Vendor Contract Insurance Audit: Protect Your Business with Proper Indemnity and Insurance Wording

A complete, practical guide for risk managers, procurement teams, and business leaders who rely on vendors, contractors, and service providers. This guide explains how to design and execute a vendor contract insurance audit that closes coverage gaps, enforces appropriate indemnity and insurance wording, and reduces claims exposure and premium impact.

Table of contents

• Why vendor contract insurance audits matter
• Core concepts: indemnity, additional insured, limits, and waivers
• The legal and market backdrop: ISO endorsements & anti‑indemnity laws
• The vendor insurance audit — step‑by‑step
• Sample insurance and indemnity wording (with pros/cons)
• Endorsements and policy language you should require
• Certificates of insurance: what they show and what they don’t
• Vendor types: recommended limits & endorsement matrix
• Scorecards, red flags, escalation & remediation
• Claims, premium impact and loss control alignment
• Practical checklists, templates and next steps
• Further reading & references

Why vendor contract insurance audits matter

Vendors and subcontractors bring skills and scalability — and they bring risk. When a vendor causes a loss, your company can be exposed through:

• Third‑party bodily injury or property damage claims,
• Business interruption and supply chain loss,
• Cyber incidents from third‑party IT/service providers,
• Reputational damage and regulatory fines.

A deliberate contract insurance audit is the bridge between contractual risk transfer (indemnity) and actual contractual insurance recovery. Without the right wording and proof of coverage, contractual protections are often illusory.

Key outcomes of a good audit:

• Confirm that required insurance is in place and binding,
• Ensure additional insured, primary/non‑contributory, and waiver of subrogation language is effective,
• Reduce uninsured transfers that cause claims and premium increases.

Core concepts (plain English)

Before auditing contracts, everyone on the team should share the same working definitions.

• Indemnity — A contractual promise where one party (indemnitor) agrees to compensate another (indemnitee) for loss, defense costs, or damages in defined circumstances. Indemnities vary by scope (broad vs. limited), and state laws may constrain enforceability.
• Additional Insured (AI) — A party added to another party’s liability policy so the AI receives defense and indemnity coverage under the named insured’s policy for covered claims tied to the named insured’s operations.
• Primary & Non‑contributory — A requirement that the named insured’s policy will pay first (primary) and will not seek contribution from the additional insured’s own insurance (non‑contributory). This protects the additional insured’s loss experience. Requiring an endorsement (e.g., CG 20 01) accomplishes this more reliably than a COI statement alone. (irmi.com)
• Waiver of Subrogation — The insurer agrees not to pursue recovery against a named party after paying a claim. This preserves the contractual relationship and can avoid insurer lawsuits between contracting parties.
• Limits and Aggregate — Limits should reflect realistic worst‑case exposures. Beware aggregate limits that may be exhausted by other claims.
• Certificates of Insurance (COIs) — Useful snapshots but not proof of the underlying contract amendments or endorsements; they can be forged or incomplete.

The legal and market backdrop (what’s changed and why it matters)

Industry standard ISO endorsements have been revised over the last decade to respond to courts and anti‑indemnity statutes. These changes affect the practical scope of additional insured coverage that vendors can provide and the enforceability of broad indemnity clauses.

• ISO revised CGL endorsements (notably CG 20 10, CG 20 37 and the CG 20 01 “Primary & Noncontributory” endorsement) in the 2010s to clarify scope and to limit additional insured coverage where state law prohibits indemnity. These revisions mean the endorsement a vendor supplies will determine whether the indemnitee gets defense and indemnity for the indemnitee’s sole negligence or only for the vendor’s negligence. (irmi.com)
• Courts and insurers have pushed back on attempts to convert an additional insured status into a substitute for broad indemnity where state anti‑indemnity statutes apply. The new endorsements typically limit coverage “to the extent permitted by law” and may cap coverage to the level required by contract. (irmi.com)
• Many procurement and construction contracts continue to demand broad AI, primary/noncontributory treatment, and robust completed operations coverage — but you must request the right endorsement editions and verify the policy actually contains them. (mondaq.com)

Why this matters: a vendor may show a COI with an “Additional Insured” box checked, but the policy endorsement attached could still be limited and might not give the defense or indemnity you intended. The audit must verify the endorsement language, not just the COI. (irmi.com)

The vendor insurance audit — step‑by‑step

This section provides a practical, repeatable workflow you can apply to every vendor relationship.

