What Is a Certificate of Insurance (COI)? The Complete Guide

A certificate of insurance (COI) is a one-page document that summarizes the key details of an insurance policy: who is insured, what coverage they carry, what the limits are, and when the policy expires. It does not create coverage -- it provides evidence that coverage exists.

For property managers, real estate investors, general contractors, and anyone who hires outside vendors, a COI is one of the most consequential documents in daily operations. Getting this document wrong -- or not getting it at all -- is one of the most common causes of unexpected liability exposure in the property management industry.

This guide covers everything you need to know about certificates of insurance: what they are, what every field means, who needs one, and how to avoid the mistakes that leave you exposed.

What a Certificate of Insurance Is (and Is Not)

A COI is not a policy. It does not alter, amend, extend, or modify the insurance policy it references. It is a snapshot of a policy as it exists on the date the certificate was issued, condensed to a standardized single page for the benefit of third parties who need to verify that coverage exists.

The most important implication of this: a certificate can be outdated within hours of being issued. If a vendor's policy is cancelled the day after their COI is printed, the certificate still shows the policy as active. This is why certificate holders must monitor vendor coverage on an ongoing basis, not treat a COI as a permanent record.

The standard form for property and liability coverage verification is the ACORD 25, published by the Association for Cooperative Operations Research and Development. The ACORD 28 form is used specifically for evidence of commercial property insurance. Most of the time, when someone refers to a "COI," they mean an ACORD 25.

Who Needs a Certificate of Insurance?

The short answer: any business that hires contractors, vendors, or service providers to perform work that creates liability exposure.

The most common industries where COI collection is standard practice include:

Property management and real estate. Property managers require COIs from every vendor who performs work on managed properties -- landscaping crews, HVAC technicians, plumbers, electricians, roofers, janitorial services, elevator maintenance companies, and general contractors. The volume of vendor relationships in a mid-size property management portfolio (200 to 2,000 units) routinely runs to hundreds of active vendor files.

Construction and general contracting. General contractors require subcontractor COIs before any work begins on a job site. Project owners require COIs from the general contractor. This chain of documentation runs from the project owner down through every tier of subcontractor.

Commercial real estate and leasing. Landlords require COIs from tenants performing improvements or operating in industries with elevated risk profiles. Tenants require COIs from their own contractors.

Government and institutional. Municipalities, school districts, universities, and other public entities routinely require COIs from every vendor under contract.

Events and hospitality. Venues require COIs from event organizers, caterers, entertainment vendors, and other parties who use their facilities.

According to the Insurance Information Institute, commercial general liability claims remain one of the top five cost drivers in commercial insurance. For property managers specifically, vendor-related claims -- slip and fall, property damage, bodily injury from contractor negligence -- represent a significant and manageable portion of that exposure when proper COI practices are in place.

The ACORD 25 Form: Every Section Explained

The ACORD 25 form has changed in layout several times, with the 2016 edition being the current standard. Here is what each section contains and what to look for.

Producer and Insured Information

The top left of the form identifies the producer -- the insurance agent or broker who issued the certificate. The top right identifies the insured -- the vendor or contractor whose coverage is being documented.

What to check: The insured name must match exactly the legal entity you have contracted with. "Smith Plumbing LLC" is a different legal entity from "Smith Plumbing Inc." or "Smith & Sons Plumbing." A mismatch here means the COI may not cover the party actually performing work on your property.

Coverage Section

The center of the form lists active policies by type. Each line includes:

• Type of insurance -- General Liability, Automobile Liability, Umbrella/Excess Liability, Workers' Compensation, Employer's Liability, and other lines
• Policy number -- the unique identifier for the underlying policy
• Effective and expiration dates -- the active period of coverage
• Limits -- the maximum amounts the insurer will pay under each coverage type

Key limits to understand:

• Each occurrence -- the maximum payout for a single claim event
• General aggregate -- the maximum total payout across all claims during the policy period
• Products-completed operations aggregate -- the limit for claims arising from completed work, relevant for contractors
• Personal and advertising injury -- covers certain non-bodily injury claims like defamation
• Damage to rented premises -- covers fire damage to leased space, relevant for tenants

Typical minimum requirements for general contractors in property management: $1 million per occurrence, $2 million general aggregate. Requirements vary by jurisdiction, contract terms, and the specific scope of work.

