What is a certificate of insurance (COI)?

The short definition

A certificate of insurance (often shortened to COI) is a one-page document an insurance carrier or broker issues that summarizes a policyholder's active insurance coverage. It is the document a vendor sends to prove they are insured.

A general contractor requires it from every subcontractor before work begins. A property management firm requires it from every vendor that touches the building. A multi-location restaurant requires it from every supplier. The COI is how the buyer verifies the seller's insurance without ever seeing the actual policy.

What's on a typical COI

The standard US format is the ACORD 25 — a single-page form maintained by ACORD (the Association for Cooperative Operations Research and Development) and used by virtually every commercial insurance carrier. We have a field-by-field guide to the ACORD 25 if you need the full anatomy. The short version of what you'll find on it:

• Producer / broker — who issued the cert.
• Insured — the policyholder, i.e., the vendor.
• Insurers — the carrier(s) writing the coverage, with NAIC codes.
• Coverage types— Commercial General Liability, Auto Liability, Workers' Compensation, Umbrella / Excess, Professional Liability, etc.
• Policy numbers and effective / expiration dates for each coverage.
• Limits— Each Occurrence, General Aggregate, Products / Completed Operations Aggregate, Personal & Advertising Injury, etc.
• Description of operations / locations / vehicles — free-text box where additional-insured and waiver-of- subrogation language usually lives.
• Certificate holder — the party requiring the cert (i.e., you).
• Cancellation notice language.
• Authorized representative signature.

What you actually need to verify (the checklist)

When a COI lands on your desk, you're not reading it like a novel. You're running a checklist. The standard one for a general contractor or property manager looks like this:

1. Coverage types are present.At minimum, GL, Auto, and Workers' Comp. Umbrella for higher-risk work. Professional liability for design or technical scopes.
2. Limits meet your contract minimum. A typical GC contract requires $1M per occurrence / $2M aggregate on general liability; some require $5M umbrella. Check both occurrence and aggregate.
3. The named insured matches the vendor entity on your contract. Watch for "DBA" or parent-company names that don't match.
4. You are listed as an additional insured on the general liability policy. The exact wording matters — see our additional insured guide.
5. Waiver of subrogation is presentin favor of you, on the policies your contract requires it on. Don't assume the wording is there just because the vendor said it would be.
6. Primary and non-contributory languageis present where required. This determines whose insurance pays first when there's a claim.
7. Completed operations endorsement for any scope where work product matters after the job ends (construction, manufacturing, etc.).
8. Policy expiration date covers the duration of the work. If a policy expires mid-project, you need a renewal COI before it lapses.
9. Certificate holder address matches your firm exactly. Misaddressed certs are technically valid but a hassle in a claim.
10. Carrier rating is acceptable. Most contracts require AM Best A- or better.

What goes wrong (and costs real money)

The economics of COI verification are obvious in retrospect. Verifying takes 10–15 minutes per cert when done correctly. A mid-sized GC tracks 200–1,500 active COIs and reviews 10–50 new or renewed certs per month. That's 2–12 hours a week of skilled clerical work, and the work is repetitive and easy to rush through.

The recurring failure modes:

• Missed expirations.The most common, and the most expensive. A subcontractor's policy lapses mid-job. They have an incident. Their policy was uninsured at the time of loss. The general contractor's policy now answers. Industry estimates put the average uninsured-loss event at $50K–$5M.
• Insufficient limits accepted.Contract requires $2M GL aggregate; the cert shows $1M. The clerk misreads or doesn't check, and approves. Discovered only when there's a claim.
• Missing additional-insured language.The cert shows GL coverage but the "Description of Operations" box doesn't actually name your firm as an additional insured. You're not actually covered.
• Wrong waiver-of-subrogation status.Carrier's subrogation rights aren't waived; carrier sues you in recovery after paying their insured.
• Fraudulent COIs. Forged ACORD forms, canceled-policy COIs reissued by a vendor who lost their coverage, altered limits.

How verification actually works

The defensible workflow has four steps:

1. Receive the COI (PDF email attachment is standard; some vendors use portals).
2. Extract the relevant fields and compare them to your contract requirement template. This is the 10–15 minutes per cert.
3. Verdict — PASS (proceed), NEEDS REVIEW (one or more fields ambiguous), or FAIL (specific exceptions). Send the verdict back to the vendor and to AP.
4. Track the COI in a library with the expiration date, and alert someone 60 / 30 / 7 days before it expires so the renewal is in your hand before the lapse.

Software automates steps 2, 3, and 4. The savings show up in two places: hours not spent verifying, and missed-expiration events not happening.

How COIverify automates this

Our product is opinionated about doing exactly this one job. Drop a PDF. We extract the 12 standard fields with confidence scores. We check them against your contract requirement template (per vendor, per job, or per project class). We return a PASS, NEEDS REVIEW, or FAIL verdict with named exceptions. We store the COI in a searchable library. We alert you 60, 30, and 7 days before any policy expires.

Time per COI: about 30 seconds end-to-end. Pricing starts at $99/mo, public, self-serve, no demo required.

Frequently asked questions