runbookify
← All plans
Procurement & Purchasing / Supplier / Vendor Onboarding & Management

Supplier COI / W-9 / Certification Expiry Tracker

Build your own internal tool that watches every supplier's insurance, tax, and compliance documents, alerts you well before they expire, chases the supplier for renewals, and only marks a document current after a human reviewer accepts it.

BeginnerAn afternoonBuilds onNext.js (App Router) on VercelSupabase (Postgres + Storage + Auth with RLS)Resend (email alerts + renewal requests)
What you'll build

A private, login-protected dashboard that shows every supplier document as expired, expiring, or current, sends tiered reminders to the right people, collects renewal uploads, and updates the record only after a reviewer signs off.

Gated download

Enter your email — the plan downloads instantly and a copy lands in your inbox.

By submitting your email you'll also receive the weekly runbookify newsletter. You can unsubscribe at any time.

Before you start

  • A free Vercel account
  • A free Supabase account
  • A free Resend account (or just skip email at first)
  • Your current supplier document list in a spreadsheet or CSV (supplier, document type, issue date, expiry date)

The problem this kills

You usually find out a supplier's certificate of insurance lapsed the same week you needed it - after an incident, during an audit, or when a customer asks for proof. The W-9 you need for tax season is two versions old. The quality cert that lets you buy from a vendor quietly expired three months ago and nobody noticed.

Today this lives in someone's head, a shared drive full of PDFs, and a spreadsheet that only gets looked at when there's already a problem. Nothing watches the dates for you. Nothing chases the supplier. And when a renewal does come in, it gets filed without anyone checking the coverage amount or the dates actually changed.

This Implementation Plan kills that. You build a tool that watches every expiry date, warns you early, asks the supplier for the new document automatically, and refuses to mark anything "current" until a real person has looked at it and accepted it.

What you'll build

A small, private web app - just for your team - that:

  • Holds a document register: every supplier, every document type (COI, W-9, quality cert, compliance cert, license), issue date, expiry date, and the file itself.
  • Computes days-to-expiry for every document, every day.
  • Sends tiered alerts (for example 60, 30, and 7 days out) to the internal owner and, when you want, to the supplier directly - asking them to send the renewal.
  • Collects the renewal upload from the supplier into secure storage.
  • Stops at a human gate: a reviewer opens the new document, checks the coverage amount, dates, and that it's the right type, and only then accepts it. The record's expiry updates only on acceptance.
  • Shows a compliance dashboard: a clear count and list of expired / expiring / current documents, with filters by supplier and type.
  • Flags expired suppliers for PO hold so purchasing knows not to raise a new order against a lapsed vendor.
  • Exports a clean CSV in the exact columns your existing system expects.

What's inside the Implementation Plan

  • It interviews you first. Before it builds anything, the plan has the AI agent ask you about your real process - your document types and what you call them, your supplier ID scheme, your lead-time rules, your coverage minimums, who reviews and approves, and the messy exceptions (self-insured suppliers, blanket policies, "pending renewal" states). It reflects a short spec back, you confirm it, and only then does it build. You get a tool shaped around your business, not a generic template.
  • A step-by-step build, where each step ends with a ready-to-paste prompt - no coding knowledge needed.
  • The full data model: suppliers, contacts, document types with per-type lead times and coverage rules, documents with versions, and an audit log.
  • The alert engine with tiered, per-type lead times.
  • The supplier renewal request flow and upload handling.
  • The reviewer acceptance gate and the dashboard.
  • A "No API yet?" fallback so you can build the whole thing today from a spreadsheet, with documents stored in Supabase - no integration required.

The governance it includes (this is the point)

This isn't a toy. Governance is built in from the first step, because that's what makes it safe to run on real supplier data:

  • Login so only your team can open the tool.
  • Row-level security so a user only ever sees their own organization's suppliers and documents.
  • A complete audit trail - who uploaded, who alerted, who accepted or rejected, and exactly when.
  • A hard human-in-the-loop approval gate: a renewal upload never marks itself current. The AI and the supplier can draft and submit; a person reviews coverage, amounts, and dates, and only their acceptance commits the change.
  • Duplicate guards so the same document version can't be processed or counted twice (the dedupe key is supplier + document type + version, and the latest accepted version is "current").

Who it's for

Procurement, accounts payable, and risk owners who are tired of finding out a supplier's insurance lapsed only when something goes wrong. If you manage vendor onboarding and you're the person who gets the angry email during an audit, this tool is for you - and you can build it yourself in an afternoon.

You've got this - paste the first prompt and let the agent interview you.

Gated download

Enter your email — the plan downloads instantly and a copy lands in your inbox.

By submitting your email you'll also receive the weekly runbookify newsletter. You can unsubscribe at any time.