Businesses depend on vendors every day—whether it’s IT providers, contractors, or cleaning services. But every vendor relationship brings risk. Even routine work can lead to unexpected damage, from a landscaping mishap to a costly construction error.
If a vendor makes a mistake and doesn’t have the right insurance, your business could be left footing the bill.
That’s why many businesses request a Certificate of Insurance (COI). It’s a simple document—but understanding what it does (and doesn’t do) is key to protecting your business.
A COI Is a Starting Point—Not a Safety Net
A Certificate of Insurance is a one-page summary that shows a vendor had certain insurance coverage on the date it was issued.
It’s important—but it’s not a guarantee.
A COI does not:
- Guarantee coverage will still be active during your project
- Confirm coverage applies to your specific situation
- Extend protection to your business
Think of it as a snapshot in time—not a contract.
Where Businesses Get Caught Off Guard
Imagine hiring a tech vendor to build and support your company’s app. You request a COI, confirm they carry cyber liability and professional liability coverage, and move forward.
Months later, a security flaw leads to a data breach affecting your customers.
Now you’re asking:
- Does their insurance cover this situation?
- Does it protect your business—or just theirs?
In many cases, coverage may only apply to the vendor—not to third parties like you. Without proper protections in place, your business could be exposed to claims, costs, or litigation.
What a COI Actually Tells You
A COI provides a high-level overview, including:
- The vendor’s business name
- Types of insurance policies
- Coverage limits
- Policy effective dates
What it doesn’t tell you:
- Whether coverage meets your contract requirements
- If you’re listed as an additional insured
- What exclusions apply
- Whether the policy has been changed or canceled
What to Look for When Reviewing a COI
Careful review is critical. Small details can create big gaps in protection.
Make sure:
- The business name matches your vendor exactly
- Policy dates cover the full scope of the project
- Coverage aligns with the work being performed
It’s also best practice to verify the information directly with the issuing agent or carrier. COIs can be altered, and assumptions can be costly.
And remember—verification shouldn’t be a one-time step. For ongoing or higher-risk work, review coverage periodically.
Go Beyond the COI: Strengthen Your Risk Strategy
A COI works best as part of a broader risk management approach. Consider these additional steps:
Confirm the Right Coverage
Don’t just check that coverage exists—confirm it applies to your exposure, including third-party risks.
Verify Coverage Throughout the Project
Policies can lapse or change. Periodic verification helps ensure protection stays in place.
Use Strong Contracts
Include indemnification provisions that clearly define responsibility for losses tied to a vendor’s work. Always review contract language with legal counsel.
Request Additional Insured Status
If appropriate, ask to be added to the vendor’s policy. This can extend certain protections—but it must be properly documented.
Consider a Waiver of Subrogation
This can help prevent a vendor’s insurer from seeking recovery from your business after a claim.
Evaluate Umbrella Coverage
An umbrella policy can provide an extra layer of protection above your existing liability limits.
A Smarter Approach to Vendor Risk
A Certificate of Insurance is a valuable tool—but it’s only one piece of the puzzle.
Taking the time to review, verify, and strengthen your approach to vendor risk can help prevent costly surprises down the road.
At Bender, we help businesses look beyond the paperwork to identify gaps and build stronger protection strategies. If you’d like a second set of eyes on a COI—or guidance on vendor risk—we’re here to help.
This article is intended for informational purposes only and should not be interpreted as insurance, legal, or risk management advice.
