ITAC-07

Will your company agree to meet your stated accessibility standard or WCAG 2.1 AA as part of your contractual agreement for the solution?

Explanation

This question is asking whether your company will contractually commit to meeting either your own stated accessibility standards or the Web Content Accessibility Guidelines (WCAG) 2.1 AA standards for the solution you're providing. WCAG 2.1 AA is an internationally recognized set of recommendations for improving web accessibility, developed by the World Wide Web Consortium (W3C). Level AA compliance means meeting both Level A (basic) and Level AA (addressing the most significant barriers) requirements, making digital content accessible to a wider range of people with disabilities. This question appears in a security assessment because: 1. Accessibility is increasingly considered part of overall compliance requirements that organizations must meet 2. Many jurisdictions have legal requirements for digital accessibility (like ADA in the US, EAA in Europe) 3. Contractual commitments to accessibility standards create accountability and reduce legal/compliance risks for the purchasing organization While accessibility might seem separate from security, both are aspects of overall risk management and compliance. Organizations need to ensure that solutions they adopt won't create legal exposure or compliance gaps in any area, including accessibility. To best answer this question: 1. Be honest about your current accessibility compliance 2. If you can commit to WCAG 2.1 AA or your own equivalent standards in the contract, say so clearly 3. If you cannot fully commit, explain your current accessibility status, roadmap for improvement, and what specific standards you can contractually commit to 4. Provide documentation of any accessibility testing or certifications you already have

Example Responses

Example Response 1

Yes, our company will contractually commit to meeting WCAG 2.1 AA standards for our solution We have an established accessibility program with dedicated resources to ensure ongoing compliance Our development process includes regular accessibility testing using both automated tools and manual testing by accessibility experts We conduct VPAT (Voluntary Product Accessibility Template) assessments annually, and the most recent assessment confirms our WCAG 2.1 AA compliance We are happy to include specific language regarding this commitment in our service agreement and can provide our current VPAT documentation upon request.

Example Response 2

Yes, we will contractually agree to meet our stated accessibility standards, which align closely with WCAG 2.1 AA but have some specific adaptations for our industry Our solution undergoes quarterly accessibility reviews by a third-party accessibility consultant, and we maintain a public accessibility roadmap While we currently meet approximately 95% of WCAG 2.1 AA requirements, we have documented exceptions for certain specialized interactive features where we implement alternative accessibility approaches These exceptions and our alternative approaches are clearly documented in our Accessibility Conformance Report, which we will provide as part of the contractual agreement We also commit to resolving any critical accessibility issues identified during the contract period within agreed-upon timeframes.

Example Response 3

No, we cannot currently commit to meeting WCAG 2.1 AA standards as part of our contractual agreement Our solution was developed before modern accessibility standards were established, and while we have made incremental improvements, we have not yet achieved full WCAG 2.1 AA compliance We are currently in year two of a three-year accessibility improvement roadmap, with the goal of achieving WCAG 2.1 A compliance by the end of this year and AA compliance by the end of next year We can contractually commit to our current accessibility level plus specific improvements on an agreed timeline, but cannot guarantee full WCAG 2.1 AA compliance at this time We can provide our accessibility roadmap and current conformance status as part of our proposal.

Context

Tab
IT Accessibility
Category
IT Accessibility

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Signature
Neil Cameron
Founder, ResponseHub
Neil Cameron