Multifamily operators have spent the past several years building increasingly sophisticated systems to manage their vendor relationships. Yet a persistent gap remains between the appearance of vendor governance and its actual enforcement. A regional manager can have years of trust in a contractor while that contractor’s insurance certificate sits expired in a shared drive, unnoticed until a claim forces the issue.
This is not a rare failure. It is the result of treating vendor scoring and vendor credentialing as a single, loosely managed function rather than as two distinct disciplines with different inputs, owners, and consequences when they break down.
This report draws on Advisory Council survey data to map where multifamily operators actually stand today, not where vendor management software vendors claim the industry has arrived. The findings point to a familiar pattern: the barriers operators cite are organizational, not technological. Competing priorities, portfolio complexity, and thin staff bandwidth dominate the list of obstacles, while a lack of capable platforms ranks near the bottom. Operators are not failing because the tools don’t exist. They are failing because governance ownership, enforcement authority, and portfolio-wide standards have not been clearly established.
To address that gap, this report separates vendor scoring and vendor credentialing into distinct workstreams, shows how they integrate into a unified preferred-vendor program, and introduces a model that operators can use to diagnose where their organization stands today. The report closes with a sequencing framework for moving toward a governance structure in which vendor compliance is not just monitored but enforced.
What the survey data tells us
The Insights by Blueprint Advisory Council survey data on vendor scoring adoption tells a story of fragmentation. 31% of multifamily operators have a portfolio-wide system for vendor scoring and certification tracking, while 38% rely on ad hoc evaluations and 31% have no formal process. This split reflects a challenge: decentralized portfolios with deeply embedded site-level vendor relationships make standardization feel like overriding the staff closest to the work. Regional managers who have relied on the same contractor for years tend to view a centralized scoring mandate as a source of friction rather than a form of governance.
Platform usage mirrors the same fragmentation. RealPage Vendor Credentialing leads adoption at 23%, Yardi Vendor Café at 15%, and 15% of operators use no dedicated platform. The remaining 46% are distributed across a range of niche or custom solutions, including at least one large enterprise running Entrata, Yardi, and RealPage simultaneously, a configuration that is more common than the industry acknowledges. Multi-PMS portfolios are not an edge case. They are a predictable outcome of growth through acquisition, and they create compliance blind spots that no single ecosystem solution can address.
Certification tracking is the relative bright spot in the data, though its consistency is uneven. 54% of operators receive automated system alerts when vendor credentials are approaching expiration. 8% use a third-party COI verification service, and a further 8% rely on vendors to proactively submit renewals. This delegation of compliance responsibility remains in effect until a vendor’s insurance agent changes, a renewal is delayed, or institutional memory turns over on the vendor side. 23% have no consistent process, meaning they are operating on a reactive posture. Credential gaps surface when someone goes looking, not before.
The barriers operators cite are notably organizational rather than technological. Competing operational priorities led at 31%, followed by portfolio complexity, which makes standardization difficult, and insufficient staff bandwidth, both at 23%. Only 8% identified the lack of a capable technology platform as the primary barrier. This is a finding that the Advisory Council has consistently reinforced. The gap is one of organizational capacity and governance prioritization, and pointing at tooling to explain it is largely a misdiagnosis.

Where vendor scoring & credentialing converge
Vendor scoring and vendor credentialing are often discussed as a unified vendor management problem, but they have distinct failure modes and organizational owners. Building a coherent vendor governance program requires treating them as distinct workstreams before integrating them.
Scoring is retrospective and synthetic. A vendor performance score aggregates work order completion rates, callback and rework frequencies, bid-to-invoice variance, and qualitative input from site staff into a signal about how a vendor has performed over time. The data inputs come from multiple sources and require normalization to be meaningful at the portfolio level. A five-star rating from a site manager in one market does not carry the same informational content as a five-star rating from a site manager in another market unless the scoring criteria are standardized and the evaluation instruments are consistent.
Operators building preferred-vendor tier programs cannot defend those tier placements without a defensible scoring foundation across markets. The International Facilities Management Association groups facility performance metrics into four broad categories — customer satisfaction, maintenance, operational, and financial — and within those, work order completion time, response times, and cost per square foot are among the metrics facilities management leaders most commonly track to hold vendors accountable.
Credentialing is binary and forward-looking. A vendor either holds a current, valid certificate of insurance with the right coverage limits, correct additional insured endorsements, and applicable state trade licenses, or they do not. General liability insurance requirements in multifamily properties typically range from $1 million to $2 million per occurrence. Workers’ compensation requirements vary by state but are non-negotiable for vendors with on-site labor.
State contractor licensing for HVAC, electrical, and plumbing trades differs by jurisdiction and must be tracked at the vendor-plus-state level for multi-state operators. The tracking problem compounds quickly. COIs expire annually, licenses vary in duration by trade and state, and background checks for vendors with access to occupied units add a fourth dimension to the credentialing process. A portfolio of 200 active vendors across 10 states, with licenses tracked by trade and jurisdiction, is not a spreadsheet problem. It is an infrastructure problem.
The integration point is preferred vendor program governance. Scoring data feeds tier placement decisions. Credentialing status determines eligibility to remain in the program at all. Operators attempting to build tiered vendor programs without both inputs are making procurement decisions based on incomplete information. They are potentially awarding preferred status and volume commitments to vendors whose compliance records contain gaps that the scoring system fails to detect.
A 3-stage model for vendor governance
Advisory Council discussions about vendor management consistently surface a distinction that the survey data confirms: the gap between “we have a system” and “the system actually controls outcomes” is the real divide in this space. The following three-stage model provides operators with a diagnostic framework to assess their current state and identify the most productive next investment.
