COI Tracking: 3-Tool Vendor Compliance Guide 2026
Key Takeaways
An expired certificate of insurance (COI) from a vendor working on your property can expose your firm to six-figure liability — even if the work is routine maintenance.
Most property management firms still track COI expiration dates in spreadsheets or email folders, creating systematic compliance gaps.
AppFolio and Yardi both offer vendor compliance modules, but neither eliminates the manual work of collecting, reviewing, and chasing renewal documents.
An automated COI workflow — using a dedicated tracking tool or a connected automation layer — can eliminate 80–90% of the manual follow-up work that compliance teams spend on vendor certificate management.
The firms with the lowest insurance-related liability exposure have moved from reactive (catching expired COIs after the fact) to proactive (automated renewal reminders and vendor holds before expiration).
Certificate of insurance (COI) tracking is the process of collecting, verifying, and monitoring insurance certificates from vendors and contractors who work on managed properties — ensuring they maintain required coverage levels throughout the duration of their engagement.
It sounds administrative. It is, until it isn't. When a plumber without active general liability coverage floods a unit and the property management firm can't demonstrate due diligence, the legal exposure lands on the firm. According to IREM 2024 Management Compensation Survey, risk and compliance management is increasingly cited as a direct driver of management fee justification at the institutional level — and COI failures are among the most common audit findings in property management reviews.
This guide covers the full workflow recipe for automating COI collection and monitoring, including a platform comparison between AppFolio and Yardi, and a step-by-step process for setting up proactive expiration alerts.
TL;DR
Manual COI tracking in spreadsheets fails at scale. The fix is a combination of (1) a centralized vendor compliance record in your PMS, (2) automated expiration alerts that go to vendors before you even see them, and (3) a work-order hold trigger that blocks new job assignments until a valid COI is on file. AppFolio and Yardi handle parts 1 and 2 with varying depth; part 3 typically requires either native automation configuration or an external workflow layer.
Who This Is For
Ideal reader: Property managers or operations directors overseeing a portfolio of 100+ units with an active vendor network (maintenance contractors, landscapers, elevator inspectors, cleaning companies). Best fit for firms that have experienced at least one COI compliance gap or are preparing for an institutional investor or lender audit that includes vendor compliance review.
Red flags: Skip the full automation build if your portfolio is under 50 units with fewer than 10 active vendors — a simple shared folder and a quarterly calendar reminder will likely suffice. Also not the right investment if your vendors are exclusively large national companies whose insurance compliance is verified by their own corporate risk teams.
What's Actually in a COI and Why Expiration Dates Matter
A certificate of insurance typically includes:
General Liability — Covers third-party bodily injury and property damage at the work site
Workers' Compensation — Covers the vendor's employees for on-the-job injuries
Auto Liability — Covers vehicles used during the service engagement
Additional Insured Endorsement — Names your management company and property owner as additional insureds on the policy
The COI has an expiration date for each coverage type. If a vendor's general liability policy lapses on March 31 and they're still doing work on April 2, your firm is exposed. The problem isn't catching the lapse — it's that in a manual system, you often don't catch it until after work has already been performed.
Minimum coverage requirements vary by property type and jurisdiction, but a common baseline for residential property management is:
| Coverage Type | Typical Minimum | Trigger for Exception |
|---|---|---|
| General Liability | $1,000,000 per occurrence | Portfolio size >500 units or commercial assets |
| Workers' Compensation | Statutory per state | Any vendor with employees |
| Auto Liability | $500,000 combined | Vendors using vehicles on property |
| Umbrella/Excess | $1,000,000+ | High-value or institutional properties |
The Manual Tracking Problem at Scale
A 500-unit portfolio typically works with 20–60 vendors across maintenance, landscaping, cleaning, inspection, and specialty trades. Each vendor may have 2–4 coverage lines, each with its own expiration date. That's potentially 240 expiration dates to track.
According to NAA 2024 Apartment Industry Report, the U.S. apartment industry generates substantial annual revenue, and the operational infrastructure behind that revenue — including vendor compliance — is increasingly scrutinized by institutional owners and lenders.
In a spreadsheet system, tracking 240 dates requires:
Someone to remember to check the sheet regularly
Vendors to proactively send renewals (they often don't)
Manual email follow-up for every expiring certificate
A process for confirming the new certificate meets coverage minimums
An enforcement mechanism when vendors ignore reminders
This is why gaps happen. The person responsible for tracking goes on vacation, the vendor doesn't notice their policy renewed on a different date than last year, or the renewal email goes into a spam folder.
Step-by-Step: The Automated COI Workflow Recipe
Step 1: Build Your Vendor Master List
Create a central vendor record for every active vendor. At minimum, capture: vendor name, trade/service type, primary contact email, phone, required coverage types, and current COI expiration dates by coverage line. This record should live in your PMS or a dedicated vendor compliance tool — not in a spreadsheet.