High‑level phases:

1. Pre‑award / Contract Drafting
2. Onboarding (document collection + verification)
3. Active monitoring (periodic re‑verification)
4. Incident & claims response verification

1) Pre‑award / Contract drafting (get the right words)

• Determine vendor risk category (see matrix later).
• Tailor insurance and indemnity obligations to risk and leverage; avoid “one size fits all.”
• Require specific endorsements by name and edition (not just “Additional Insured”) — require the endorsement forms you expect (e.g., CG 20 10 04/13 or CG 20 37 04/13) and CG 20 01 for primary/non‑contributory where necessary. (irmi.com)
• Include a requirement to provide the actual additional insured endorsement forms and the policy declarations page, not only a COI.

2) Onboarding (collect and verify)

• Collect:
  • Certificate of Insurance (COI) on industry standard ACORD form,
  • Copies of the actual endorsements that add you as AI,
  • Policy declarations page (summary of limits, policy period, retro dates),
  • Evidence that the insurer is admitted/authorized in your state (or strong excess/security).
• Verify:
  • The AI endorsement is attached to the issuing policy and matches the contract requirement,
  • Primary & non‑contributory endorsement is in‑force if required,
  • Waiver of subrogation wording is present on the relevant policy (workers’ comp, GL, property as applicable),
  • Limits, aggregate, and retroactive dates satisfy the contract.
• Use a simple checklist and digital repository to store documents and renewal reminders.

3) Active monitoring (ongoing audit)

• Re‑verify COIs 15–30 days before expiration and confirm endorsements remain attached.
• Random spot audits: request policy forms and endorsements and confirm via insurer portals or broker attestations.
• For high‑risk vendors, require insurer letters confirming coverage and endorsements.

4) Incident & claims response

• Confirm notice obligations: vendor must notify you promptly and provide claim documentation.
• Ensure the vendor’s insurer agrees to provide a defense to the additional insured when required by the endorsement.
• If coverage is disputed, engage coverage counsel early.

Sample audit checklist (one‑page)

• Contractual Requirements
  • Indemnity clause present and signed
  • Additional Insured required (endorsement specified)
  • Primary & non‑contributory required (endorsement specified)
  • Waiver of subrogation required
  • Cyber/PL requirements (if applicable)
• Documents collected
  • ACORD COI
  • AI endorsement(s) (attach copies)
  • CG 20 01 / CG 20 10 / CG 20 37 copy (if required)
  • Declarations page
• Verification
  • Insurer admitted status
  • Limits & aggregates verified
  • Policy effective dates cover contract term and completed operations (if needed)
  • Retroactive date on professional liability (if claims‑made)
• Red flags
  • COI lists “waived” but no endorsement provided
  • AI endorsement uses older edition that contains sole negligence coverage limits (or vice versa)
  • Limits too low for vendor type
  • Claims‑made professional liability with missing retro date

Indemnity clause types — comparison table

Indemnity Type	What it promises	Insurance implications	Business pros	Business cons
Broad (most common in construction)	Indemnitor covers indemnitee for claims including indemnitee’s sole negligence	Requires vendor insurance that covers indemnitee’s negligence; may be limited by state law	Maximum transfer of financial risk	Often unenforceable/invalid under anti‑indemnity statutes; insurers may decline to provide sole‑negligence defense
Intermediate (e.g., “to the extent caused by vendor’s negligence”)	Indemnitor covers only to the extent of their negligence	Aligns better with standard AI endorsements that cover shared negligence	More enforceable, easier to insure	Less transfer than broad form
Limited / Comparative fault	Indemnitor pays for vendor’s own negligence only	Matches current AI endorsements (post‑2013)	Insurable and frequently enforced	Leaves indemnitee exposed if indemnitee is solely negligent
Mutual indemnity	Both parties indemnify each other for their own negligence	Reduces disputes	Fair allocation in equal bargaining power	May be unnecessary for low‑risk vendors
Hold harmless (defense only)	Vendor agrees to defend indemnitee, not indemnify	Requires defense obligation but not indemnity	Immediate protection re: defense costs	Defense obligations can be expensive; insurers may resist defense‑only clauses

Use this table to map the clause you want to the insurance you require.

