Vendor Insurance Requirements: The Complete Guide for Insurance Professionals

Vendor insurance requirements are the coverage minimums a business imposes on third-party contractors, suppliers, and service providers before allowing them on a job site or into a business relationship. For insurance agencies managing commercial clients, understanding and enforcing these requirements is a primary source of E&O exposure.

Twenty-two percent of vendors operating under commercial contracts carry inadequate insurance for the work they perform, according to the BrokerageAudit 2026 Agency Operations Report. When a claim occurs and vendor coverage is insufficient, the contracting business often faces liability exposure it believed it had transferred to the vendor.

This guide covers how to set vendor insurance requirements, what coverage types to specify, and how to track compliance across your client base.

Key Takeaways

• 22% of vendors operating under commercial contracts carry inadequate insurance, according to the BrokerageAudit 2026 Agency Operations Report
• Agencies managing 100 to 500 vendor COIs manually spend an average of 8 hours per week on collection, review, and follow-up, per the Ivans Distribution Channel Survey 2025
• Standard general liability minimums for vendors run $1M per occurrence and $2M aggregate for most commercial relationships, based on ISO commercial general liability form requirements
• Businesses with formal vendor compliance programs reduce third-party liability claims by 40% to 60% versus those with informal requirements, per the Risk and Insurance Management Society (RIMS) 2025 report
• Only 38% of businesses audit vendor insurance compliance annually, leaving 62% exposed to gaps between certificate issuance and actual coverage, per the RIMS 2025 Vendor Management Survey
• Automated vendor tracking systems reduce compliance gaps by 80% compared to manual spreadsheet methods, per BrokerageAudit client data 2025

What Are Vendor Insurance Requirements?

Vendor insurance requirements are contractual conditions specifying the types and minimum limits of insurance a vendor must carry. They typically appear in master service agreements, vendor onboarding packets, purchase orders, and subcontractor agreements.

The contracting business (your client) defines these requirements. The vendor's agent produces certificates of insurance as proof of compliance. Your agency sits in the middle: helping clients establish appropriate requirements and then verifying that vendor certificates meet those requirements.

When a vendor certificate does not meet requirements and a loss occurs, the gap creates liability for everyone involved: the vendor, the contracting business, and potentially the agency that reviewed and approved a non-compliant certificate.

Standard Coverage Types in Vendor Requirements

Commercial General Liability

CGL is the baseline requirement for virtually all vendor relationships. It covers bodily injury and property damage claims arising from vendor operations.

Typical minimums:

• $1,000,000 per occurrence
• $2,000,000 general aggregate
• $2,000,000 products and completed operations aggregate

Higher-risk vendors (contractors working on occupied premises, vendors handling food service, technology vendors with data access) should carry higher limits. A vendor that could cause a $5M loss should not carry $1M in coverage just because $1M is the standard minimum.

Workers Compensation and Employers Liability

Any vendor with employees performing work for your client must carry workers compensation in the states where work occurs. Do not accept certificates that list a workers comp carrier but exclude the specific state where the work takes place.

Typical employers liability minimums:

• $500,000 each accident
• $500,000 disease policy limit
• $500,000 disease each employee

Commercial Auto

Vendors using vehicles to perform work covered by the contract need commercial auto coverage. Personal auto policies exclude coverage when a vehicle is used for business purposes by someone other than the named insured's household.

Typical minimums: $1,000,000 combined single limit for vendors with regular vehicle use on client premises.

Umbrella or Excess Liability

For higher-risk vendor relationships, require umbrella coverage that sits above the GL, auto, and employers liability policies.

Typical minimums: $1,000,000 to $5,000,000 depending on vendor risk profile and contract value.

Professional Liability (Errors and Omissions)

Technology vendors, consultants, architects, engineers, and any vendor providing professional services should carry professional liability coverage. Standard CGL does not cover claims arising from professional services.

Typical minimums: $1,000,000 per claim, $2,000,000 aggregate.

Cyber Liability

Any vendor with access to your client's data, networks, or systems should carry cyber liability coverage. This became a standard requirement in commercial contracts by 2024 as data breach exposure grew.

Typical minimums: $1,000,000 per incident.

Certificate Requirements Beyond Coverage Limits

Coverage limits alone do not satisfy vendor insurance requirements. Certificates must reflect specific contract provisions.

Additional Insured Status

Most vendor contracts require the contracting business be listed as an additional insured on the vendor's CGL and umbrella policies. This gives the contracting business direct rights under the vendor's policy if they are named in a claim arising from vendor operations.

