The contract is where a good security company protects you — and where a bad one leaves you exposed. Here's what to verify on insurance, indemnification, post orders, and billing before you sign, plus a state-by-state look at license insurance minimums and a full checklist.
A security contract isn't just paperwork — it's the document that decides who pays when a guard is hurt, a visitor is injured, or coverage silently fails. A strong contract, backed by the right insurance, shifts those risks to the security company. A weak one quietly leaves them with you. This guide walks through exactly what to check before you sign — from certificates of insurance and liability limits to indemnification, post orders, and billing — and ends with a pre-signing checklist you can take to any bid, anywhere in the country.
Get a current certificate of insurance directly from the insurer, require $1M/$2M general liability with your business named additional insured, confirm workers' compensation, read the indemnification clause, and lock down post orders, staffing SLAs, and billing terms in writing.
Certificate of insurance (COI)
A COI — usually the standard ACORD 25 form — proves a policy exists, but it is not the policy and cannot itself add or increase coverage. Demand it directly from the insurer or broker, confirm it lists your entity as certificate holder, and verify the policy is active by policy number. If a certificate shows limits or additional-insured status that were never actually endorsed onto the policy, that coverage effectively doesn't exist. Re-request a fresh COI at each renewal and before work begins, and remember the certificate holder alone gains no right to file claims under the policy — that requires being named an additional insured.
Liability limits to require
The market baseline for a security contract is $1 million per occurrence / $2 million aggregate in commercial general liability — the standard chosen by the large majority of small businesses and common in commercial contracts and leases. For armed, high-value, enterprise, or government work, require $2M/$4M or add an umbrella/excess layer, typically stacked in $1M increments over the primary policy.
Many states also make a minimum a licensing condition — so a properly licensed firm already carries at least this much. The floor varies widely:
| State (license minimum) | Required coverage / bond |
|---|---|
| California, Virginia, Maryland (5+ guards) | $1,000,000 general liability |
| Florida, Tennessee | $300,000 combined |
| Ohio, Arizona, District of Columbia | $100,000 / $300,000 |
| North Carolina | $50,000–$100,000 |
| Washington | $25,000 / $25,000 |
| Michigan | $25,000 surety bond |
| Minnesota | $10,000 surety bond |
| New Jersey, Massachusetts | $5,000 surety bond |
Note how low some state minimums are: a $5,000 bond or $25,000 policy is nowhere near enough to cover a serious injury claim. The state minimum tells you the firm is licensed — it does not tell you it carries enough coverage for your risk. That's why you specify $1M/$2M (or more) in the contract regardless of the state floor. Confirm the firm is licensed using our license-verification guide.
Additional insured
Being named an additional insured gives you a direct path to the security firm's insurer for claims arising out of its work. Insist on a current, standard endorsement — the ISO CG 20 10 for ongoing operations and CG 20 37 for completed operations — with the modern "caused, in whole or in part, by" wording, and get the actual endorsement, not just a checkbox on the COI. Under the current ISO forms (a change dating to the 2013 editions), additional-insured limits are capped at the lesser of the contract-required amount or the policy's available limits, so confirm the underlying limits are adequate. Also require "primary and non-contributory" language and a waiver of subrogation so the firm's insurer pays first and can't later come after you.
Workers' compensation
Workers' compensation is the coverage that keeps an injured guard's claim off your desk. Under the "exclusive remedy" doctrine, an employee injured on the job is generally limited to a workers' comp claim against their own employer — the security company — rather than suing the client. That protects you from liability for injuries to the firm's guards, who are its employees, not yours. Confirm the firm carries current workers' comp and employer's liability, and that the contract affirms the guards are the firm's employees. Watch for misclassification: a firm that treats guards as "independent contractors" to dodge workers' comp is a liability you don't want to inherit. (Exceptions to exclusivity, such as intentional acts, vary by state.)
Armed coverage: watch the exclusions
Standard commercial general-liability policies commonly exclude assault & battery and firearms/use-of-force — precisely the exposures that matter for security work. For armed guards, confirm a specific assault-and-battery and firearms-liability endorsement, and check its limit: these endorsements are often sublimited (illustratively $50,000–$100,000) with defense costs eroding the limit. A shooting claim against a $50,000 sublimit is cold comfort. See armed vs. unarmed guards.
Indemnification and liability caps
Indemnification (hold-harmless) clauses decide who covers third-party claims. They range from limited (the firm's own acts), to intermediate (comparative fault), to broad (even the client's own negligence). The safest for you is indemnity to the extent caused by the security firm's negligence. The single most important check: the indemnity must not be broader than the firm's insurance — any gap is self-insured and worthless if the firm can't pay. Watch limitation-of-liability caps too, and how they interact with the indemnity, since courts often carve third-party indemnities out of a general damages cap. For higher-risk engagements, have counsel review this language — indemnity enforceability is state-specific.
