If you spend your days chasing certificates of insurance, it’s easy to believe that once you’ve got a PDF on file, you’re “covered.” A tenant sends over an ACORD 25, a vendor emails their latest certificate, your system shows a green checkmark—job done.

Except it isn’t.

Over the last two decades in property management and maintenance software, I’ve watched the same pattern play out: teams do heroic work collecting paperwork, only to discover in a claim scenario that what they collected didn’t actually protect ownership. The problem isn’t effort; it’s the assumption that tracking equals compliance.

Tracking is about documents; compliance is about obligations

Most “COI solutions” on the market are built to answer a simple question: “Do we have a certificate on file for this vendor or tenant?” That’s document management, not compliance.

Compliance starts from a different question: “What insurance obligations have we placed on this counterparty, and does their coverage actually fulfill those obligations today?”

To answer that, you need to line up three things:

• The requirements: what your leases, contracts, and building‑level standards say.
• The documentation: the certificates, endorsements, and policy details you’ve collected.
• The current state: what is actually in force now, after renewals, endorsements, and mid‑term changes.

Most tools stop at the second bullet. They store PDFs, expose renewal dates, maybe highlight a few basic fields. They very rarely encode requirements at the building level, map them to a specific tenant or vendor, and continuously reconcile that against real coverage.

In other words, they track. They don’t ensure.

Why this gap exists

The industry ended up here for understandable reasons.

• COIs look like checklists. A form with boxes ticked and limits filled in feels like a finished task.
• Most systems were built for central risk teams. They optimized for getting documents into a shared repository, not for helping a property manager decide if a vendor can start work tomorrow.
• Vendors sold “paperless” as the win. Moving from file cabinets to digital storage was a big leap; it just wasn’t the last one.

The result is a dangerous middle ground: you have just enough structure to feel confident, but not enough rigor to stand up in a dispute or claim.

What true COI compliance looks like

If tracking isn’t enough, what does real compliance require?

Building‑specific requirements

Every asset has a risk profile: construction type, occupancy, systems, geographic exposure, lender covenants. A generic “standard” set of limits applied across the portfolio is convenient, but it guarantees misalignment somewhere.

True compliance starts by defining requirements at the building level—what this asset needs, for this use, in this market—and then pushing those requirements out to leases and vendor contracts.

Requirement‑aware intake

When a certificate comes in, the question should not be: “Is there a PDF attached?”

It should be: “Given this building’s requirements and this counterparty’s role, does this certificate (and its endorsements) meet what we asked for?”

That means checking limits, lines of coverage, named insureds, additional insured status, primary and non‑contributory language, waivers of subrogation, and the presence of required endorsements—not just confirming the boxes are filled.

Exception management

Almost every portfolio lives with exceptions: a long‑standing tenant with grandfathered terms, a vendor with partial coverage, a market where a particular endorsement isn’t available.

Real compliance means:

• Logging the exception
• Documenting who approved it
• Recording what compensating controls exist (indemnity language, caps, operational controls)

“We have a certificate” is not an exception policy. It’s a blind spot.

Ongoing monitoring

COIs are point‑in‑time snapshots. Coverage can be bound, canceled, or modified between renewals.

At a minimum, compliance requires:

• Renewal tracking with proactive outreach
• Clear visibility into expired or expiring coverage
• A way to pause or restrict work when insurance lapses

Tracking alone typically stops at “we sent a reminder.” Compliance extends through to operational decisions: who can be on site, who can’t, and why.

Why this matters for mid‑market owners

Large institutional owners sometimes buffer this gap with dedicated risk teams and outside counsel. Mid‑market owners often don’t have that luxury.

They rely on property managers—often with overloaded calendars and thin support—to “handle insurance.” When those teams are given tools that only track documents, they’re set up to fail quietly.

The risk isn’t theoretical. One missing additional insured endorsement, one misaligned limit, one untracked renewal can turn into:

• A tendered claim that gets denied
• Defense costs pushed back onto ownership
• A painful discovery process where opposing counsel picks apart your records

From the outside, it looks like a single miss. From the inside, it’s the natural outcome of equating tracking with compliance.

What we’re building with Ensurient

Ensurient exists because, after 22 years of watching property teams do their best with inadequate tools, I wanted a system that started where most stop.

We designed it so that:

• Requirements live at the building level first, then flow down to tenants and vendors.
• Every certificate is evaluated against those requirements, not just stored.
• Exceptions are explicit, with approvals and rationale attached.
• Property managers stay in control, with clear signals about who is compliant, who isn’t, and what to do next.

We still track. You still get the dashboards, the reminders, the PDFs neatly organized. But the goal isn’t to feel organized.

The goal is to be able to sit in a room—whether with ownership, counsel, or a regulator—and show that you knew what was required, what was in place, where the gaps were, and what you did about them.

That’s the difference between COI tracking and compliance. One makes your files tidy. The other keeps your owners, and your career, protected.