How to Read a Certificate of Insurance: Step-by-Step

You just received a Certificate of Insurance from a vendor. It is a single page packed with abbreviations, dollar figures, dates, and checkboxes. Where do you start? What should you look for? And how do you know if the vendor is actually compliant with your requirements?

This guide walks you through reading a COI from top to bottom, explaining what every section means and what red flags to watch for.

Before You Start: Know Your Requirements

Before opening the certificate, you need to know what "compliant" looks like. Pull up the insurance requirements from your contract with this vendor. At minimum, you should know:

• Which coverage types are required (General Liability, Auto, Workers' Comp, Umbrella)
• The minimum limits for each coverage type
• Whether Additional Insured status is required
• Whether Waiver of Subrogation is required
• Whether Primary and Non-Contributory status is required
• The correct certificate holder name and address

Without this baseline, you are just looking at a document — you are not actually verifying compliance.

Step 1: Check the Issue Date

Look at the top of the form for the DATE field. This is when the certificate was generated. A certificate that is several months old may not reflect the current state of the insured's coverage. Policies can be cancelled, limits can change, and endorsements can be removed at any renewal.

Best practice: accept certificates dated within the last 30 days. If the certificate is older, request a fresh one.

Step 2: Identify the Producer

The Producer section (upper left) shows the insurance agent or broker who issued the certificate. Note the agency name, phone number, and contact person. You will need this information if you need to verify the certificate's authenticity or request corrections.

A certificate without a recognizable producer, or with contact information that does not check out, is a red flag. Fraudulent certificates exist, and the producer section is your first line of defense.

Step 3: Verify the Insured Name

The Insured section shows the business that holds the insurance policies. This must match the legal entity name on your contract.

Watch for these common discrepancies:

• DBA names: The certificate shows "Mike's Plumbing" but your contract is with "Michael Johnson Plumbing Services LLC"
• Parent vs. subsidiary: The certificate names "ABC Holdings Inc." but you hired "ABC Mechanical LLC," a subsidiary
• Missing entity designations: The certificate says "Smith Construction" but the legal name is "Smith Construction, Inc."

If the name does not match, do not assume it is close enough. Request clarification from the vendor or their producer. In a claims scenario, an insurer may argue that the Additional Insured endorsement does not apply because the entity names do not match.

Step 4: Review the Insurers

The Insurers Affording Coverage section lists the insurance companies (carriers) behind the policies on the certificate. Each is assigned a letter (A through F) that corresponds to the coverage rows below.

For each insurer, check:

• NAIC Number: This five-digit code identifies the insurer in the National Association of Insurance Commissioners database. Use it to look up the insurer's financial strength rating and state licensing status.
• Financial strength: Most compliance programs require a minimum AM Best rating of A- (Excellent) with a Financial Size Category of VII or higher. An insurer with a poor rating may not have the financial resources to pay claims.
• State authorization: Verify the insurer is admitted (licensed) to write insurance in the state where the work is being performed. Non-admitted (surplus lines) carriers are legal in many situations but offer fewer regulatory protections.

Step 5: Examine Each Coverage Row

The heart of the certificate is the coverage grid. Work through each row systematically.

General Liability

• Coverage trigger: Is it Occurrence or Claims-Made? Occurrence is standard and preferred for most situations. Claims-Made policies have gaps if the vendor changes carriers or lets the policy lapse.
• Each Occurrence limit: Compare against your requirement. The industry standard minimum is $1,000,000.
• General Aggregate limit: The total available for all claims during the policy period. Standard is $2,000,000.
• Products-Completed Operations Aggregate: Important for construction — covers claims that arise after work is finished. Standard is $2,000,000.
• Aggregate applies per: Look for the Project checkbox if you need per-project aggregates.
• Effective and expiration dates: Both must be current. An expired General Liability policy means no coverage.

Automobile Liability

• Covered autos: "Any Auto" provides the broadest coverage. If specific categories are checked (Owned, Hired, Non-Owned), make sure the combination covers how the vendor actually uses vehicles.
• Combined Single Limit: Compare against your requirement. Standard minimum is $1,000,000.
• Dates: Confirm the auto policy is current.

Umbrella/Excess Liability

• Each Occurrence and Aggregate limits: Add these to the underlying limits for total available coverage. If you require $5,000,000 total and the vendor has $1M GL + $4M Umbrella, the total is $5M.
• Self-Insured Retention (SIR): Flag any retention above $10,000-$25,000 for review. A high SIR means the vendor pays out of pocket before the umbrella responds.
• Dates: Confirm the umbrella policy is current.