Sample indemnity wording (templates and analysis)

Note: these are templates for discussion. Always have counsel review local enforceability.

• Broad (risky in many states)

  • “Vendor shall indemnify, defend and hold harmless Company, its officers, agents and employees from and against any and all claims, suits, damages, liabilities, losses and expenses (including attorney fees) arising out of or resulting from Vendor’s work, including liabilities based upon the negligence of Company to the fullest extent permitted by law.”

  Analysis: Broadest transfer but often limited by state anti‑indemnity statutes and ISO endorsement changes. Requires careful vetting of state law.

• Balanced / Preferred (commercially enforceable)

  • “To the fullest extent permitted by law, Vendor shall indemnify, defend and hold harmless Company from and against any claims arising out of Vendor’s negligent acts or omissions in the performance of its services under this Agreement. This indemnity does not apply to the extent that such claims are caused by the sole negligence or willful misconduct of Company.”

  Analysis: Ties indemnity to vendor negligence (insurable), excludes indemnitee’s sole negligence (reduces anti‑indemnity risk).

• Mutual / limited

  • “Each party shall indemnify the other for claims arising from its own negligence or willful misconduct.”

  Analysis: Useful where bargaining power is balanced.

Always pair indemnity with required insurance and the specific AI endorsements to make an indemnity practically enforceable.

Endorsements and policy language to require (priority list)

When drafting contracts, specify the endorsement by form name and date where reasonable. Common endorsements and why they matter:

• CG 20 10 (Additional Insured — Owners, Lessees or Contractors — Ongoing Operations) — Adds indemnitee for liability arising from ongoing operations. Recent editions limit scope; request edition/date consistent with your contract. (grahamco.com)
• CG 20 37 (Additional Insured — Owners, Lessees or Contractors — Completed Operations) — Extends AI coverage for completed operations exposures. Often required for long‑tail construction exposures. (grahamco.com)
• CG 20 01 (Primary and Noncontributory—Other Insurance Condition) — Makes the named insured’s coverage primary and noncontributory for the additional insured where contractually agreed; use when you need your vendor’s policy to pay first. (irmi.com)
• CG 20 26 / CG 20 33 (Additional Insured – Managers or Lessors of Premises / Owners, Lessees or Contractors) — Depending on operations, these forms address AI for premises exposures and construction professionals.
• Waiver of Subrogation endorsement (Workers’ Comp and GL) — Prevents vendor’s insurer from suing you for recovery after paying the claim.
• Primary / Excess interactions — Remember umbrella/excess policies have their own other‑insurance conditions; expressly require any umbrella/excess to “follow form” as needed and confirm by endorsement. (irmi.com)

Always require copies of the actual endorsements and confirm effective policy dates and retroactive dates for claims‑made policies.

Certificates of Insurance — what they show and what they don’t

COIs are essential, but inadequate on their own.

What a COI does:

• Shows policy types, limits, policy periods, and the insurer name.
• Indicates on the ACORD form whether an additional insured was requested.

What a COI doesn’t do:

• A COI does not amend the policy or create an additional insured or primary/non‑contributory endorsement on the policy. The underlying policy endorsements are controlling. If the contract requires specific endorsements, you must see those endorsements attached to the policy. (irmi.com)

Best practice:

• Require the actual AI and primary/non‑contributory endorsement forms and the declarations page as part of onboarding.
• Include a broker attestation or insurer letter for high‑risk vendors.
• Use digital COI management tools that flag expirations and missing endorsements.

Vendor types — recommended limits & endorsement matrix

This matrix provides a starting point. Adjust for project size, potential severity, state rules, and contract leverage.

