COI & Insurance Compliance Tracker — Coverage Gate Matrix
Framework: Coverage Gate Matrix Price: $29 Category: Productivity / Compliance Tags: COI, insurance, compliance, vendor management, risk, certificates of insurance last_validated: 2026-03-03
What This Is
The Coverage Gate Matrix is a four-phase system for managing vendor certificates of insurance (COIs) from collection through remediation. It tells you exactly what to collect, how much coverage to require, when to follow up, and what to do when a vendor falls out of compliance.
Problem it solves: Most ops teams manage COIs reactively — they chase documents after something goes wrong, or realize a vendor's coverage expired months ago. The Coverage Gate Matrix closes that gap by turning COI management into a proactive, scored system with clear triggers and actions.
Output: A complete COI compliance registry with current status for every vendor, coverage scores, expiration alerts, and documented remediation actions.
The Coverage Gate Matrix Framework
The system runs across four sequential phases:
PHASE 1: COLLECT
What to get, from whom, by when
↓
PHASE 2: VALIDATE
Does coverage meet minimums? Is it current?
↓
PHASE 3: SCORE
Compliance score 0-100 per vendor
↓
PHASE 4: REMEDIATE
Action based on score and gap type
↓
COMPLIANT ✓ or ESCALATED ⚠️
PHASE 1: COLLECT
1.1 — What to Collect (Universal Requirements)
Every vendor, regardless of category, must provide:
- Certificate of Insurance (ACORD 25 form) — the standard COI document
- Additional insured endorsement naming your organization (required for all vendors with physical access or service delivery liability)
- Primary and non-contributory endorsement (for vendors with significant liability exposure)
- Waiver of subrogation (for construction, facilities, and high-risk service vendors)
1.2 — Coverage Minimums by Vendor Category
Technology / SaaS / Software Vendors
| Coverage Type | Minimum Required |
|---|---|
| General Liability | $1M per occurrence / $2M aggregate |
| Professional Liability / E&O | $1M per occurrence |
| Cyber Liability | $1M per occurrence (required if handling data) |
| Workers' Compensation | Statutory limits |
Professional Services (Consulting, Staffing, Legal, Accounting)
| Coverage Type | Minimum Required |
|---|---|
| General Liability | $1M per occurrence / $2M aggregate |
| Professional Liability / E&O | $2M per occurrence |
| Workers' Compensation | Statutory limits |
| Umbrella / Excess Liability | $2M (for spend >$100K) |
Facilities / Construction / Contractors
| Coverage Type | Minimum Required |
|---|---|
| General Liability | $2M per occurrence / $4M aggregate |
| Workers' Compensation | Statutory limits |
| Employer's Liability | $500K per accident |
| Auto Liability | $1M combined single limit |
| Umbrella / Excess Liability | $5M (for projects >$500K) |
| Builder's Risk / Installation Floater | Project value (for construction) |
Logistics / Shipping / Transportation
| Coverage Type | Minimum Required |
|---|---|
| General Liability | $1M per occurrence |
| Auto Liability | $1M per occurrence |
| Cargo Insurance | $500K per shipment (adjust to actual shipment value) |
| Workers' Compensation | Statutory limits |
Marketing / Creative / Events
| Coverage Type | Minimum Required |
|---|---|
| General Liability | $1M per occurrence / $2M aggregate |
| Professional Liability | $1M per occurrence |
| Media Liability | $1M (for agencies managing public content) |
| Workers' Compensation | Statutory limits (if they have employees) |
Low-Risk Vendors (Pure SaaS, subscriptions, no on-site work)
| Coverage Type | Minimum Required |
|---|---|
| General Liability | $500K per occurrence |
| Professional Liability | $500K per occurrence |
| Cyber Liability | $500K (if any data processed) |
1.3 — Additional Insured Requirements
Your organization name on the COI must be exact. Confirm the COI reads:
"[Your Legal Entity Name], its officers, directors, employees, and agents are included as additional insured"
If the name is wrong, request a corrected certificate before accepting.