Workers' Compensation

• Per Statute: This checkbox must be marked, indicating the policy provides benefits as required by state law.
• Employers' Liability limits: E.L. Each Accident, E.L. Disease-Each Employee, and E.L. Disease-Policy Limit. Compare against your requirements.
• Excluded officers/members: If the "Excluded" box is checked, ask which individuals are excluded and whether any of them will perform work on your property.
• Dates: Confirm the Workers' Comp policy is current.

Step 6: Read the Description of Operations

This free-text section is where critical compliance details live — or where they are conspicuously absent. Read every word.

Look for these provisions:

Additional Insured language. The Description should explicitly state that the certificate holder is named as Additional Insured on the relevant policies. Look for references to specific endorsement forms:

• CG 20 10 (Additional Insured — Owners, Lessees or Contractors, Ongoing Operations)
• CG 20 37 (Additional Insured — Owners, Lessees or Contractors, Completed Operations)

Waiver of Subrogation. Language stating that the insured's carriers waive their right of subrogation against the certificate holder. Without this endorsement, if the insured's carrier pays a claim, it can turn around and sue you to recover the payment.

Primary and Non-Contributory. Language stating that the insured's coverage is primary and will not seek contribution from the certificate holder's own insurance. Without this, both policies could be called upon to share the loss.

Project or contract references. The Description should identify the specific project, property, or contract number. If it is blank or generic ("For informational purposes only"), the endorsements may not apply to your specific project.

Step 7: Verify the Certificate Holder

The Certificate Holder section should show your organization's correct legal name and address. Check for:

• Correct legal entity name (including LLC, Inc., LP, etc.)
• Correct address
• Correct spelling of everything

A certificate holder name that does not match your legal entity could create issues if you need to make a claim under the vendor's policy. Insurers look for exact matches.

Step 8: Check the Authorized Signature

The certificate should be signed by the producer's authorized representative. An unsigned certificate is technically incomplete. While many certificates are now generated electronically and may not have a traditional wet signature, there should be some indication that an authorized person issued the document.

Common Pitfalls

Pitfall 1: Expired Policies Hidden Among Active Ones

A certificate can show four coverage lines where three are current and one expired last month. If you only glance at the first date, you might miss the gap. Check every single expiration date individually.

Pitfall 2: Wrong Certificate Holder Name

Your contract is with "Westfield Properties LLC" but the certificate holder says "Westfield Properties." The missing "LLC" might not matter in practice, but it creates unnecessary ambiguity. Request correction.

Pitfall 3: Missing Endorsements Despite Description Language

The Description of Operations says "Additional Insured per CG 20 10" — but does the actual policy have that endorsement? The certificate itself cannot modify the policy. If you have any doubt, request copies of the actual endorsement pages.

Pitfall 4: Insufficient Umbrella Limits

A vendor with $1M in General Liability might look compliant if your GL requirement is $1M. But if you also require $5M total coverage and there is no Umbrella policy, the vendor falls $4M short. Always check total available coverage (primary + umbrella).

Pitfall 5: Claims-Made Coverage Without Tail

A vendor with claims-made General Liability provides coverage only for claims reported during the policy period. If the vendor changes carriers next year, claims from this year's work may have no coverage. If you must accept claims-made coverage, require evidence of an extended reporting period (tail) provision.

Pitfall 6: No Workers' Comp on a Certificate for Labor-Intensive Work

If a vendor is sending employees to your property and the certificate does not include Workers' Compensation, you have a significant exposure. In most states, if the vendor's employee is injured on your property and the vendor has no Workers' Comp, you may be considered the statutory employer and liable for benefits.

Putting It All Together

Here is a summary checklist you can use for every certificate review:

1. Issue date is within the last 30 days
2. Producer information is complete and verifiable
3. Insured name matches the contracted entity
4. All insurers have valid NAIC numbers and acceptable ratings
5. Every required coverage type is present
6. Every limit meets or exceeds your requirements
7. All policies are currently active (check every expiration date)
8. General Liability is occurrence-based (or claims-made is acceptable per your policy)
9. Aggregate basis is appropriate (per-project if required)
10. Description of Operations includes all required endorsement language
11. Certificate Holder name and address are correct
12. Certificate is signed by an authorized representative

If any item fails, the certificate is non-compliant. Document the specific deficiency and request a corrected certificate from the vendor.

When Manual Review Is Not Enough

For organizations managing dozens or hundreds of vendors, manual certificate review does not scale. Each certificate has 20+ data points to verify, and each vendor relationship requires ongoing monitoring as policies expire and renew.

AI-powered COI verification platforms extract every field from the certificate, apply your specific compliance rules automatically, and flag deficiencies in seconds. The human reviewer shifts from reading certificates to reviewing exceptions — a far more efficient use of expertise.

Whether you review certificates manually or with AI assistance, the fundamentals are the same. Know your requirements. Read every section. Verify every field. And never assume compliance — confirm it.