Additional Insured Box

This small checkbox or notation on the form indicates whether additional insured status has been endorsed. The notation typically reads "Additional Insured: [Your Entity Name]" alongside the relevant policy line.

Important: A checkbox on the COI does not guarantee that the underlying endorsement exists and is properly worded. The endorsement must be confirmed by requesting the actual endorsement page from the vendor's carrier or broker. See our guide on additional insured endorsements for the full verification process.

Waiver of Subrogation

Also indicated by a checkbox or notation, a waiver of subrogation prevents the insurance carrier from seeking reimbursement from you after paying a claim on behalf of the insured. This is particularly important for Workers' Compensation -- without a waiver, the carrier can pursue your organization after paying an injured worker's claim.

Learn more in our guide: What Is a Waiver of Subrogation?

Certificate Holder

The bottom left of the form identifies the certificate holder -- the entity that requested the certificate and for whose benefit it was issued. Your organization's legal name and address should appear here.

The certificate holder designation does not confer coverage. It simply confirms that you requested the certificate and that the insurer has your contact information. However, some policy forms trigger a notification requirement to the certificate holder if the policy is cancelled -- another reason to ensure your information is correctly recorded.

Cancellation Notice

Directly above or below the certificate holder box, the cancellation notice provision describes under what circumstances the insurer will attempt to notify the certificate holder of policy cancellation. Note that "endeavor to" language is standard -- insurers are not obligated to notify certificate holders, and many do not.

This is why automated monitoring and policy verification matter more than relying on cancellation notices.

Description of Operations

This field can contain important information: the specific project or location the certificate was issued for, additional insured wording, waiver of subrogation language, or other qualifications. Read this section carefully -- critical exceptions or limitations are sometimes buried here.

Types of Coverage Commonly Required

Commercial General Liability (CGL)

The most fundamental coverage type for any vendor performing physical work. CGL covers bodily injury, property damage, personal injury, and advertising injury arising from the vendor's operations, products, or completed work. For property managers, this is a non-negotiable requirement for any on-site vendor.

Workers' Compensation

Covers medical expenses and lost wages for employees injured on the job. All but a handful of U.S. states require employers to carry Workers' Compensation. If a vendor's employee is injured on your property and the vendor lacks Workers' Compensation coverage, you may face liability for the claim.

Employer's Liability

Often bundled with Workers' Compensation, this covers claims by employees alleging negligence by the employer beyond what Workers' Compensation covers. Minimum limits of $100,000/$500,000/$100,000 are standard; higher limits are appropriate for higher-risk trades.

Commercial Auto Liability

Required for any vendor who drives vehicles in the course of performing work for you. This includes not just the vendor's owned vehicles but hired and non-owned vehicles. Minimum limits of $1 million combined single limit are common.

Umbrella / Excess Liability

An umbrella policy sits above the vendor's primary liability policies, providing additional limits that apply when underlying coverage is exhausted. For high-risk vendors (roofing, structural, demolition), requiring $5 million or more in umbrella coverage is reasonable.

Professional Liability (Errors and Omissions)

Relevant for vendors providing professional services: engineers, architects, IT consultants, property management firms themselves. General liability policies typically exclude professional services claims.

How to Read a COI: A Practical Checklist

Before approving any vendor for site access, verify the following:

1. Named insured matches your contract. Exact legal entity name.
2. Coverage types are present. At minimum: CGL and Workers' Compensation.
3. Dates are current. Policy effective date is in the past, expiration is in the future, and coverage spans the period of the vendor's work.
4. Limits meet your requirements. Per-occurrence and aggregate limits meet or exceed your contract thresholds.
5. Your entity is listed as additional insured. On the CGL policy, at minimum.
6. Waiver of subrogation is present. On Workers' Compensation at minimum.
7. Your entity is the certificate holder. Correct legal name and address.
8. Description of operations matches the work. No limitations that carve out the specific scope of work you have contracted for.

