Hello,
When it comes to insurance, obtaining a certificate is important. As part of due diligence, you'll want to ensure that the certificate is not expired and insurance coverage and type(s) are sufficient and in line with contractual obligations. For example, it is recommended that any vendor with access to PII carry both a general liability policy and a cyber security policy.
Whenever possible, It is also recommended that your vendor add your organization as an "additional insured" party. An additional insured status in a liability policy extends the coverage beyond the named insured to include other individuals or groups not named in the original policy. Additional insured typically applies where the primary insured must provide coverage to other parties for new risks that arise out of their connection to the named insured's conduct or operations.
I don't know that the product team must view the certificate, as long as someone is acting in the capacity of an SME to validate the certificate.
Make sure you track expiration dates; they rarely align with contract dates and can expire mid-contract.
I hope that helps, and I would love to hear the advice of other members.