Stage 1: Reactive Compliance. Credentials are collected at vendor onboarding and stored in PMS document fields or shared drives. Expiration management is manual with calendar reminders, email follow-ups, or nothing at all. Scoring, where it exists, lives in site-level notes or email threads. The system depends on institutional memory. When the maintenance coordinator who tracked the vendor files leaves, the tracking leaves with them. Risk surfaces only when something goes wrong, such as a liability claim, an audit, or a coverage gap discovered after work has already been performed. The majority of mid-market multifamily operators remain at this stage, relying on spreadsheets and manual reminder workflows that predictably break down as their portfolios grow.
Stage 2: Monitored Compliance. A dedicated platform centralizes document collection and automates expiration alerts. Platforms operating in this category include RealPage Vendor Credentialing, NetVendor, VendorPM, and myCOI. They each cover different parts of the vendor lifecycle, ranging from COI-focused tools to full-lifecycle governance platforms. PMS work order data feeds basic performance dashboards. Site teams gain visibility into vendor compliance status without having to pull individual records. The critical characteristic of Stage 2 is that enforcement remains procedural rather than structural. When a vendor falls out of compliance, the safeguard is that someone sees the alert, prioritizes it, and acts on it before work proceeds. The system monitors and flags; humans enforce. Understaffing pressure and competing operational priorities — the leading barriers cited in the survey — mean that the human enforcement step is where lapses occur.
Stage 3: Compliance-Led Governance. Compliance serves as an enforcement gate at every vendor interaction, including approval, bid award, dispatch, payment, and contract renewal. A non-compliant vendor cannot be dispatched, cannot win a procurement bid, and cannot be paid regardless of relationship history or tenure in the system. Scoring is weighted, standardized across the portfolio, and integrated directly into procurement decisions and preferred vendor tier placements. The system is PMS-agnostic by design, maintaining a single compliance layer across multi-ownership portfolios regardless of which property management platform underlies each asset. Contract renewals trigger rebid processes rather than auto-renewing into liability without visibility. Advisory Council operators who have reached Stage 3 consistently describe the shift in similar terms: the compliance program ceases to be a monitoring function maintained by staff and becomes an operational constraint enforced by the system autonomously.
The progression from Stage 1 to Stage 3 is not primarily a software procurement decision. It is an organizational design decision about where compliance ownership sits, how enforcement authority is structured, and whether governance standards are set at the portfolio level and applied consistently or negotiated property by property based on site-level relationships.

Sequencing a vendor governance program
The following implementation sequence reflects the approach Advisory Council operators have found most effective for moving from reactive compliance toward compliance-led governance without attempting to build the full process at once.
1. Audit the current credential gap before building anything new. The baseline audit should run across the entire active vendor list. Not just onboarding records, but current COI validity, applicable state licensing by trade and jurisdiction, and background check currency for all vendors with access to occupied units. Most operators discover that the gap is larger than anticipated. Vendors who completed onboarding years ago and have remained in the approved system without subsequent credential verification. The audit result is the business case for investment and the benchmark against which progress is measured.
2. Separate the scoring and credentialing workstreams initially, then integrate. Building a unified system from the ground up is slower and harder than running parallel tracks. Automated credentialing has clearer binary logic. A credential is current, or it is not, and yields faster operational ROI through reduced staff time and liability exposure. Scoring infrastructure should be built on real work order data, with standardized criteria defined in advance, and then integrated with the credentialing layer once both have a track record and organizational buy-in. Attempting to design the full integrated system before either component is operational tends to produce a design process that outlasts the organizational appetite for it.
3. Define the weighted scorecard before deploying collection instruments. The common failure mode in vendor scoring programs is deploying a site survey tool before defining what the scores mean and how they will be used. Operators who define the dimensions and the weights assigned to each before asking site teams to start rating vendors can aggregate and compare data across the portfolio. Operators who deploy the collection mechanism first and figure out the weighting later end up with data they cannot reliably use for procurement decisions.
4. Evaluate platform architecture against the actual portfolio footprint, including likely acquisition activity. PMS-embedded vendor management solutions work within their native ecosystems. They create compliance gaps the moment the portfolio spans multiple systems. Operators managing properties across multiple PMS platforms, or those with active acquisition pipelines, should evaluate platforms with confirmed multi-PMS integration before the gap materializes rather than after. The cost of a purpose-built governance platform is generally lower than the aggregated liability exposure from a compliance layer with structural holes.
5. Build the governance cadence that will sustain the system. The data infrastructure is inert without a review structure that uses it. Monthly dashboard reviews focused on trend monitoring and exception management; quarterly vendor business reviews with the largest-spend relationships, sharing performance data, identifying improvement targets, and documenting outcomes; and an annual scorecard aligned with procurement cycles constitute the governance rhythm that converts a vendor management tool into a vendor management program. Advisory Council operators consistently identify the governance cadence as the element that determines whether the investment in infrastructure produces durable operational change or becomes an expensive monitoring system that nobody acts on.
A lack of tech isn’t the problem
The vendor credentialing gap is not a technology shortfall. It’s a governance choice operators have been making by default, often without realizing it. Every operator currently relying on institutional memory, scattered spreadsheets, or a vendor’s word that their insurance is current has implicitly decided that compliance enforcement can wait until something forces the issue. The survey data make clear that most of the industry is still operating this way, not because better tools don’t exist, but because the organizational work of standardizing scoring criteria, centralizing credential tracking, and assigning enforcement authority hasn’t been prioritized.
The problem doesn’t have to be solved all at once. The operators who make progress tend to be the ones who audit honestly, separate scoring from credentialing before integrating them, and build a governance cadence that uses the data they’re collecting. The cost of that work is real, but it’s bounded and predictable. The cost of discovering a vendor credential gap after a claim has already been filed is neither.
– Nick Pipitone





