Third party risk certification verifies that your subcontractors meet defined standards for insurance, safety, financial health, and regulatory compliance before they work on your projects. In construction, "third party" refers to any entity that performs work under your supervision but is not your direct employee. That means every subcontractor, supplier with on-site presence, and specialty contractor qualifies as a third party whose risk you must manage.

This guide explains the certification process step by step, from defining your standards through issuing certification and monitoring ongoing compliance.

Why Third Party Risk Certification Matters

Every subcontractor on your project introduces risk. If their insurance lapses, you carry the exposure. If their workers get injured, your project faces delays and your experience rating may be affected. If they default financially, you pay to replace them.

A 2025 Zurich Construction study found that GCs with formal certification programs experienced 31% fewer subcontractor-related claims than those without. The certification process filters out the highest-risk subcontractors before they reach your jobsite.

Liability transfer. Certification confirms that the sub's insurance program supports the risk management framework defined in your subcontract. Without verification, the contractual risk transfer you rely on may not be backed by actual coverage.

Owner requirements. Major project owners now require GCs to demonstrate a pre-qualification process during contractor selection. A documented certification program meets this requirement and differentiates your firm in competitive bids.

Regulatory compliance. Federal and state regulators hold GCs responsible for conditions on their jobsites, including the actions of subcontractors. Certification demonstrates that you exercise reasonable care in selecting trade partners.

How the Certification Process Works

The certification process follows a defined sequence. Each step builds on the previous one.

Step 1: Application. The subcontractor completes a pre-qualification questionnaire covering company information, insurance details, safety records, financial data, and project references. Standardize this questionnaire so every applicant provides the same data points.

Step 2: Document collection. Request supporting documents including certificates of insurance, endorsement pages, EMR letters, OSHA 300 logs, financial statements or surety letters, and state license verification. Set a deadline for document submission.

Step 3: Verification. Verify the accuracy of submitted documents. Confirm insurance coverage with the carrier or broker. Validate EMR with the state rating bureau. Check licensing with the state license board. Verify OSHA history through the federal database.

Step 4: Scoring. Apply your scoring rubric to evaluate the subcontractor across all risk categories. Weight each category according to its importance to your risk profile. Generate a composite score.

Step 5: Decision. Based on the composite score, issue one of three decisions: certified (meets all standards), conditionally certified (meets most standards with corrective items), or denied (does not meet minimum standards).

Step 6: Communication. Notify the subcontractor of the decision. For conditional certifications, specify the corrective items and deadlines. For denials, explain the reasons and allow for reapplication after corrective action.

Scoring Framework

A quantitative scoring framework removes subjectivity from the certification decision.

Risk Category	Weight	Scoring Range	Minimum to Pass
Insurance compliance	25%	0-100	70
Safety performance (EMR, TRIR)	25%	0-100	70
Financial stability	20%	0-100	60
Regulatory compliance	15%	0-100	80
Experience and references	15%	0-100	60

A subcontractor must meet the minimum score in each category AND achieve a composite score of 70 or higher to receive certification. This prevents a strong score in one area from masking a critical deficiency in another.

Insurance scoring details. Full marks for coverage limits meeting or exceeding requirements, valid endorsements on file, clean loss history, and A-rated carrier. Deductions for limits below requirements, missing endorsements, high claims frequency, or carrier below A-.

Safety scoring details. Full marks for EMR below 0.85, TRIR below industry average, documented safety program, and designated safety officer. Deductions for EMR above 1.0, TRIR above average, no written safety program, or recent serious OSHA violations.

Common Certification Requirements

Most GC certification programs include these minimum requirements.

Insurance minimums. CGL with $1M-$2M per occurrence. Workers' compensation at statutory limits. Auto liability at $1M. Umbrella at $1M-$5M. Additional insured and waiver of subrogation endorsements. Coverage from an AM Best A- or better carrier.

Safety minimums. EMR at or below 1.0. Written safety program. Designated safety officer or competent person. OSHA 10-hour training for field staff. No willful OSHA violations in the past 3 years.

Financial minimums. Bonding capacity sufficient for the subcontract value. No outstanding tax liens. No bankruptcy filings in the past 5 years. Positive references from at least 3 recent project owners or GCs.

Regulatory minimums. Current state contractor license. Current workers' compensation coverage in the project state. No debarment from government contracts.

Read the full pillar guide at Third Party Risk Certification: Everything GCs Need to Know.

Technology for Certification Management

Managing certification manually works for GCs with fewer than 25 active subcontractors. Beyond that threshold, technology becomes necessary.

Pre-qualification platforms. Online portals where subs submit applications and documents. The platform tracks completeness, sends reminders, and routes applications for review.

Scoring automation. Software that applies your scoring rubric to submitted data and generates composite scores. Automated scoring eliminates reviewer bias and speeds the evaluation process.

Monitoring dashboards. Real-time views of certification status across all active subcontractors. Dashboards flag expiring certifications, missing documents, and risk score changes.

Integration capabilities. The best platforms connect to your ERP, project management, and insurance tracking systems. Integration allows certification status to flow into procurement decisions and payment workflows.

Use Our EMR Calculator

Calculate subcontractor risk scores as part of your certification process. Our EMR Calculator Tool benchmarks safety performance against industry standards.

FAQs

What documents do subcontractors need for third party risk certification? Subcontractors must submit certificates of insurance with endorsement pages, an EMR letter from their carrier, three years of OSHA 300 logs, financial statements or a surety letter, state contractor license, workers' compensation verification, and references from three recent projects. Some GCs also require a written safety program and training records.

How long is a third party risk certification valid? Most certifications are valid for one year. Re-certification requires updated documentation and a fresh evaluation. Event-driven reviews may occur between annual cycles if the sub experiences a serious safety incident, financial change, or insurance lapse.

Can a subcontractor appeal a certification denial? Yes. Most programs allow subcontractors to appeal by addressing the specific deficiencies cited in the denial. Common appeal paths include obtaining additional insurance coverage, providing updated financial documentation, or implementing a corrective action plan for safety deficiencies. Allow 30-60 days for reapplication.

What is the difference between pre-qualification and certification? Pre-qualification is often a simpler pass/fail check of basic requirements. Certification is a scored evaluation across multiple risk categories that results in a formal certification with a defined validity period. Certification programs are more rigorous and provide better risk differentiation.

How does certification affect subcontractor pricing? Some subcontractors express concern that certification requirements increase their costs. In practice, the additional documentation is data that well-run subs already maintain. Certification programs filter out unreliable competitors, which can reduce the downward price pressure from unqualified bidders. Certified subs often win more work because they are pre-approved.

Should small GCs implement third party risk certification? Yes, but scale the program to your size. A small GC with 10-15 active subcontractors can use a simplified questionnaire, basic scoring rubric, and spreadsheet tracking. The key is consistency. Apply the same standards to every subcontractor regardless of your company size.

Build Your Certification Program

SubcontractorAudit provides the tools to evaluate, score, and certify subcontractor risk from a single platform. Request a demo to see how the system supports your risk certification process.