Compliance or operations teams typically configure requirements. Developers integrating the API should review this guide to understand how configuration affects certificate evaluation.
What is an insurance requirement?
An insurance requirement is a named collection of rules that define your organization's coverage standards. For example, a "Standard Contractor Requirements" might specify:
- General Liability with $1M per occurrence and $2M aggregate
- Workers' Compensation with statutory limits
- Policy expiration must be in the future
- Your organization listed as additional insured
When a certificate is uploaded, it's evaluated against these rules.
How evaluation works
| Evaluation outcome | Certificate status | What happens next |
|---|---|---|
| All rules pass | approved | Contractor is automatically cleared |
| One or more rules fail | flagged | Queued for manual compliance review |
| Reviewer rejects certificate | denied | Only set manually by a reviewer |
The system never automatically denies a certificate. Failed rules result in flagged status, giving your compliance team the opportunity to review and make case-by-case decisions.
Manual approval of individual rules
When a certificate is flagged, compliance reviewers can approve individual failed rules on a case-by-case basis. For example, if a contractor's coverage is $950,000 but your rule requires $1,000,000, a reviewer might decide this is acceptable and manually approve that specific rule. Once all failed rules are either passing or manually approved, the certificate can be approved.
Default vs. assigned requirements
Every organization has one default requirement that applies when no specific requirement is assigned. You can also assign different requirements to specific entities or job categories.
When a certificate is evaluated, the system determines which requirement to use:
| Priority | Requirement source | Example |
|---|---|---|
| 1 (highest) | Entity-specific requirement | Contractor belongs to "Acme Corp" entity, which has a custom requirement assigned |
| 2 | Organization default | No entity-specific requirement exists, so the default is used |
This allows you to maintain baseline standards while accommodating clients or work types that need different coverage levels.
Important behaviors for developers
| Scenario | Behavior |
|---|---|
| Requirement is edited after certificates were evaluated | Previously evaluated certificates are not re-evaluated. Old audit results remain unchanged. Only new uploads use the updated rules. |
| AI cannot extract a required field | The rule fails. Missing or unparseable fields are treated as non-compliant, ensuring certificates are flagged for human review rather than auto-approved. |
| Requirement is deleted while certificate is processing | In-flight evaluations complete normally. New uploads fall back to the organization default. |