Vendor Compliance Registry — cross-org contractor docs keyed on EIN

Vendor Compliance Registry is the platform's shared book of record for contractor compliance. Once a vendor uploads their W-9, COI, workers' comp policy, and contractor license to Turtini, every org that hires them sees the verified state — no re-uploading per customer.

The registry is keyed on EIN (Employer Identification Number). One EIN = one vendor in the registry. Cross-org propagation works because the registry sits above any single org's books.

Required docs per use case (extensible):

• **General contractor / field service / property ops:** W-9, COI (Certificate of Insurance), contractor license
• **Default (light vendor relationships):** W-9 only
• Each org can declare additional kinds it requires for specific jobs.

Doc statuses you'll see on a vendor card:

• **Green** — every required doc is verified, none expiring within 30 days
• **Yellow** — at least one required doc is pending verification, or one is expiring within 30 days
• **Red** — at least one required doc is missing or expired
• **Unknown** — vendor hasn't claimed their EIN in the registry yet

Public-record docs (Contractor License, EIN registration) propagate freely — Turtini verifies them via state licensing boards and the IRS lookup, and every org querying that EIN sees the verified state. No consent needed; these are public records.

Sensitive docs (W-9, COI, Workers' Comp) require per-org consent from the vendor. When you save an EIN on a Contact, the platform offers to send the vendor a consent request: "Acme Corp wants to verify your contractor documents — accept to share your existing W-9, COI, and license proof." The vendor accepts once; from then on your org sees the URLs and verified state.

How to add an EIN to a vendor: open the Contact in Accounts, fill in the EIN field. The Vendor Compliance card on the Accounting → Vendor Compliance tab refreshes with the registry state and any docs your org has been granted access to. If the vendor hasn't claimed their EIN yet, the card shows "Vendor not yet in the registry" with a button to invite them.

Where vendors upload their docs: vendors go to Personal context → "My Compliance" (or /me/compliance) — that's the Personal-side surface where they upload once and consent per-org afterward. See: Sharing your contractor docs with orgs.