Post orders and staffing SLAs
The scope of work defines what coverage means; post orders are the daily, per-post playbook. Specify who can change them and when a change triggers a price adjustment. Require a service-level agreement with measurable commitments: officers per shift, supervisor presence, fill-rate guarantees, and no-show/backup response times — ideally with financial remedies for failures. This is not theoretical: real contracts (for example, a major airport's guard-services SLA) deduct set amounts per occurrence — $500 for failing to supply required qualified personnel, $250 for failing to provide a timely replacement — when the vendor misses. Track "dark posts" (unstaffed shifts) and non-billable overtime as leading indicators of account health, and secure audit rights so you can verify performance.
Billing and rate transparency
A bill rate is pay rate plus overhead plus margin, with the guard's wage typically 55–65% of the total and margin around 10–15%. Demand a line-item breakdown — two identical-looking bids can hide very different pay rates and service levels, and a suspiciously low pay rate drives turnover and unstaffed posts. Make sure the contract states:
- Overtime and holiday multipliers (commonly 1.5× / 2×).
- Minimum-hour rules (event and short-shift work often carries a 4-hour minimum).
- Any equipment, uniform, training, or technology fees.
- How and when rate escalations apply — many states raise the minimum wage annually, and you want to know whether the firm passes that through automatically or within an agreed cap.
Termination and warranties
Include a defined notice period, termination for cause, and performance-based termination for repeated staffing or reporting failures — and watch for auto-renewal traps. Require representations and warranties that the firm and its guards hold current state (or local) licenses, carry the specified insurance, and keep certificates current for the full term. Add exit procedures for equipment return, final invoicing, and transfer of logs and incident reports, so a change of provider doesn't leave you without records.
What good post orders contain
Post orders are the operational heart of the contract — the document that tells a guard exactly what to do on your site — and vague ones are the root of most disputes. A strong set specifies, for each post: the hours and coverage; specific duties (access control, patrol routes and frequency, opening/closing procedures, key control); who to contact and when, with an escalation ladder from routine incident to life-safety emergency; reporting requirements (daily activity logs, incident reports, and how fast you receive them); emergency procedures (fire, medical, active threat, evacuation); and use-of-force and conduct standards. Post orders should be a living document — reviewed when your site changes — and the contract should say who can amend them and when a change affects price. Insist on seeing a draft before you sign; a provider that can produce detailed, site-specific post orders is one that actually runs its posts.
Negotiating the contract
More is negotiable than most buyers realize. Beyond the rate, you can push on: the initial term and a trial period (favor a short first term over a long lock-in); termination and notice (a reasonable notice window and termination for cause on repeated failures); the SLA and its remedies (get financial teeth on fill-rate and reporting misses); rate escalation (a defined, capped annual adjustment rather than open-ended); insurance terms (limits, additional insured, primary/non-contributory); and continuity commitments (named supervisors, turnover limits). Volume and contract length are your main leverage — multiple sites or a longer term earn better pricing and terms. Come in with your scope and requirements written down, get at least three competing bids, and you'll negotiate from strength rather than accepting a boilerplate contract as-is.
Planning for the exit
Every contract ends eventually, and the time to plan the exit is before you sign. Make sure the agreement addresses offboarding: the notice period, return of keys, access credentials, and equipment, a clean transfer of logs and incident records to you or a successor provider, final invoicing terms, and cooperation during a transition so your coverage never gaps. Watch especially for auto-renewal clauses with long cancellation windows, which can trap you into another term by inertia. A provider confident in its service won't hide behind lock-in — it will earn the renewal.
Coverage beyond general liability
General liability and workers' comp are the foundation, but depending on the service, several other coverages matter:
- Commercial auto — essential if the provider runs mobile patrol or transports anyone. A guard in a company vehicle is an auto-liability exposure a GL policy won't cover.
- Professional liability (errors & omissions) — covers claims that the security service itself was negligent (a missed patrol, a failure to respond), which GL may not reach. Worth requiring for consulting, monitoring, or high-stakes sites.
- Firearms and assault-and-battery endorsements — non-negotiable for armed work, since standard GL commonly excludes both. Check the sublimit, not just that it exists.
- Umbrella / excess liability — sits above the primary policies for large or high-risk contracts, typically in $1M increments.
- Cyber liability — increasingly relevant where the provider handles access-control data, camera feeds, or your systems.
