why certificate holders are advised to request copies of relevant policy endorsements—particularly additional insured endorsements—rather than relying on certificate language alone when coverage questions arise.

What does a certificate of insurance contain?

Most COIs use a standardized layout that makes the key fields predictable once you know what to look for.

The ACORD 25 form: the standard COI document

ACORD 25 is the insurance industry's standard certificate form for general liability coverage. Published by ACORD (Association for Cooperative Operations Research and Development), it's the form a vendor's broker will almost always produce when a COI is requested for commercial insurance purposes.

The form contains the following fields:

  • Producer: The insurance agency or brokerage issuing the certificate
  • Insured: The policyholder — the contractor, vendor, or tenant providing proof of coverage
  • Insurers: The carrier(s) providing coverage, with NAIC codes
  • Coverage types: Checkboxes and detail fields for each coverage type in force
  • Policy number: The unique identifier for each active policy
  • Policy effective and expiration dates: The date range during which coverage is active
  • Limits: The per-occurrence and aggregate coverage limits for each policy
  • Certificate holder: The organization requesting the COI — typically listed in the lower left
  • Additional insured designation: Whether the certificate holder is named as an additional insured on the underlying policy
  • Cancellation clause: Specifies notice requirements if the policy is cancelled before its expiration date
  • Description of operations: A free-text field used to specify the job, project, or contract the certificate covers

Of all the fields on the form, the description of operations is where most compliance issues originate. Requirements stated there—specific projects, contract numbers, additional insured language—need to match the endorsements attached to the policy.

Coverage types that appear on a COI

ACORD 25 accommodates several coverage lines. The types most commonly required from vendors and contractors include:

  • Commercial general liability (CGL): Covers bodily injury and property damage caused by the insured's operations. This is the baseline coverage most organizations require.
  • Automobile liability: Covers vehicles used in connection with the insured's work, whether owned, hired, or non-owned.
  • Workers' compensation: State-mandated coverage for employee injuries on the job. Required in most jurisdictions when contractors have employees working on a site.
  • Employers' liability: Often paired with workers' comp; covers employer liability for work-related injuries not addressed by the statutory workers' comp system.
  • Umbrella / excess liability: Provides coverage above the limits of underlying GL, auto, and employers' liability policies.
  • Professional liability (errors & omissions): Relevant for service providers, consultants, and technology vendors. This coverage is not typically listed on ACORD 25 and usually requires a separate certificate form.

Each coverage line has its own policy number, effective dates, and limits. Verification requires checking all of these against the requirements in the contract or lease, not just confirming that a coverage type is listed.

Who issues a COI — and who needs one?

A COI is issued by the policyholder's insurance agent or broker. The broker generates the certificate and sends it to whoever the policyholder needs to provide proof of coverage to. This is typically a client, property owner, general contractor, or government entity.

When businesses require COIs from vendors and contractors

Any organization that hires contractors, vendors, or suppliers to perform work on its behalf may face liability exposure if those parties are inadequately insured. A subcontractor without workers' compensation coverage, for example, can expose the general contractor to liability for on-site injuries that should be covered by the sub's own policy.

Standard practice across construction, property management, manufacturing, healthcare, and logistics is to require COIs before work begins—and to specify the coverage types, minimum limits, and endorsements the vendor must carry. These requirements are written into contracts and verified through the COI before onboarding is complete.

When landlords and property managers require COIs from tenants

Commercial leases routinely require tenants to carry and maintain insurance throughout the lease term (general liability at a minimum, with limits scaled to the lease type and occupancy risk). The COI is the mechanism for verifying that the tenant has met this obligation.

Residential landlords with insurance requirements in their leases use the same process, though the coverage types differ. Renters insurance rather than commercial GL is the typical requirement in residential contexts. In both cases, the COI is collected at lease signing and tracked for renewal throughout the tenancy.

Infographic explaining what a certificate of insurance is, including ACORD 25 form fields, common coverage types, the difference between certificate holder and additional insured status, and the three functions of COI tracking

What does a COI prove — and what doesn't it guarantee?