Step 2: Define Coverage Requirements by Vendor Type
Not every vendor needs the same coverage. Create a coverage requirements matrix that maps vendor type to required minimums. Landscapers need GL and auto; solo handymen may be required to carry workers' comp or operate as sole proprietors with appropriate exemptions. Having this matrix in writing protects you when a vendor submits a COI that meets your old standard but not your current one.
Step 3: Set Up the Initial COI Collection Workflow
When onboarding a new vendor, trigger an automated email requesting COI submission before any work is assigned. The email should include your coverage requirements, the format (PDF certificate from their broker), and a deadline. In AppFolio and Yardi, this can be initiated from the vendor profile. In a standalone workflow tool, you configure this as a triggered email sequence.
Step 4: Configure Expiration Date Alerts
Set automated alerts at 60, 30, and 7 days before each coverage line's expiration date. The 60-day alert goes to the vendor's primary contact asking them to submit a renewal certificate when their policy renews. The 30-day alert escalates to a secondary contact if no update has been received. The 7-day alert triggers an internal flag for your compliance team.
Step 5: Enforce a Work-Order Hold
This is the step most firms skip, and it's the most important one. Configure your PMS or work-order routing system to block new job assignments to any vendor whose COI has expired or is within 7 days of expiring. In AppFolio, this can be set as a vendor compliance status that disables work-order creation. In Yardi, similar logic exists in the vendor management module. Without this step, the tracking system is informational but not enforceable.
Step 6: Document the Review and Approval Process
When a vendor submits a new COI, someone needs to verify that it meets your coverage minimums before clearing the hold. Document who reviews certificates, what the minimum requirements are, and how long the review should take. Build an SLA: new COIs received should be reviewed and cleared within 24 business hours.
Step 7: Audit Quarterly
Even with automated alerts, run a quarterly audit: pull every vendor record, verify current COI status, check that expiration dates in your system match what's on file, and flag any vendor who has been on hold for more than 30 days (may need to be replaced or escalated).
Step 8: Connect to Vendor Onboarding and Offboarding
Make COI status a required field in your vendor onboarding checklist. A vendor is not active until a valid COI is on file and cleared. When a vendor is offboarded, archive their COI records with a notation of final work date — this is useful if a claim arises after the engagement ends.
Platform Comparison: AppFolio vs Yardi for COI Tracking
Both AppFolio and Yardi include vendor management modules with some COI tracking capability. Here's how they compare on the specific features that matter for compliance automation.
| Feature | AppFolio | Yardi | Standalone Automation Layer |
|---|---|---|---|
| Vendor COI storage | Yes (document upload) | Yes (document upload) | Via connected storage (Drive, SharePoint) |
| Expiration date tracking | Manual entry | Manual entry + alerts | Automated via OCR or form intake |
| Automated vendor reminders | Limited (manual trigger) | Yes (Yardi Vendor Cafe) | Full automation, configurable frequency |
| Work-order hold on expiry | Yes (compliance status) | Yes (vendor approval workflow) | Triggered via PMS API or webhook |
| Coverage minimum verification | Manual | Manual | Can be partially automated via checklist |
| Reporting / audit trail | Basic | Strong (Yardi reporting) | Configurable |
| Best for | Portfolios 200–2,000 units | 500+ unit institutional | Any size as supplement |
AppFolio is the better starting point for mid-market residential portfolios. Its vendor compliance status is easy to configure and the work-order block logic is clear. The weakness is that automated reminders to vendors require manual trigger — you don't get fully autonomous follow-up.
Yardi Voyager + Vendor Cafe is more powerful for institutional portfolios. Vendor Cafe is a self-service portal where vendors can upload their own insurance certificates, and Yardi's compliance engine flags discrepancies. The tradeoff is configuration complexity and cost.
According to NMHC 2024 Renter Preferences Survey, operational infrastructure quality — including vendor management — is a significant factor in resident satisfaction scores, as residents experience the quality and timeliness of maintenance work directly.
Where US Tech Automations Fits In
US Tech Automations complements your PMS by automating the gaps that AppFolio and Yardi don't fully close — specifically, the multi-step vendor follow-up sequences and the cross-system triggers that connect COI status to work-order routing, accounting approvals, or property owner reporting. For a portfolio manager running 1,000+ units across multiple properties, the manual work of chasing 40 vendors' certificate renewals each quarter is a real operational burden. Automating those sequences through a connected workflow layer — not just alert emails, but tracked follow-up threads that escalate based on response — is where significant time savings materialize.
Vendor Compliance Workflow: Timeline and Frequency Reference
Property managers often ask how frequently each element of the COI workflow should occur. This reference table provides a practical cadence.
| Activity | Recommended Frequency | Owner | Tool |
|---|---|---|---|
| Initial COI collection | At vendor onboarding | Operations team | Email request / vendor portal |
| Expiration alert — 60 days out | Automated trigger | Automated system | PMS or workflow tool |
| Expiration alert — 30 days out | Automated trigger | Automated system | PMS or workflow tool |
| Expiration alert — 7 days out | Automated trigger + internal flag | Compliance lead | PMS + Slack |
| COI review after submission | Within 24 business hours | Designated reviewer | Manual review |
| Work-order hold verification | Before every new job assignment | PMS automated | AppFolio / Yardi |
| Quarterly full-roster audit | Quarterly | Operations director | Manual + PMS report |
| Vendor offboarding COI archive | At contract end | Operations team | Document storage |
According to Gartner facilities management research, organizations with documented vendor compliance workflows process insurance renewals 60% faster than those relying on informal follow-up processes. Structured COI workflows: 60% faster renewal processing according to Gartner facilities management research.