1.4 — Collection Cadence
| Trigger | Action |
|---|---|
| New vendor onboarding | Request COI at Gate 2 (before activation) |
| Annual renewal (for active vendors) | Request 60 days before current COI expires |
| Policy renewal noticed | Request updated COI within 5 business days |
| Vendor adds new service type | Request updated COI reflecting new scope |
| After a claim or incident | Request updated COI confirming coverage remains active |
PHASE 2: VALIDATE
2.1 — COI Validation Checklist
When a COI is received, run this 10-point validation:
Identity Verification
- Insured name matches vendor legal entity name exactly
- Insurer is licensed to operate in your state (check state insurance department lookup)
- Certificate holder name is correct (your organization's exact legal name)
Coverage Verification
- All required coverage types are listed
- Per-occurrence limits meet category minimums
- Aggregate limits meet category minimums
- Policy effective dates are current (not expired)
- Policy expiration date is at least 30 days in the future
Endorsements
- Additional insured endorsement attached and correct
- Waiver of subrogation included (if required for this vendor category)
- Primary and non-contributory language included (if required)
2.2 — Common COI Red Flags
Flag any COI that shows:
| Red Flag | Action |
|---|---|
| Expiration within 30 days | Request renewal immediately — activate Phase 4 |
| Limits below category minimum | Vendor must increase coverage — hold or conditional approval |
| Insurer not admitted in your state | Confirm surplus lines filing or reject |
| Additional insured not correctly named | Request corrected certificate |
| Coverage type missing | Vendor must add coverage before activation |
| Dates don't match policy period | Verify with insurer or request binder |
| Certificate holder blank or wrong | Request corrected certificate |
| "Sample" or "for information only" stamp | Reject — request actual current certificate |
2.3 — Verification Best Practices
For high-value vendors (>$100K annual spend) or high-risk categories:
- Contact the insurer directly to verify coverage is active (call the agency listed on the ACORD form)
- Request a binder rather than a certificate for construction or major project starts
- Add an endorsement verification step — request the actual endorsement pages, not just the summary certificate
PHASE 3: SCORE
3.1 — Vendor Compliance Score (0-100)
Score each vendor across five dimensions. Update scores quarterly and whenever a new COI is received.
Scoring Dimensions
Dimension 1: Coverage Completeness (25 points)
- All required coverage types present: 25 pts
- Missing 1 coverage type: 15 pts
- Missing 2 coverage types: 5 pts
- Missing 3+ coverage types: 0 pts
Dimension 2: Coverage Adequacy (25 points)
- All limits meet or exceed minimums: 25 pts
- 1-2 limits below minimum (minor gap <20%): 15 pts
- 1-2 limits below minimum (major gap >20%): 5 pts
- 3+ limits below minimum: 0 pts
Dimension 3: Policy Currency (20 points)
- Policy active, not expiring within 90 days: 20 pts
- Policy active, expiring in 60-90 days: 15 pts
- Policy active, expiring in 30-60 days: 8 pts
- Policy active, expiring within 30 days: 2 pts
- Policy expired: 0 pts
Dimension 4: Documentation Quality (15 points)
- All required endorsements present and correct: 15 pts
- Missing 1 endorsement: 10 pts
- Missing 2 endorsements: 5 pts
- Missing 3+ endorsements or certificate holder wrong: 0 pts
Dimension 5: Response Compliance (15 points)
- Submitted on first request, within 5 days: 15 pts
- Submitted within 10 days: 10 pts
- Required 1 follow-up, submitted within 15 days: 5 pts
- Required 2+ follow-ups or more than 15 days: 0 pts
Score Calculation
Total Score = D1 + D2 + D3 + D4 + D5
Max possible: 100 points
3.2 — Compliance Tier Classification
| Score Range | Tier | Status |
|---|---|---|
| 85-100 | 🟢 Green — Compliant | No action required |
| 70-84 | 🟡 Yellow — Attention | Minor gaps, monitor closely |
| 50-69 | 🟠 Orange — At Risk | Active remediation required |
| Below 50 | 🔴 Red — Non-Compliant | Work pause or hold recommended |
PHASE 4: REMEDIATE
4.1 — Remediation Actions by Tier
🟢 Green (85-100): No Action
- Log score in tracker
- Set next review date (90 days or at COI expiration, whichever comes first)
- Send acknowledgment to vendor if they improved from prior review
🟡 Yellow (70-84): Monitor & Notify
- Log score and specific gaps
- Send Gap Notice to vendor (Template A below)
- Set 30-day follow-up reminder
- Escalate if not resolved within 30 days
🟠 Orange (50-69): Active Remediation
- Log score and all gaps
- Send Remediation Required notice (Template B below)
- Notify internal owner of vendor relationship
- Give vendor 15 business days to resolve
- If spend is high: consider conditional hold on new purchase orders
- Escalate to manager if not resolved
🔴 Red (Below 50): Non-Compliant Hold
- Immediately notify internal vendor owner and manager
- Send Non-Compliance Notice (Template C below)
- Place hold on new purchase orders until resolved
- Give vendor 10 business days to resolve or escalate
- If coverage is expired: recommend immediate work stoppage for high-risk vendor categories
- Document in vendor record for risk history
4.2 — Communication Templates
Template A — Gap Notice (Yellow Tier)
Subject: Action Required: Insurance Certificate Update — [Vendor Name]
Hi [Contact Name],
During our routine review of your insurance documentation, we identified the following items that require your attention:
GAPS IDENTIFIED:
[ ] [Specific gap 1 — e.g., "Professional liability limit is $500K; our minimum is $1M"]
[ ] [Specific gap 2]
Please provide updated documentation addressing these items by [DATE — 30 days].
