A COI - Certificate of Insurance - is a one-page summary document that shows the coverage in force on an insurance policy at the time it was issued. It's not the policy itself. It's a snapshot.
When a property manager asks a contractor to "send their COI," they're asking for proof that the contractor carries insurance. When a general contractor requires subcontractors to produce COIs, they're trying to confirm coverage before work starts. That's the basic function: a fast, standardized way to communicate that an insurance policy exists.
The operative word is exists. A COI proves a policy was active when the certificate was issued. It doesn't guarantee the policy is still active today, that the policy covers the work you're hiring someone to do, or that your organization is actually protected if something goes wrong.
What a COI Shows
Most COIs in the United States use the ACORD 25 form - a standardized document published by the Association for Cooperative Operations Research and Development. The ACORD 25 includes:
- Named insured: The business or individual covered by the policy
- Insurer names and policy numbers: One row per coverage line
- Coverage types: General liability, auto, workers' compensation, umbrella/excess, and sometimes professional liability or other lines
- Policy effective and expiration dates: When coverage starts and ends
- Limits: The per-occurrence and aggregate limits for each coverage line
- Certificate holder: The party requesting the COI (usually your company)
- Description of operations: A text field where endorsements, project names, or special provisions may be noted
Those fields tell you what coverage existed when the certificate was produced. That's valuable - but it's a starting point, not a finish line.
What a COI Doesn't Prove
This is the part most businesses miss.
A COI is not a guarantee of current coverage. Insurance policies can be cancelled mid-term. A vendor who submitted a valid COI six months ago may have had their policy lapse last week. The certificate doesn't update automatically.
A COI doesn't confirm you're an additional insured. Being listed as the certificate holder means you receive notifications. Being listed as an additional insured means you have actual coverage rights under the vendor's policy. The two are not the same, and a checked box on a COI is not the same as an endorsement on the policy.
A COI doesn't confirm limits match your contract requirements. A vendor can produce a compliant-looking COI that still has limits $1 million short of what your contract requires. If you're not comparing the COI against your specific contract language, you won't catch it.
A COI doesn't confirm the policy covers your specific project. General liability policies can have exclusions for certain types of work. A COI won't surface those exclusions.
- Policy is still active today
- You are an additional insured
- Limits match your contract
- Policy covers your specific project
- Policy existed when certificate was issued
- Coverage types and limits at issuance
- Named insured and carrier information
- Policy effective and expiration dates
The ACORD 25 Basics
The ACORD 25 is the standard form. Any reputable insurance agent can produce one within 24 hours of a request. The form has a disclaimer printed directly on it: "This certificate is issued as a matter of information only and confers no rights upon the certificate holder."
That line matters. The ACORD 25 is an information document. It doesn't modify coverage. It doesn't create rights. It doesn't obligate the insurer to provide coverage to anyone other than the named insured - unless an endorsement to the policy does that separately.
When you collect a COI, you're collecting information. Compliance requires verifying that information matches your contract requirements.
Having a COI Is Not the Same as Being Compliant
This is the central confusion in vendor insurance management, and it's expensive. Industry data shows that 70% of COIs are non-compliant at first submission. That's not because vendors are acting in bad faith - it's because:
- Their agent didn't know your specific requirements
- Their policy has lower limits than your contract requires
- They have the right coverage types but are missing required endorsements
- Their policy expired and they submitted an old certificate
- The named insured on the COI doesn't match the entity you contracted with
Collecting a COI and filing it away is not compliance. Compliance means verifying every field on that COI against the requirements in your specific contract with that specific vendor.
When Businesses Need COIs
You should request a COI any time you:
- Hire a vendor, contractor, or subcontractor to perform work on your behalf
- Allow a third party to access your property
- Enter a lease as a landlord requiring tenant insurance
- Enter any contract that includes insurance requirements
The request should happen before work begins - not after. And the verification should happen before you approve the COI as compliant, not after an incident forces you to check.
The Gap Between Collection and Compliance
The $500,000+ cost of a single uninsured incident is why compliance - not just collection - is the standard that matters. Companies that treat COI collection as compliance leave themselves exposed every time a vendor submits a certificate that looks right but isn't.
For a complete breakdown of what to check on every COI, see the full Certificate of Insurance guide.
Bramble automates the comparison between COI data and contract requirements, catching non-compliance before it becomes liability. See how it works.