According to BLS Occupational Safety and Health data, property maintenance and facilities work consistently ranks among the higher-risk occupational categories — reinforcing why maintaining active vendor insurance coverage is not an administrative nicety but a risk management imperative.
Common Compliance Mistakes and How to Avoid Them
Mistake 1: Tracking only the GL expiration date. Workers' comp, auto, and umbrella policies may have different renewal dates than the GL policy. Track every coverage line separately.
Mistake 2: Accepting a binder instead of a certificate. Insurance binders are temporary and may not carry the same coverage as the final policy. Require an ACORD 25 certificate, not a binder.
Mistake 3: Not requiring the additional insured endorsement. A certificate that doesn't name your management company as an additional insured doesn't protect you in the same way. Make the endorsement a hard requirement for all vendors.
Mistake 4: Allowing vendors on active work orders after expiration. The most dangerous gap. A work order placed on Monday for a vendor whose coverage expired the previous Friday is still your liability exposure.
Glossary
COI (Certificate of Insurance): A document issued by an insurance broker summarizing an insured party's active coverage types, limits, and expiration dates.
ACORD 25: The standard form used for commercial liability certificates of insurance, widely accepted across property management and construction industries.
Additional Insured: A party (e.g., your management company) named on another entity's insurance policy, extending coverage to them for claims arising from the named insured's work.
Vendor Cafe: Yardi's vendor self-service portal for document upload, compliance submission, and 1099 management.
Compliance Hold: A PMS status applied to a vendor that blocks new work-order assignments until a compliance requirement is resolved.
Waiver of Subrogation: An endorsement preventing the insurer from suing the additional insured even if the additional insured contributed to the loss — increasingly required by institutional property owners.
When NOT to Use US Tech Automations
If your PMS (AppFolio or Yardi) already handles COI alerts and vendor holds natively and your team has capacity to manage the vendor follow-up process manually, you may not need an external automation layer. US Tech Automations adds the most value when the manual follow-up volume has grown beyond what your team can handle, when you need to connect COI status to systems outside your PMS (e.g., triggering holds in a work-order management tool that doesn't share data with AppFolio), or when you're managing compliance across multiple properties on different platforms.
FAQs
How often do vendor COIs need to be renewed?
Most commercial insurance policies renew annually. However, some vendors — particularly smaller contractors — carry policies on non-calendar-year cycles, so the renewal date varies. Track each vendor's actual expiration date rather than assuming annual renewal.
What is the minimum acceptable COI for a residential property management vendor?
A common baseline is $1,000,000 per occurrence / $2,000,000 aggregate for general liability, statutory workers' compensation, and $500,000 for commercial auto. Higher coverage may be required by property owners, lenders, or local ordinance.
Does AppFolio automatically notify vendors when their COI expires?
AppFolio can send automated compliance notifications, but the configuration varies by setup. The platform's native alerts are less autonomous than a dedicated vendor compliance tool or an external automation workflow. Most AppFolio users supplement with a manual follow-up process.
Can I require vendors to upload their own certificates?
Yes — Yardi Vendor Cafe supports this directly. AppFolio has limited vendor self-service capabilities. Standalone vendor compliance portals (e.g., myCOI, Vendor Shield) also provide self-upload workflows that can be layered on top of any PMS.
What happens if a vendor refuses to provide a COI?
Don't assign work to them. This is a hard line. A vendor unwilling to provide evidence of insurance is either uninsured (creating direct liability for your firm) or uncommunicative about a basic professional requirement. Neither is acceptable for active property work.
How does IREM guidance address vendor compliance?
According to IREM 2024 Management Compensation Survey, institutional property managers increasingly include vendor compliance protocols as a standard element of their management fee justification — meaning that robust COI tracking is not just a risk management function but a billable differentiator.
Next Steps
Building a reliable COI workflow starts with a vendor master list, moves to coverage requirement matrices, and then connects to automated alerts and enforcement holds. The gap between "we track this in a spreadsheet" and "we have zero expired COIs at any time" is mostly process design, not technology.
For further reading on managing vendor and compliance workflows in property management, see our guides on why property management firms struggle with vendor compliance and how to automate maintenance work order routing with Property Meld and AppFolio. For broader portfolio automation, our pre-flight checklist for property management automation is the right starting point.
When your team is ready to automate the full vendor follow-up sequence, explore US Tech Automations pricing or visit the property management automation agent page to see what a connected compliance workflow looks like in practice.
About the Author
Helping businesses leverage automation for operational efficiency.