How to read a certificate of insurance
When the COI (ACORD 25) arrives, don't just file it — read it. Confirm the named insured matches the company you're contracting with; check the coverage types and limits against what your contract requires (general liability, auto, workers' comp, umbrella); verify the policy effective and expiration dates cover your full term; and confirm your organization appears as certificate holder and, where required, that the additional insured and waiver of subrogation boxes are checked — then ask for the actual endorsements behind those checkboxes. Note the producer (broker) contact so you can verify the certificate is genuine and set a calendar reminder to re-request a fresh COI before the policy expires. A certificate that's expired, under-limit, or missing an endorsement your contract requires is a problem to resolve before work begins, not after a claim.
Common contract traps
A few clauses catch buyers repeatedly:
- Auto-renewal with a long notice window. A contract that renews automatically unless you cancel 90 days out can lock you in for another year by inertia.
- Indemnity broader than insurance. If the firm indemnifies you for more than its policy covers, the gap is worthless when it matters.
- Uncapped or automatic rate escalation. Minimum-wage pass-throughs are legitimate, but you want them defined and bounded, not open-ended.
- Vague scope and post orders. If the contract doesn't say exactly what "coverage" means, you'll argue about it later.
- No SLA teeth. Staffing guarantees with no financial remedy are aspirations, not commitments.
- Silence on subcontracting. Confirm whether the firm can subcontract your posts to another company — and whether that company is licensed and insured too.
Clause by clause: language to demand and to reject
Contracts turn on specific words, and the difference between a phrase that protects you and one that quietly shifts risk back onto you is often a single clause. Here's the wording to insist on versus the wording to push back on:
| Topic | Demand this | Reject or renegotiate this |
|---|---|---|
| Indemnification | "…to the extent caused by Provider's negligence or willful misconduct" | "…for any and all claims arising from the services" (sweeps in your own negligence) |
| Insurance | "Client named additional insured, primary and non-contributory, with waiver of subrogation" | "Provider maintains insurance" (no additional-insured, no proof) |
| Termination | "Either party may terminate for cause on 30 days' notice; Client may terminate for repeated SLA failure" | "Auto-renews for successive one-year terms unless cancelled 90 days prior" |
| Rate escalation | "Rates fixed for the term; annual increase capped at a set % or CPI" | "Rates subject to change" or an uncapped pass-through |
| Staffing | "Guaranteed fill rate, with a credit per unstaffed shift" | "Provider will use reasonable efforts to staff" |
| Subcontracting | "No subcontracting without written consent; subcontractors held to these terms" | Silence (which permits unvetted, possibly unlicensed subcontracting) |
You won't win every point, but knowing which phrases matter — and that an "any and all claims" indemnity or a 90-day auto-renewal are negotiable, not standard boilerplate — is how you avoid signing away protections you didn't know you had.
Pre-signing checklist
- Current COI (ACORD 25) obtained directly from the insurer/broker; policy active by policy number.
- General liability meets or exceeds $1M/$2M, on an occurrence basis (higher for armed/enterprise) — regardless of the state license minimum.
- Your organization named additional insured via a current ISO endorsement (the actual endorsement, not just the COI).
- "Primary and non-contributory" language and a waiver of subrogation on the GL policy.
- Workers' compensation and employer's liability in force for all officers; guards confirmed as employees, not contractors.
- For armed guards, assault & battery and firearms/use-of-force endorsements with adequate (non-token) limits.
- Commercial auto if patrol vehicles are used; professional liability where warranted.
- State (or local) license/registration verified directly with the licensing board.
- Indemnification limited "to the extent caused by" the firm's negligence, and not broader than its insurance.
- Scope of work and post orders defined, including who can change them.
- SLA with measurable KPIs, fill-rate guarantees, financial remedies, and audit rights.
- Line-item bill-rate breakdown with overtime/holiday multipliers, minimum hours, and escalation terms.
- Termination/notice terms without auto-renewal traps, plus exit procedures for records and equipment.
Once your requirements are clear, compare providers who can meet them: get free quotes from licensed security companies, or browse verified companies in your area.
Frequently asked questions
How much insurance should a security guard company have?+
What is a certificate of insurance and can I trust it?+
Am I liable if a security guard is injured on my property?+
Should I be named an additional insured on the security company's policy?+
Does a standard security policy cover armed guards and use of force?+
Share this guide
Sources
- California BSIS — PPO Insurance Requirements
- IRMI — Additional Insured Issues (CG 20 10 / CG 20 37)
- Insureon — General Liability Insurance Limits
- FindLaw — Workers' Compensation as the Exclusive Remedy
- The Hartford — Certificate of Insurance (COI) explainer
- American Bar Association — Assault & Battery Exclusions in CGL Policies



