Guide
How to Collect COIs Before Vendor Go-Live
By Keelstar Team · Updated July 11, 2026
The short answer
Collect certificates of insurance before vendor go-live by making COI approval a mandatory gate in onboarding — same priority as W-9 and banking — not a post-mobilization cleanup task. Send insurance requirements at contract signing, review the ACORD 25 against your checklist before scheduling orientation or issuing site badges, and hold go-live until every required policy line passes. Construction supers should not mobilize subs without compliance clearance; property managers should not enable keys or access codes for maintenance vendors without current GL and workers comp; healthcare teams should block EHR interface work until vendor insurance is verified. Vendors who start work without approved COIs create stop-work risk, indemnity exposure, and audit findings that outlast the project.
Define go-live and what it requires
Go-live means the vendor's first day of physical access, system connectivity, or service delivery on your behalf. Document that COI approval is a prerequisite in your vendor policy and contract insurance exhibit. Ambiguous policy lets project managers create uninsured exposure under schedule pressure.
Build COI into vendor onboarding workflow
Parallel-path COI collection with tax and banking: requirements sent at setup, certificate reviewed within SLA, deficiencies returned to broker before approval. Vendor status should read 'insurance approved' or 'blocked' — not 'in progress' indefinitely.
- COI request sent at vendor record creation
- Review checklist completed by risk or designee
- Deficiencies cleared with broker
- Approval flag visible to site access and AP
Coordinate with construction mobilization
General contractors should include COI clearance in subcontractor orientation checklists alongside safety training and signed subcontracts. Subs who arrive on site without approved certificates delay the entire job when compliance officers stop work.
Property and healthcare access controls
Facility managers issuing badges, elevator keys, or after-hours access must verify COI status in the vendor system — not verbal assurance from the vendor rep. Healthcare compliance committees increasingly audit go-live evidence for business associates and on-site service providers.
Exception process for emergencies
Emergency repairs happen — burst pipes, HVAC failures, security incidents. Define a narrow exception path: risk approval, temporary coverage verification, hard deadline for full certificate, and documented incident reference. Do not let emergency exceptions become standard practice.
Measure go-live compliance
Track percentage of vendors with approved COI before first site day and average days from request to approval. Spikes in post-mobilization submissions signal procurement bypassing the gate — fix the workflow before an incident or audit.
Frequently asked questions
- Can we allow a vendor to start while COI is pending?
- Some teams allow it with an exception form — high risk on construction and healthcare sites. Best practice is no physical access until COI passes review. Exception policies should require risk management approval.
- What if the project schedule is urgent?
- Urgent schedules are when pre-collection matters most. Rush broker requests with complete requirements often return in 24–48 hours. Starting work uninsured to save two days is a poor trade.
- Who owns the go-live gate — procurement or operations?
- Shared ownership: procurement triggers collection, risk or compliance approves, operations controls site access. The gate should be visible in one system so supers and facility managers do not override silently.
- Do product-only vendors need COI before go-live?
- If they never enter your premises, requirements may differ. If they deliver to site, perform installation, or access systems, collect COI before that first visit — not after.
Related guides
Put this into a monitored workflow
COI Tracker handles this continuously — with reminders and an audit trail.