ITAC-15

Do you expect your staff to maintain a current skill set in IT accessibility?

Explanation

This question is asking whether your organization requires and supports your staff in maintaining up-to-date knowledge and skills related to IT accessibility. IT accessibility refers to ensuring that technology products and services can be used by people with disabilities. Why this is being asked in a security assessment: 1. Compliance requirements: Many organizations must comply with accessibility laws and regulations like the Americans with Disabilities Act (ADA), Section 508 of the Rehabilitation Act, or similar international standards. 2. Risk management: Failing to meet accessibility requirements can lead to legal liability, reputational damage, and exclusion of potential users. 3. Security and accessibility overlap: Both disciplines require systematic testing, validation against standards, and consideration of diverse user needs. The question specifically asks about: - How staff maintain current knowledge of accessibility laws and best practices - Whether staff can evaluate products with assistive technologies like screen readers - If staff hold relevant certifications like IAAP or §508 Trusted Tester To best answer this question: 1. Describe your formal training programs or requirements for accessibility knowledge 2. Explain how staff stay current with evolving standards and best practices 3. Detail any certifications your team members hold 4. Describe your testing processes that incorporate accessibility validation 5. If you don't currently have strong accessibility practices, acknowledge this gap and outline plans to address it

Guidance

How do you ensure that your professional staff keeps current with digital accessibility laws and best practices? Is your staff able to evaluate and test this product with assistive technologies such as a screen reader or alternative input devices? Examples of staff certification may include IAAP certifications <https://www.accessibilityassociation.org/s/professional-certifications> or §508 Trusted Tester <https://www.dhs.gov/trusted-tester>.

Example Responses

Example Response 1

Yes, our organization maintains a comprehensive IT accessibility training program All development and QA staff are required to complete annual accessibility training covering WCAG 2.1 standards and testing methodologies We have three IAAP certified professionals on our product team who lead our accessibility initiatives and provide internal guidance Our development process includes mandatory accessibility reviews during each sprint, and we conduct quarterly audits using assistive technologies including JAWS, NVDA, and VoiceOver screen readers Additionally, we maintain subscriptions to accessibility-focused publications and send team members to the annual CSUN Assistive Technology Conference to stay current with emerging best practices and regulatory changes.

Example Response 2

Yes, we maintain current IT accessibility skills through a multi-faceted approach Our product development teams operate under the guidance of our Accessibility Center of Excellence, which includes two §508 Trusted Testers and an IAAP-certified professional All engineers and designers complete mandatory accessibility training during onboarding and participate in refresher workshops twice yearly We've implemented an accessibility champions program where designated team members receive advanced training and serve as accessibility resources for their teams Our QA process includes dedicated accessibility testing phases using assistive technologies, and we conduct regular user testing sessions with individuals who use various assistive technologies We also maintain partnerships with accessibility consultants who provide quarterly audits and training updates on regulatory changes.

Example Response 3

Currently, we do not have a formal program requiring staff to maintain IT accessibility skills While our developers are generally aware of basic accessibility concepts, we have not implemented systematic training or certification requirements We rely primarily on automated testing tools during development to catch obvious accessibility issues, but we don't regularly conduct manual testing with assistive technologies We recognize this as a gap in our current practices and are developing a roadmap to address it In the next quarter, we plan to identify key team members to receive IAAP certification training and establish formal accessibility guidelines and testing procedures Until these measures are implemented, we engage third-party accessibility consultants for annual audits of our products to identify critical issues.

Context

Tab
IT Accessibility
Category
IT Accessibility

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Signature
Neil Cameron
Founder, ResponseHub
Neil Cameron