The additional insured must appear on an endorsement to the policy, not just on the certificate. A certificate holder designation does not grant additional insured rights. Verify endorsement language matches the contract requirement.

Primary and Non-Contributory Language

If a claim involves both the vendor's policy and the contracting business's policy, the contract typically specifies which policy pays first. "Primary and non-contributory" means the vendor's policy pays before the contracting business's policy contributes.

This language must appear as a policy endorsement, not just in the certificate remarks section. Many agencies miss this distinction and approve certificates that do not actually deliver the contractual protection.

Waiver of Subrogation

A waiver of subrogation prevents the vendor's insurer from suing the contracting business after paying a claim on the vendor's behalf. Without this waiver, paying a claim against a vendor does not prevent the vendor's carrier from pursuing the contracting business for recovery.

Verify the waiver appears as a policy endorsement. The endorsement should specify the waiver applies to the contracting business by name or by class (e.g., "any client for whom the insured is performing work under written contract").

Notice of Cancellation

Standard certificates provide 10-day notice of cancellation for non-payment and 30-day notice for other cancellations. Contracts often require 30-day notice for all cancellations.

Verify the certificate reflects the notice period required by the contract. Carriers are not bound by certificate representations that exceed actual policy terms, but agents who issue certificates with incorrect notice periods create E&O exposure.

Building a Vendor Insurance Compliance Program

Step 1: Inventory All Vendor Relationships

Create a complete list of every vendor performing work for your client. Include contractors, subcontractors, janitorial services, technology vendors, staffing agencies, and anyone else providing services or accessing client premises.

Most businesses underestimate their vendor count on the first pass. Run a vendor audit by reviewing accounts payable records for the past 12 months. Any vendor receiving payment should be on the compliance list.

Step 2: Risk-Tier Your Vendors

Not all vendors carry the same risk. A technology vendor with remote data access carries different risk than a landscaper. Tier your vendors by risk to set appropriate coverage requirements.

Tier 1 (High Risk): Contractors working on occupied premises, vendors with physical contact with customers, vendors handling financial data. Require: CGL $2M aggregate, workers comp, commercial auto, umbrella $2M+, plus additional insured endorsement.

Tier 2 (Medium Risk): Professional services vendors, technology vendors with data access, staffing agencies. Require: CGL $1M occurrence/$2M aggregate, professional liability $1M, cyber $1M, workers comp.

Tier 3 (Low Risk): Remote services vendors, vendors providing non-sensitive products. Require: CGL $1M occurrence/$2M aggregate, workers comp.

Step 3: Build Standard Certificate Requirements

Create a vendor certificate requirements document for each tier. This document specifies exactly what coverage types, limits, endorsements, and certificate language you require.

Send this document to every vendor during onboarding. Do not accept certificates that do not match the requirements. Return non-compliant certificates with a checklist of exactly what needs to change.

Step 4: Collect and Review Certificates

Collect certificates from every vendor before work begins and at each renewal. Review every certificate against your requirements checklist.

Common compliance failures on certificates:

• Wrong coverage limits (GL aggregate below required minimum)
• Missing additional insured endorsement
• Workers comp excluding the work state
• No professional liability on professional services vendors
• Certificate holder listed as additional insured instead of endorsement

Step 5: Track Expiration Dates

Certificates expire when the underlying policies expire. A vendor compliant in January may be non-compliant in February if their policy renewed without the required endorsements.

Build an expiration tracking system. Set automated reminders 60 days before each certificate expires. Do not wait for vendors to renew proactively. The 22% non-compliance rate exists largely because businesses fail to track renewals.

Step 6: Audit Compliance Quarterly

Run a quarterly compliance audit to identify gaps. Pull every active vendor from your list. Check that current, compliant certificates are on file.

Businesses that audit quarterly catch an average of 3 to 5 vendor compliance gaps per 100 vendors, per the RIMS 2025 Vendor Management Survey. Manual-only tracking misses 15% of required updates.

Vendor Insurance Requirements Benchmarks

Common Errors Agencies Make with Vendor Requirements

Accepting certificates as proof of endorsements. A certificate states what the vendor's agent believes the policy contains. It is not a guarantee of coverage. The endorsement language in the actual policy document controls. For critical requirements like additional insured and primary/non-contributory, request copies of the actual endorsements.

Using generic requirements for all vendors. A landscaper and a technology firm with database access require different coverage types and limits. Generic requirements either underprotect for high-risk vendors or create unnecessary burden for low-risk ones.

