This message was posted by a user wishing to remain anonymous
Our organization focuses on collection and review of COI's for our highest risk third parties, with some consideration currently about including medium risk as well. There should be consideration given to your portfolio and classification of risks, along with risk tolerance. COIs are beneficial before the agreement has been finalized, to secure the appropriate coverage level from the third party. The COI itself alone does not guarantee a firm coverage of losses, in a litigation, the firm would be equally in a position of needing to go the legal path to secure the funds covering the losses. In addition, the terms and conditions of the agreement should stipulate liability obligations, warranties, and indemnification to hold the third party accountable. The third parties financial viability becomes a concern/consideration, given that they may hold insurance, but may not have the financial wherewithal to cover losses. Our company has found that collection of COIs for the low risk vendors is out of scope.
Original Message:
Sent: 09-26-2023 12:34 PM
From: Anonymous Member
Subject: Certificate of Insurance Requirements
This message was posted by a user wishing to remain anonymous
Hello everyone,
Looking for some insight regarding what your organization's requirements in terms of requesting Certificate of Insurance (COI) from your vendor.
Currently, we request COI for all vendors regardless of risk or criticality levels. As you might know this can be a bit tedious, and some organization only collects COI based on higher criticality/risk levels.
I'm trying to determine pros and cons to help us determine if we should continue our current process or make some amendments. Thank you!