This is the section of COI management that creates the most compliance risk. Understanding what a certificate confirms versus what it doesn't is where liability exposure actually lives.

Why expiration dates matter more than issue dates

A COI is valid for the coverage period listed—the dates the underlying policy is in force. But a certificate issued today can become inaccurate tomorrow if the policy lapses, is cancelled, or has its limits reduced.

Most standard COI cancellation clauses state that notice will be provided to the certificate holder if the policy is cancelled before expiration. In practice, this notice is inconsistent. And even when it works as intended, it's reactive. By the time a certificate holder learns of a cancellation, the coverage gap may already exist.

This is why ongoing monitoring of expiration dates, not just collection at onboarding, is the function that most directly affects compliance outcomes.

The difference between having a COI and being covered

A certificate holder listed on a COI receives notice of cancellation. That's it. They have no coverage under the policy unless they are also named as an additional insured through an endorsement attached to the policy.

The distinction: additional insured status means that if a contractor's employee is injured and claims the property owner bears responsibility, the property owner can be defended and indemnified under the contractor's GL policy. Without additional insured status, the certificate holder's own GL policy is the only coverage available—even if the incident was the contractor's responsibility.

Organizations that collect COIs without verifying additional insured endorsements are fulfilling the paperwork requirement while leaving a coverage gap open.

How do businesses track certificates of insurance?

Certificate of insurance tracking is the process of managing COI collection, verification, and renewal across a vendor or tenant population. At small scales, the process is manageable manually. At larger scales, it requires a system.

Manual tracking: what breaks down at scale

Spreadsheet-based COI tracking works by maintaining a log of each vendor's certificate, expiration dates, coverage types, and limits. Someone on the compliance or operations team monitors the spreadsheet, sends renewal reminders, and updates records when new certificates arrive.

Certificates come in as PDFs that must be manually reviewed and entered. Expiration date reminders depend on whoever manages the spreadsheet catching them. Vendors who don't respond to renewal requests stay active in the system with expired documentation—often unnoticed until an audit or an incident forces a review.

What COI tracking software does

Automated COI tracking software manages the collection, review, and monitoring functions that manual processes struggle with at scale. Core functions across most platforms include:

  • Digital certificate collection: Vendors submit COIs through a web link without creating an account or logging into a portal
  • Automated verification: The system reads certificate data and checks it against compliance requirements—coverage types, limits, endorsements, and dates
  • Expiration monitoring: Automated reminders go out at defined intervals before certificates expire, without requiring manual calendar management
  • Compliance reporting: Dashboard views showing which vendors are compliant, which have pending renewals, and which have documentation gaps

The degree of automation and the sophistication of the verification layer vary across platforms. The meaningful difference is whether the system can read and interpret the actual content of a certificate—not just log that one was received.

Effective certificate of insurance management requires three things: collecting certificates before work begins, verifying that the actual coverage meets your contract requirements, and monitoring expirations before policies lapse. Each function is straightforward to describe. Together, they're where most manual compliance programs break down at scale.

bcs automates all three functions, from no-login COI collection to instant compliance verification and automated expiration reminders. The platform is free for up to 25 vendors, with no credit card required.

Try bcs free — full platform access for up to 25 vendors.

Frequently asked questions

A certificate of insurance is a summary document that confirms coverage exists. The insurance policy is the legal contract that defines what is and isn't covered, including exclusions, conditions, and endorsements. If there's a coverage dispute, the policy governs—not the certificate.

Subscribe Now

Learn from the pros about risk-mitigation, document tracking, and more, with expert articles from BCS.

Call to Action that reads Try out the FASTEST COI Data Extractor Upload a COI and simultaneously extract the most pertinent data INSTANTLY!!

Related Reading

Create your free account

100% free. No credit card needed.

Ready to improve vendor compliance?

Demo the #1 COI tracking solution

schedule demo watch demo video