Vendor type	GL Limits (min)	Auto (min)	Professional/Network Security	WC	AI & Endorsements
Janitorial / Facilities	$1M / $2M aggregate	$1M CSL if autos used	N/A	Statutory	AI (CG 20 10), Waiver of Subrogation
Subcontractor (construction)	$1–5M / $5M+ aggregate (project size)	$1M CSL	N/A	Statutory	CG 20 10 & CG 20 37, CG 20 01 primary/non‑contrib
Haulers / Logistics	$1–5M	$1–5M CSL (trucking higher)	Cargo/auto liability	Statutory	AI (as required), Primary/non‑contrib; motor carrier endorsements
Technology / SaaS vendor	$1M GL + $1–5M Cyber/E&O	N/A	$1–10M Cyber/Professional Liability	N/A	E&O with retro date; vendor to carry network security & privacy limits
Consultants / Design professionals	$1–2M GL + $1–10M Professional Liability	N/A	Professional Liability (claims‑made with retro date)	N/A	AI where applicable; ensure retroactive date covers engagement

Notes:

• These are starting points — for large projects or high‑value exposures, increase limits.
• Cyber and professional exposures require dedicated policies; a general GL policy typically excludes professional or cyber liabilities.

Scorecards, red flags, escalation & remediation

Create a simple vendor insurance score that drives contract approval:

Sample scoring categories (0–5 each):

• Documents completeness (COI + endorsements + dec page)
• AI endorsement adequacy
• Primary/non‑contributory present
• Waiver of subrogation present
• Professional/cyber coverage adequacy (if applicable)
• Insurer financial strength & admitted status

Red flags that require escalation:

• COI shows AI but no endorsements provided,
• Claims‑made professional liability with missing retro date,
• Insurer not admitted and no strong excess security,
• Self‑insured retention or large deductible without security,
• Limits below the minimum and vendor refuses to increase.

Remediation steps:

1. Request missing documents (5 business days),
2. Require broker/insurer letter confirming coverage (10 business days),
3. If unresolved, hold payments, remove vendor access, or procure insurance and bill vendor (depending on contract).

Claims, premium impact and loss control alignment

Vendor losses can drive your organization’s claim frequency and severity — and affect your insurance premiums, experience modification, and insurer relationships.

• When a claim implicates your organization as an additional insured, your carrier may still see the loss depending on jurisdiction and endorsements — every claim can affect loss runs and future pricing. Robust audit controls and ensuring vendor primary/non‑contributory coverage protects your loss history and limits rating impact. (irmi.com)
• Align vendor audits with your broader loss control program. Work closely with procurement, safety, and operations to reduce vendor risks before they become claims. See related resources for claim timelines and loss control playbooks: for example, Loss Control Playbook: Policies, Training and Vendor Audits That Reduce Claims and Premiums and Claims Impact on Premiums: Experience Mod, Rate Increases and How to Contest a Bad Claim. (Internal links for deeper operational alignment.)

Practical contract clauses — recommended wording snippets

1. Additional Insured & Primary/Non‑contributory

• “Vendor shall, at Vendor’s expense, name Company, its officers, directors and employees as Additional Insureds on Vendor’s Commercial General Liability policy by endorsement CG 20 10 (or equivalent) for ongoing operations and CG 20 37 (or equivalent) for completed operations. Vendor shall also provide the CG 20 01 (04/13) Primary and Noncontributory endorsement, or equivalent, so that Vendor’s coverage is primary and non‑contributory for the benefit of Company where required by contract.”

2. Waiver of Subrogation

• “Vendor’s insurer shall waive any right of subrogation against Company for claims covered under Vendor’s policies.”

3. Proof and audit rights

• “Vendor shall deliver certificates of insurance, policy endorsements and declarations pages prior to the commencement of Work, and upon renewal. Company reserves the right to audit Vendor’s insurance documentation and require insurer confirmation as needed.”

4. Remedies

• “If Vendor fails to maintain required insurance, Company may (a) suspend work, (b) procure such insurance and charge Vendor, or (c) terminate the Agreement for cause.”