For a detailed walkthrough of each field, see our companion guide: How to Read a Certificate of Insurance.

Common Mistakes That Create Liability Exposure

Treating COI Collection as a One-Time Event

A COI is valid only as long as the underlying policy is active. Policies can lapse, be cancelled, or be modified at any time. Collecting a COI at vendor onboarding and filing it away addresses only a fraction of the risk. Ongoing monitoring -- tracking expiration dates and requesting updated certificates before existing coverage lapses -- is the only way to maintain continuous compliance.

Accepting COIs Without Verifying Limits

A COI that shows $500,000 per occurrence when your contract requires $1 million is non-compliant, regardless of how professional the document looks. Always verify limits against your actual requirements, which should be documented in your vendor agreements.

Not Requiring Additional Insured Endorsements

Many property managers accept COIs that reference additional insured status without confirming the underlying endorsement exists and is correctly worded. The endorsement form matters: CG 20 10 covers ongoing operations, CG 20 37 covers completed operations. For construction vendors, both are required.

Accepting Personally Issued Certificates

Any insurance broker or agent can issue a ACORD 25 certificate. However, certificates can be fraudulently altered or issued against policies that have already lapsed. When in doubt, verify directly with the insurance carrier that the policy number on the COI is active and the details are accurate.

Failing to Track Policy Changes Mid-Term

Insurance policies can be modified between renewal dates. Limits can be reduced, additional insureds can be removed, endorsements can be amended. A COI accurately reflects the policy at the moment of issuance -- not necessarily what the policy says today.

Missing the Expiration Window

The most common compliance gap in property management operations is a vendor whose coverage lapses while they are still actively performing work. Without automated expiration tracking, this gap is often discovered only when a claim occurs.

Key Takeaways

• A COI is evidence of insurance coverage -- it does not create or alter a policy.
• The ACORD 25 is the standard form; verify every field against your contract requirements.
• Additional insured status must be confirmed via endorsement, not just a checkbox on the certificate.
• COI collection is a starting point -- ongoing monitoring is what protects you from lapses.
• Common mistakes include mismatched entity names, insufficient limits, missing endorsements, and failure to track renewals.

Frequently Asked Questions

What is the difference between a certificate of insurance and an insurance policy?

A certificate of insurance is a summary document that provides evidence that an insurance policy exists. The policy itself is the binding legal contract between the insured and the insurer. A COI does not alter or extend coverage -- if there is a conflict between the certificate and the policy, the policy governs.

How long is a certificate of insurance valid?

A COI reflects the coverage in force as of the date it was issued. Technically, it has no independent expiration date -- but it becomes unreliable the moment the underlying policy is modified or expires. Best practice is to obtain a new COI whenever a policy renews (typically annually) and any time there is a material change to coverage.

Can a certificate of insurance be faked?

Yes. Because any broker can issue an ACORD 25 form, fraudulent certificates do exist. If you have reason to doubt a certificate's authenticity, call the insurance carrier directly using a number from their public website -- not from the certificate -- and verify that the policy is active and the details are accurate.

Do I need a COI from every vendor, regardless of the work they do?

The appropriate threshold depends on the risk profile of the work. Most risk advisors recommend requiring COIs from any vendor who performs physical work on your property, accesses your systems, or provides services where errors could create liability. Very low-risk administrative vendors (office supplies, for example) may not warrant the same level of documentation.

What should I do if a vendor refuses to provide a COI?

Refusal to provide a COI is a significant red flag. A legitimate business that carries insurance can obtain a certificate from their broker in minutes at no cost. Refusal typically indicates that the vendor lacks coverage, has coverage that does not meet your requirements, or has had coverage lapse. Do not authorize site access until a compliant COI is in hand.

---

Managing COI collection and renewal tracking manually is one of the highest-risk administrative tasks in property management. COIPulse automates the entire workflow: document collection, data extraction, compliance checking, expiration alerts, and vendor follow-up. Try it free or grade your current COI process to see where your gaps are.