COI collection has three mandatory triggers and several situational ones. Miss any of the mandatory triggers, and you have a gap in your compliance documentation. Miss the situational ones, and you may have a gap in your actual coverage.
The short answer: at contract execution, at every annual policy renewal, and any time coverage requirements change. Everything else is situational but important to know.
The Three Mandatory Collection Triggers
The Three Mandatory Collection Triggers
Trigger 1: Contract Execution
Before any vendor begins work - and before any tenant takes occupancy - you should have a compliant COI in hand. "We'll get the insurance certificate after we start" is a compliance failure. An incident on day one of a vendor relationship with no COI on file is an entirely avoidable legal and financial exposure.
Collect the COI before the work begins. Period.
Trigger 2: Policy Renewal
Most commercial insurance policies run on annual cycles. When a vendor's policy renews, a new certificate reflecting the renewed policy should be issued. The old certificate, reflecting the prior policy period, is no longer current.
This is the most commonly missed collection trigger. Vendors renew their policies automatically but don't automatically send updated certificates to all certificate holders. If you're not proactively requesting renewal certificates, your records will drift out of date within 12-24 months.
Best practice: track policy expiration dates and send renewal requests 60 days before expiration. Follow up at 30 days if no response. Escalate at 14 days.
Trigger 3: Coverage Requirement Changes
When your contract with a vendor is amended, renewed, or replaced - particularly when insurance requirements change - collect a new COI against the updated requirements. A COI that was compliant under the old contract terms may not satisfy the new ones.
Situational Collection Triggers
Beyond the mandatory three, collect or verify COIs when:
- Scope of work changes significantly - a vendor whose original work was low-risk takes on higher-risk activities
- A claim or incident occurs - verify current coverage immediately and document the status
- You add a new entity - if your organization structure changes (new LLC, merger), ensure your entities are correctly named on existing COIs
- A vendor changes insurers - a carrier change often triggers a new policy and new certificate
- Vendor reports a significant business change - layoffs, acquisition, new lines of business may affect coverage adequacy
Why Annual Isn't Always Enough
Annual collection aligned to policy renewals is the minimum, not the maximum. Some situations require more frequent attention:
Short-term vendors. For vendors engaged for 30-90 day projects, the standard annual cycle may span multiple vendors with different renewal dates. Track by project, not just by calendar year.
High-risk vendors. Vendors performing hazardous work, working with your customers directly, or whose incidents would create significant exposure warrant tighter monitoring.
Vendors with coverage history issues. If a vendor has previously submitted non-compliant COIs or has a history of lapses, increase monitoring frequency.
The Common Failure Mode: Calendar-Year vs Policy-Year Mismatch
Many organizations implement a COI collection schedule based on the calendar year - January collection drives, annual renewals in Q1. The problem: vendor policies don't all renew on January 1.
A vendor whose policy runs March-March won't trigger your January collection. By December, their March COI is 9 months old. If their policy changed at the March renewal, your record reflects the prior policy year.
The fix is tracking by policy expiration date, not by calendar year. Each vendor's renewal trigger is their specific policy expiration, not a calendar-year event.
COI Collection Calendar - Best Practice:
- Upon contract execution: collect before work begins
- 60 days before policy expiration: send renewal request
- 30 days before expiration: follow up if no response
- 14 days before expiration: escalate to supervisor or account manager
- Day of expiration without renewal: pause vendor work pending receipt
- Upon receipt of renewal COI: verify against current contract requirements
How Many COIs Is "Enough"?
There's no universally correct number of COIs on file per vendor - but you should have at minimum:
- One current COI per active contract relationship
- For longer vendor relationships, a historical record going back to the contract term (for audit purposes)
Many organizations require a fresh COI at every major project milestone for high-risk construction or service contracts.
Automating Collection Frequency
Manual tracking of per-vendor renewal dates across dozens or hundreds of relationships is operationally difficult. The practical solution is automated tracking software that:
- Records each vendor's specific policy expiration date (not just the COI date)
- Sends automated reminders at configured intervals before expiration
- Escalates unresponsive vendors through defined workflows
- Verifies that renewal COIs meet current contract requirements - not just that they're current
This eliminates the calendar-vs-policy mismatch problem and ensures collection happens at the right frequency for every vendor, not just the ones whose renewals are easiest to remember.
Related Resources
- How to Request a COI from a Vendor
- Risks of Expired Certificate of Insurance
- What Happens If a Vendor's Insurance Lapses
- Who Is Responsible for Verifying Contractor Insurance
Bramble tracks every vendor's policy expiration date and sends automated renewal requests on your behalf - so COI collection happens on schedule, not after lapses are discovered. Book a demo at getbramble.com.