Certificate of Insurance (COI) Expiry Monitor: Never Let an Uninsured Vendor On-Site
Track every active vendor's certificate of insurance — coverage types, limits, and expiry — chase the vendor for a renewal before it lapses, and have a compliance reviewer approve each new COI before the vendor is cleared as Current. Then export a clean insurance-status report.
A secure internal tool where you import your vendors and their COI details, upload each COI PDF, and the tool computes days-to-expiry, sends tiered reminders to the vendor and the internal owner, lets the vendor upload a renewal, and routes every new COI to a compliance reviewer who approves it (correct coverage, limits, and additional-insured) before the vendor's status flips to Current — lapses flag the vendor Not-cleared — with a CSV insurance-status export.
Before you start
- A Supabase account (free)
- A Vercel account (free)
- A Resend account (free)
- Your current vendor list with COI details (insurer, coverage types, limits, expiry)
- Your required coverage types and minimum limits
- Claude Code or any AI coding agent
The problem this kills
A vendor's certificate of insurance quietly expires, and nobody notices until a forklift puts a hole in a wall — or your insurer or auditor asks for proof of coverage and you're scrambling through an inbox. COIs live as PDF attachments scattered across email, a shared drive, and someone's desk. The expiry dates sit in a spreadsheet nobody updates. And even when a "current" certificate is on file, has anyone actually checked that it carries the right coverage types, the minimum limits you require, and your organization named as additional insured? Usually not — somebody glanced at the date and filed it.
That's real exposure. An uninsured vendor working on-site is a liability you're carrying without knowing it. A lapse you catch a week late is a week of risk you can't undo. And the manual chase — emailing the vendor, waiting, re-emailing, re-checking the new certificate — eats hours that compliance and facilities teams don't have. You don't need to live like this, and you don't need to be a developer to fix it.
What you'll build
A focused internal monitor for vendor insurance. You import your active vendor list and each vendor's COI details — insurer, coverage types, limits, expiry — and upload the COI PDF to secure storage. The tool computes days-to-expiry for every certificate and runs tiered reminders: a heads-up at 60 days, a firmer nudge at 30, and an "expired — not cleared" alert when the date passes, sent to both the vendor and the internal owner. The vendor uploads their renewal COI through a secure link.
Here's the part that matters: every newly uploaded COI lands in front of a compliance reviewer who checks it against your rules — the required coverage types are present, the limits meet your minimums, your org is listed as additional insured — and only when the reviewer approves does the vendor's insurance status flip to Current. A lapse, or a rejected certificate, flags the vendor Not-cleared so nobody schedules them on-site. At any point you export a clean insurance-status report as CSV in the exact columns your systems expect.
What's inside the Implementation Plan
The downloadable plan is a step-by-step file you paste into an AI coding agent. It opens by interviewing you about your business — your current renewal-chasing process and who owns it, your vendor list and how vendors are identified, your required coverage types and minimum limits, your additional-insured wording, your reminder cadence and who gets chased, how many vendors and COIs you track at peak, and your messy edge cases (a vendor with multiple policies, a blanket COI covering several sites, a "renewal coming" email with no document yet) — and then it tailors the data model, the coverage validations, and every later step to your answers. This is not a generic template; the agent reflects a short spec back to you and waits for your thumbs-up before it builds anything. From there it walks the agent through the import, the PDF upload to secure Storage, the days-to-expiry calculation, the tiered 60/30/expired reminders, the vendor renewal-upload flow, the compliance reviewer's approval screen, the Current/Lapsed status logic, and the CSV export — each step with a ready-to-copy prompt. There's also a fallback so you can build and run the whole thing today even with no integration to your existing vendor or procurement system.
The governance it includes (this is the point)
Vendor insurance is a control, so this tool ships like one: login so only your team and the right vendor can get in, row-level security so each organization sees only its own vendors and certificates (and a vendor sees only their own), a complete audit trail of who imported, uploaded, reminded, approved, rejected, and exported — and when — a hard human-review gate so a compliance reviewer must approve each COI's coverage, limits, and additional-insured status before a vendor is ever set to Current, and duplicate guards keyed on vendor + policy so the same certificate can't be processed twice. Critically, the tool validates coverage types and minimum limits, not just expiry dates — a certificate that's in-date but under-limit doesn't clear. COI PDFs live in access-controlled Storage with RLS, not in anyone's inbox.
Who it's for
Risk and compliance coordinators, facilities managers, procurement, and legal ops — anyone responsible for making sure no uninsured vendor works on-site, and tired of tracking expiry dates in a spreadsheet that's always a little out of date. If you can describe your required coverage and how you review a certificate, you can build this.
You've got this — start with the plan, paste the first prompt, answer the interview, and you'll watch your first vendor go from "expiry unknown" to a cleared, monitored, auto-chased Current the same afternoon.