If you've already renewed or updated your coverage, please send the new certificate to [email].
Questions? Contact [Your Name] at [email/phone].
[Your Name]
[Your Company] Operations
Template B — Remediation Required (Orange Tier)
Subject: IMPORTANT: Insurance Compliance Issue — [Vendor Name] — Action Required by [DATE]
Hi [Contact Name],
Our compliance review has identified significant gaps in your current insurance documentation that require immediate attention.
ISSUES REQUIRING RESOLUTION:
1. [Issue — e.g., "General liability aggregate limit ($1M) is below our $2M minimum"]
2. [Issue]
3. [Issue]
We need updated certificates of insurance addressing all items above by [DATE — 15 business days].
IMPORTANT: Until these items are resolved, we may need to place a hold on new purchase orders. Our goal is to work through this quickly so there's no disruption to our relationship.
Please contact us immediately to discuss a resolution timeline.
[Your Name]
[Your Company] Operations | [phone]
Template C — Non-Compliance Notice (Red Tier)
Subject: URGENT: Insurance Non-Compliance — [Vendor Name] — Immediate Action Required
Hi [Contact Name] and [Senior Contact at Vendor],
[Vendor Name]'s insurance coverage has fallen into non-compliance with our vendor requirements. We need to resolve this immediately.
NON-COMPLIANCE ISSUES:
1. [Issue — e.g., "General liability coverage expired [DATE]"]
2. [Issue]
REQUIRED ACTIONS:
1. Confirm in writing within 24 hours whether coverage is being reinstated
2. Provide updated certificates within 10 business days
IMPACT: We have placed a hold on new purchase orders pending resolution. [For high-risk categories: We also need to pause work in [specific area] until coverage is confirmed.]
We value our relationship with [Vendor Name] and want to resolve this quickly. Please contact me directly.
[Your Name], [Title]
[Your Company] | [direct phone]
CC: [Internal vendor owner], [Finance/Legal if applicable]
4.3 — Escalation Ladder
If vendor does not respond within defined timelines:
| Day | Action |
|---|---|
| Day 1 | Send appropriate template (A, B, or C) |
| Day 5 | If no response: send follow-up to same contact + CC vendor's senior contact |
| Day 10 | If still no response: internal escalation to your manager + legal review |
| Day 15 | If still no response: formal non-compliance notice with contract language cite |
| Day 20 | Contract review — consider cure notice or termination for cause language |
COI Registry Setup
Required Fields in Your COI Tracker
Maintain these fields for each vendor COI:
| Field | Notes |
|---|---|
| Vendor ID | Links to vendor master |
| Vendor Name | Legal entity |
| COI Document # | Track multiple versions |
| Date Received | |
| Policy Period Start | |
| Policy Period End | Sort by this for expiration management |
| Insurer Name | |
| Insurer AM Best Rating | A- or better recommended |
| GL Per Occurrence | |
| GL Aggregate | |
| Professional Liability | |
| Cyber Liability | |
| Workers Comp | Y/N + statutory |
| Auto Liability | If applicable |
| Additional Insured | Y/N + correct name confirmed |
| Waiver of Subrogation | Y/N |
| Current Compliance Score | 0-100 |
| Compliance Tier | Green/Yellow/Orange/Red |
| Last Review Date | |
| Next Review Date | 90 days out or at expiration |
| Gaps Identified | Free text |
| Remediation Status | Open/In Progress/Resolved |
Alert Calendar Setup
Create these calendar alerts for every COI:
- 90 days before expiration: "COI Renewal Request Due — [Vendor Name]"
- 60 days before expiration: "COI Renewal Follow-Up — [Vendor Name]"
- 30 days before expiration: "URGENT: COI Expiring — [Vendor Name]"
- Day of expiration: "COI EXPIRED — [Vendor Name] — HOLD NEW POs"
Expected Outputs
After implementing Coverage Gate Matrix, you will have:
- ✅ A complete COI registry with current status for every vendor
- ✅ Standardized coverage minimums by vendor category
- ✅ Compliance scores for every vendor (0-100)
- ✅ Automated alerts for upcoming expirations
- ✅ Documented remediation actions for any non-compliant vendors
- ✅ A 30-day improvement plan for vendors in Orange/Red tiers
- ✅ Audit trail for all compliance reviews and communications
Time savings (typical): 2-4 hours/week for a team managing 20+ vendors. Hours increase at scale — the system doesn't.
Coverage Gate Matrix — Part of the Vendor & Compliance Operations Pack by Remy Claw More at remyclaw.com | @Remy_Claw on X