Always require the actual endorsements and insurer confirmations, not just COIs.

Realistic ROI: why the audit pays for itself

• One preventable claim that moves into your loss run can increase future premium costs well beyond the cost of a formal audit program.
• Requiring vendor primary/non‑contributory insurance and strict AI endorsements shifts defense and indemnity cost away from you.
• Regular audits reduce surprise coverage disputes and litigation costs — saving defense expenses, preserving insurer relationships and controlling experience modification impacts.

Next steps: a 90‑day action plan

Days 0–30

• Identify top 25 vendors by spend and risk.
• Implement the one‑page audit checklist and request missing endorsements.
• Update contract templates to require specific endorsements (CG forms) and insurer attestation.

Days 30–60

• Run COI renewal automation for all vendors.
• Conduct spot audits on 10% of vendors and document findings.
• Train procurement and legal teams on indemnity language and red flags.

Days 60–90

• Escalate unresolved failures to legal or insurance broker.
• Adjust vendor tiering and procurement policy based on audit results.
• Integrate vendor audit outcomes into the next budget cycle and insurer scorecards.

Templates & quick reference

• Minimum requirements to include in every vendor contract (short checklist):

  • Indemnity clause tied to vendor negligence,
  • Additional Insured wording with specific endorsement forms (CG 20 10/CG 20 37),
  • CG 20 01 primary/non‑contributory (if required),
  • Waiver of subrogation (GL & WC),
  • Certificate + AI endorsements + declarations page,
  • Audit & remediation remedies.

• Vendor escalation flow:

  1. Request corrections (5 days),
  2. Broker attestation (10 days),
  3. Suspend vendor access / withhold payments,
  4. Procure coverage on vendor’s behalf (if contractual rights allow), then bill.

Related reading (internal links for deeper cluster authority)

• Business Insurance Essentials: How to File a Commercial Claim and What to Expect in the Timeline
• Loss Control Playbook: Policies, Training and Vendor Audits That Reduce Claims and Premiums
• Claims Impact on Premiums: Experience Mod, Rate Increases and How to Contest a Bad Claim
• Step-by-Step Commercial Claims Checklist: Evidence, Notifications, Estimators and Lawyers

Expert cautions and when to get outside help

• Insurance endorsements and indemnity enforceability vary by state. If your contracts cross state lines or involve construction projects, consult coverage counsel early. ISO endorsement changes and state anti‑indemnity statutes can materially affect outcomes. (irmi.com)
• For complex claims or coverage disputes, retain coverage counsel — do not wait until litigation.
• For cyber and professional liability exposures, involve technical SMEs as the policy insuring triggers and exclusions can be nuanced.

References (selected authoritative background)

• Industry changes to ISO CGL endorsements and their implications. (irmi.com)
• Practical breakdown of CG 20 endorsements and additional insured mechanics. (grahamco.com)
• Discussion of CG 20 01 Primary & Noncontributory and ISO changes (2013). (irmi.com)
• Practical considerations and court developments regarding blanket additional insured endorsements. (mondaq.com)
• Guidance for design and construction firms on indemnity and additional insured usage. (victorinsurance.com)

Final checklist — the essentials to enforce today

• Require the actual AI and Primary Certificates/endorsement forms (not COI only).
• Use indemnity language tied to vendor negligence (balanced form) and confirm insurability.
• Demand primary/non‑contributory endorsements where you need your vendors’ policies to respond first. (irmi.com)
• Verify cyber and professional limits for technology vendors.
• Run periodic audits, retain remediation rights, and escalate unresolved issues to legal or procurement.

A disciplined vendor contract insurance audit is not paperwork — it’s a proactive risk‑transfer and loss‑control program that protects balance sheets, reputation, and future insurance costs. Start with the one‑page checklist, require the endorsements by name, and make verification a non‑negotiable part of vendor onboarding.

If you’d like, I can:

• Draft contract clause language tailored to your vendor type and state, or
• Build a customizable COI audit checklist spreadsheet or vendor scorecard for your procurement team.

Which would you prefer next?