Insurance & Compliance Checklist
This checklist is a starting point for vendor or partner selection and for preparing proposals requiring insurance and compliance artifacts.
Insurance (typical requirements)
- Commercial General Liability (CGL): $1M per occurrence / $2M aggregate
- Professional Liability / Errors & Omissions (E&O): $1M per claim
- Cyber/ Privacy Liability: $1M per claim (if handling personal data)
- Workers' Compensation: as required by local law
- Automobile Liability: if company vehicles are used on site
- Evidence required: certificates of insurance (COI) naming the customer as an additional insured (if requested)
Security & Compliance Attestations
- SOC 2 Type II report (or equivalent) — preferred for cloud or managed services
- TISAX/ISA/ISO 27001 — relevant for automotive suppliers and manufacturing partners
- Pen test / vulnerability scan reports (summary) — annual where applicable
- Data Processing Addendum (DPA) signed for GDPR/UK-GDPR compliance
Data Handling & Retention
- Data classification and retention policy
- Encryption in transit (TLS 1.2/1.3) and encryption at rest for sensitive data
- Backup and recovery procedures and RTO/RPO targets
Supply Chain & On-site Requirements
- Insurance confirmation for subcontractors and field engineers
- On-site safety certifications (e.g., lockout/tagout, confined space where applicable)
- Background checks and vetting procedures for field staff (if required)
Contracting Notes
- Include clear SLAs for response times, remote diagnostics, and on-site support
- Limitations of liability and indemnities should be negotiated and documented
- Data ownership, IP, and permitted use of logs and telemetry must be defined
---
This checklist is a template. Tailor numbers and requirements to your customer or region and consult legal/insurance advisors when finalizing.