ITAC-08

Does the solution substantially conform to WCAG 2.1 AA?

Explanation

This question is asking whether your software solution complies with the Web Content Accessibility Guidelines (WCAG) 2.1 at the AA level of conformance. WCAG is a set of internationally recognized guidelines developed by the World Wide Web Consortium (W3C) to make web content more accessible to people with disabilities. WCAG 2.1 AA is a specific conformance level that addresses a wide range of accessibility barriers. 'Substantially conform' means either complete compliance with WCAG 2.1 AA or that nearly all user and administrator features meet these guidelines. If there are any limitations, you should document them along with any available workarounds. This question appears in a security assessment because: 1. Accessibility is increasingly considered part of overall security and compliance requirements 2. Many jurisdictions have legal requirements for digital accessibility (like Section 508 in the US or the EU Web Accessibility Directive) 3. Accessibility issues can sometimes create security vulnerabilities when users with disabilities need to work around inaccessible features 4. Organizations want to ensure their technology investments meet all compliance requirements, not just security-specific ones To best answer this question: 1. Be honest about your current level of WCAG 2.1 AA conformance 2. If you fully comply or have only minor exceptions, answer 'Yes' 3. Document any specific limitations and workarounds for areas that don't conform 4. If you conform to a newer standard like WCAG 2.2 AA, you can also answer 'Yes' 5. If you have conducted formal accessibility testing or have a VPAT (Voluntary Product Accessibility Template), mention this in your response

Guidance

Solutions "substantially conform" if they entirely meet WCAG 2.1 AA or if almost all user and administrator features conform. Documentation about limitations and/or workarounds should be provided where WCAG conformance is not presently achieved. If the solution substantially conforms to a newer standard such as WCAG 2.2 AA, answer "yes."

Example Responses

Example Response 1

Yes Our solution has been thoroughly tested and conforms to WCAG 2.1 AA standards across all user and administrator interfaces We conduct regular automated testing using axe-core and WAVE tools, supplemented by manual testing with screen readers (JAWS, NVDA) and keyboard-only navigation We maintain a current Voluntary Product Accessibility Template (VPAT) documenting our conformance, which is available upon request Our development process includes accessibility requirements in all new features, and we perform accessibility testing as part of our QA process before each release.

Example Response 2

Yes, with documented exceptions Our solution substantially conforms to WCAG 2.1 AA standards with two known limitations: (1) Our interactive data visualization components partially support screen readers but lack some context for complex charts - we provide an accessible data table alternative for these elements; (2) Some administrative configuration screens for advanced settings have limited keyboard navigation - we provide documented keyboard shortcuts and alternative workflows for administrators who require keyboard-only access We maintain a detailed accessibility conformance report that documents these limitations and their workarounds We have an accessibility roadmap to address these exceptions in our next two quarterly releases.

Example Response 3

No While we have implemented some accessibility features, our solution does not yet substantially conform to WCAG 2.1 AA standards We currently face challenges with keyboard navigation in several core workflows, insufficient color contrast in parts of our UI, and incomplete screen reader support for dynamic content We recognize the importance of accessibility and have initiated a formal remediation project with a third-party accessibility consultant Our roadmap includes achieving WCAG 2.1 AA conformance within the next 12 months, with incremental improvements in each quarterly release In the interim, we can provide alternative accessible workflows for specific use cases upon request, though these may have limited functionality compared to the primary interface.

Context

Tab
IT Accessibility
Category
IT Accessibility

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Signature
Neil Cameron
Founder, ResponseHub
Neil Cameron