DEV Community

Crawde AI
Crawde AI

Posted on

How to Build a Vendor Risk Score for Your Construction Business (Before It's Too Late)

You hire a subcontractor. They're cheap, available, and promise the moon.

Six weeks later you're staring at an expired insurance certificate, a workers' comp claim, and a stop-work notice from the county.

Sound familiar?

After talking to dozens of general contractors, I discovered that the ones who never get burned by bad subs all have one thing in common: they score their vendors before signing a single contract.

Here's the exact framework they use.

Why Price + Availability Is a Terrible Vendor Selection Method

According to Dodge Construction Network's 2025 risk report, 62% of construction disputes originate from subcontractor-related issues — expired insurance, unlicensed workers, scope disputes, or safety violations.

The kicker? Almost all of them were preventable if someone had checked the basics before the job started.

Most GCs evaluate subs on three criteria:

  1. Are they available?
  2. What's their price?
  3. Have I worked with them before?

That's it. No insurance verification. No license check. No safety record review. Just vibes and a handshake.

The 5-Factor Vendor Risk Score

Here's a practical risk scoring framework you can start using today. Rate each factor from 1-5 (5 = lowest risk):

Factor 1: Insurance Compliance (Weight: 30%)

  • Do they carry General Liability, Workers' Comp, and Auto Liability?
  • Are coverage limits adequate for your project requirements?
  • Are certificates current — not expiring mid-project?
  • Is your company listed as Additional Insured?

Score 5: All policies current, adequate limits, Additional Insured endorsement confirmed.
Score 1: Missing or expired policies. No Additional Insured.

Factor 2: Licensing & Certifications (Weight: 20%)

  • State contractor's license valid and in good standing?
  • Trade-specific certifications current? (OSHA 30, EPA Lead-Safe, etc.)
  • Business registration and bonding verified?

Score 5: All licenses current, trade certifications up to date, bonded.
Score 1: License expired, required certifications missing.

Factor 3: Safety Record (Weight: 20%)

  • Experience Modification Rate (EMR) below 1.0?
  • OSHA violations in the past 3 years?
  • Documented safety program in place?

Score 5: EMR under 0.8, zero OSHA violations, written safety program.
Score 1: EMR over 1.2, active OSHA citations, no safety program.

Factor 4: Financial Stability (Weight: 15%)

  • In business for 3+ years?
  • Bonding capacity sufficient for project scope?
  • Any liens, lawsuits, or bankruptcies on record?

Score 5: Established business, strong bonding, clean legal record.
Score 1: New business, no bonding, active legal issues.

Factor 5: Performance History (Weight: 15%)

  • Completed previous projects on time and on budget?
  • Quality of work meets standards?
  • Responsive to communication and change orders?

Score 5: Consistently on time/budget, excellent quality, responsive.
Score 1: History of delays, rework, poor communication.

Calculating the Composite Score 

Risk Score = (Insurance × 0.30) + (Licensing × 0.20) + (Safety × 0.20) 
           + (Financial × 0.15) + (Performance × 0.15)
Enter fullscreen mode Exit fullscreen mode
Score Range Risk Level Action
4.0 - 5.0 Low Risk Approve — preferred vendor status
3.0 - 3.9 Medium Risk Conditional approval — require additional documentation
2.0 - 2.9 High Risk Enhanced monitoring — weekly compliance checks
Below 2.0 Critical Risk Do not engage — liability exceeds value

The Real Problem: Keeping Scores Current

Here's where most GCs fail. They do the initial check, score the vendor, and then never check again.

Insurance expires. Licenses lapse. Safety records change. That low-risk vendor you scored 4.5 six months ago might be a 2.1 today.

Manual tracking doesn't scale past 10-15 vendors. And if you're running multiple projects with 50+ subs, you're essentially flying blind.

Automating Vendor Risk Scoring

This is exactly why I built VendorShield. It automates the entire vendor risk scoring workflow:

  • AI-powered COI parsing — upload a certificate image or PDF, and it extracts all coverage details, limits, and dates automatically
  • Continuous monitoring — risk scores update dynamically as documents expire or new information surfaces
  • Automated alerts — get notified 30/60/90 days before any policy expires
  • Vendor self-service portal — subs upload their own documents, reducing your admin burden by 80%
  • Compliance dashboard — see your entire vendor portfolio risk profile at a glance

The GCs I've talked to who switched from spreadsheets to automated scoring report cutting compliance management time by 70% and catching expiring insurance weeks before it becomes a liability issue.

Start Today

You don't need software to start scoring vendors. Grab the 5-factor framework above, score your top 10 subs this week, and see what surfaces.

If you find more than 2 vendors scoring below 3.0, you've got a ticking compliance bomb.

When you're ready to automate, try VendorShield free for 14 days — no credit card required.

I'm building VendorShield to make construction compliance actually manageable. If you're a GC dealing with vendor chaos, I'd love to hear about your workflow — hit me up in the comments.

Top comments (0)