ITAC-13

Have you adopted a technical or legal standard of conformance for the solution?

Explanation

This question is asking whether your solution (software, application, or service) adheres to recognized accessibility standards that ensure people with disabilities can effectively use your product. IT accessibility refers to designing technology that can be used by people with various disabilities, including visual, auditory, physical, speech, cognitive, and neurological disabilities. The question is being asked in a security assessment because: 1. Compliance with accessibility standards is often a legal requirement when selling to government institutions, educational organizations, and other entities that must adhere to accessibility laws. 2. Accessibility compliance is increasingly viewed as part of an organization's overall risk management and compliance framework. 3. Failure to meet accessibility requirements can expose organizations to legal liability, financial penalties, and reputational damage. Common technical standards for accessibility include: - Web Content Accessibility Guidelines (WCAG) 2.0 or 2.1 (typically at Level AA) - Section 508 of the Rehabilitation Act (U.S. federal agencies) - EN 301 549 (European standard) - ADA (Americans with Disabilities Act) requirements To best answer this question, you should: 1. Clearly identify which specific technical or legal standards your solution conforms to 2. Mention any certifications or compliance verification processes you've completed 3. Describe how you test for and maintain accessibility compliance 4. If applicable, note any areas where your solution may not fully comply and what remediation plans exist

Guidance

Various federal and state governments in the United States and around the world have mandated accessibility technical requirements that should be considered and may be required when selling solutions to institutions in these jurisdictions.

Example Responses

Example Response 1

Yes, our solution conforms to the Web Content Accessibility Guidelines (WCAG) 2.1 Level AA standards We have implemented these standards throughout our application and conduct regular automated testing using axe DevTools and manual testing with screen readers and other assistive technologies Our development team receives annual training on accessibility requirements, and we perform a third-party accessibility audit annually to verify compliance We maintain documentation of our conformance and can provide a Voluntary Product Accessibility Template (VPAT) upon request Additionally, our solution complies with Section 508 requirements for U.S federal agencies.

Example Response 2

Yes, our platform adheres to EN 301 549 (the European accessibility standard) and WCAG 2.1 Level AA We have integrated accessibility testing into our development lifecycle with both automated and manual testing processes Our QA team includes members who specialize in accessibility testing using various assistive technologies We conduct quarterly internal audits and annual third-party assessments to ensure ongoing compliance We also maintain an Accessibility Conformance Report (ACR) that details our level of conformance with these standards Our legal team regularly reviews changes to accessibility laws in our key markets to ensure we remain compliant with evolving requirements.

Example Response 3

No, we have not yet formally adopted a specific technical or legal standard of conformance for our solution While we have implemented some accessibility features like alt text for images and keyboard navigation, we have not systematically tested against WCAG or other accessibility standards We recognize this is an area for improvement, and we have initiated a project to assess our current accessibility gaps against WCAG 2.1 Level AA standards We plan to complete this assessment within the next quarter and develop a remediation roadmap to achieve compliance within the next 12 months In the meantime, we can work with clients on specific accessibility requirements on a case-by-case basis.

Context

Tab
IT Accessibility
Category
IT Accessibility

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Signature
Neil Cameron
Founder, ResponseHub
Neil Cameron