ITAC-06

Has a VPAT or ACR been created or updated for the solution and version under consideration within the past 12 months?

Explanation

This question is asking whether your organization has created or updated a Voluntary Product Accessibility Template (VPAT) or Accessibility Conformance Report (ACR) for the specific version of your software solution that's being assessed, and whether this was done within the past 12 months. A VPAT/ACR is a document that explains how information and communication technology (ICT) products such as software, hardware, electronic content, and support documentation meet (or don't meet) the Section 508 Standards and WCAG 2.0 Guidelines for accessibility. These documents help organizations understand whether your product is accessible to people with disabilities. This question appears in a security assessment because accessibility is increasingly considered part of overall compliance and risk management. Organizations may have legal obligations to provide accessible technology (especially government and educational institutions), and using inaccessible software could expose them to legal and reputational risks. To best answer this question: 1. Verify if your organization has created a VPAT/ACR specifically for the version of the product being assessed 2. Check when the VPAT/ACR was last updated - it must be within the past 12 months 3. If you have a current VPAT/ACR, provide a link to it or attach it 4. If you don't have one, or it's outdated, answer 'No' (don't guess or assume) Even if your product has strong accessibility features, without a current VPAT/ACR documentation, the answer should be 'No'.

Guidance

If your answer is “I do not know,” select “no.” If the VPAT/ACR is for an older version of the product or has not been updated, its information does not accurately reflect the accessibility of the product under consideration and the response should be "no." Provide a link or attachment to the most recent VPAT/ACR.

Example Responses

Example Response 1

Yes Our organization completed a VPAT 2.4 WCAG 2.1 Accessibility Conformance Report for CloudSecure Platform version 4.2 in March 2023, which is the version currently being assessed The VPAT was created by our internal accessibility team in collaboration with an independent third-party accessibility consultant The document details our conformance with WCAG 2.1 A, AA, and AAA success criteria You can access the full VPAT at https://cloudsecure.com/accessibility/vpat-v4.2.pdf or I can provide it as an attachment to this assessment.

Example Response 2

Yes We updated our Accessibility Conformance Report for DataShield Pro version 7.8 in November 2023 This ACR follows the VPAT 2.4 format and covers all relevant WCAG 2.1 AA criteria as required by Section 508 The assessment was conducted by AccessibilityWorks, Inc., a specialized third-party auditor The report indicates that our product meets 38 of the 50 applicable success criteria, with remediation plans in place for the remaining items I've attached the complete ACR document to this assessment response for your review.

Example Response 3

No While we do have a VPAT for our SecureAuth Platform, it was last updated in January 2022 for version 3.5 Our current version under consideration is 4.2, which includes a redesigned user interface and several new features We recognize the importance of accessibility documentation and have scheduled a new accessibility assessment with a third-party specialist to create an updated VPAT for version 4.2 This assessment is scheduled to begin next month, and we expect to have an updated VPAT available within 60 days.

Context

Tab: IT Accessibility
Category: IT Accessibility