Not updating requirements when contracts change. When a vendor's scope of work expands, their insurance requirements should expand with it. A vendor originally hired for light cleaning who now manages IT infrastructure should carry cyber coverage.

Approving certificates without checking endorsements. The most common mistake in vendor compliance is approving certificates that list the right coverage types but lack the endorsements the contract requires. Build endorsement verification into your standard review checklist.

Relying on vendors to self-report coverage changes. Vendors do not proactively notify customers when their coverage lapses, limits decrease, or required endorsements are removed. Active tracking is the only way to catch changes.

Technology for Vendor Insurance Tracking

Manual spreadsheet tracking works for agencies managing fewer than 25 vendors. Above that volume, the error rate and time cost justify dedicated tracking software.

Features to prioritize:

• Automated expiration reminders sent to vendors and internal staff
• Certificate requirement templates by vendor tier
• Compliance dashboards showing percentage of vendors in good standing
• Integration with your AMS for commercial clients managing large vendor programs
• Audit trail documentation for every certificate review and approval

Automated tracking systems cut compliance management time by 75% to 80% compared to manual methods. For a commercial client managing 200 vendors, that translates to 6 to 8 hours per week of staff time recaptured.

Advising Clients on Vendor Requirements: The Agency Opportunity

Most commercial clients set vendor insurance requirements based on what they have always done, not on current risk standards. This creates an advisory opportunity for agents who understand coverage gaps.

Schedule annual vendor compliance reviews with your commercial accounts. Review their requirements against current standards. Identify vendors that have grown into higher-risk roles without updated coverage requirements.

Agencies that provide proactive vendor compliance advisory services retain commercial clients at rates 12 to 15 percentage points higher than agencies that process certificates reactively, per BrokerageAudit analysis of 2025 client data.

This is a service commercial clients value but rarely receive from their current agent.

Frequently Asked Questions

What insurance should I require from contractors?

For general contractors performing work on commercial premises, require at minimum: commercial general liability with $1M per occurrence and $2M aggregate, workers compensation meeting state minimums, commercial auto at $1,000,000 CSL if vehicles are used, and umbrella liability at $1M to $5M depending on project scope. Add the contracting business as an additional insured on a blanket additional insured endorsement, and require primary and non-contributory language and a waiver of subrogation. Higher-risk projects (occupied buildings, demolition, work near utilities) warrant higher limits.

Does a certificate of insurance prove coverage exists?

No. A certificate of insurance is a summary document that reflects the vendor's agent's understanding of the policy at the time of issuance. It does not guarantee coverage exists or that specific endorsements are in place. For critical contract requirements like additional insured, primary/non-contributory, and waiver of subrogation, request copies of the actual endorsements from the vendor's policy. Certificates are a starting point for compliance review, not the endpoint.

How often should vendor certificates be updated?

Collect new certificates at every policy renewal (typically annually) and whenever contract terms change. Do not rely on vendors to send renewals proactively. Build a tracking system that sends automated requests 60 days before each certificate expires. Run a full compliance audit quarterly to catch any gaps between renewals.

What happens if a vendor has inadequate insurance when a claim occurs?

If a vendor's coverage is inadequate for a claim arising from their work, the contracting business may face uncovered liability. The contracting business's own CGL policy may respond, but the contracting business then bears the cost through experience modification increases. If the agency reviewed and approved a non-compliant certificate, there is potential E&O exposure for the agency. Proper vendor compliance programs protect all parties from this outcome.

What is blanket additional insured coverage?

A blanket additional insured endorsement extends additional insured status to any person or organization that the named insured has agreed in a written contract to include as an additional insured. It is more efficient than scheduled endorsements because it does not require individual endorsements for each contracting relationship. Verify the blanket endorsement includes ongoing operations coverage, not just completed operations. Some blanket endorsements are narrower than the contract requires.

How do waiver of subrogation requirements affect vendor coverage?

A waiver of subrogation prevents the vendor's insurer from pursuing recovery from the contracting business after paying a claim. Without this waiver, your client could pay for a claim involving a vendor, then get sued by the vendor's carrier seeking reimbursement. The waiver must be endorsed on the vendor's policy before a loss occurs. Waivers cannot be added retroactively after a claim is reported. Verify waiver endorsements are in place as part of every certificate review.

---

See how BrokerageAudit tracks vendor certificates automatically for your commercial clients

Written by Javier Sanz, Founder of BrokerageAudit. Last updated April 2026.