ITAC-18

Does your product rely on activating a special "accessibility mode," a "lite version," or using an alternate interface (including “overlay” or AI-based alternates) for accessibility purposes?

Explanation

This question is asking whether your product requires users to activate a special mode or use an alternative interface to access accessibility features, rather than having accessibility built into the core product experience. The question is important in a security assessment because: 1. Separate accessibility modes or interfaces may not receive the same level of security scrutiny as the main product, potentially creating vulnerabilities. 2. Third-party overlays or add-ons can introduce security risks, as they may require additional permissions or access to data that could be exploited. 3. Accessibility should be a fundamental aspect of product design, not an afterthought, as it ensures all users have equal access to secure functionality. 4. Separate interfaces may not be maintained at the same frequency as the main product, leading to security patches not being applied consistently. The guidance specifically notes that third-party overlays or add-ons are not sufficient for accessibility compliance. It also asks about plans to integrate accessibility features into the main product rather than maintaining separate versions. To best answer this question, you should: 1. Clearly state whether your product uses a separate accessibility mode or interface. 2. If it does, explain the specific accessibility need it addresses and why this approach was chosen. 3. Detail your roadmap for integrating these features into the main product experience. 4. If your product has accessibility built-in from the ground up, emphasize this as a strength. 5. Mention any accessibility standards you comply with (like WCAG 2.1 AA).

Guidance

Third-party overlays or add-ons are not sufficient for products to conform with accessibility standards. If there is an accessibility mode, does it address a specific accessibility need? Are plans in place to remove the accessible version, and are these distinctions delineated on your roadmap and timeline?

Example Responses

Example Response 1

No, our product does not rely on a special "accessibility mode," lite version, or alternate interface for accessibility purposes Accessibility features are built into the core product experience and follow WCAG 2.1 AA standards All users interact with the same interface, which includes features such as keyboard navigation, screen reader compatibility, sufficient color contrast, and text resizing capabilities We conduct regular accessibility audits and user testing with individuals who use assistive technologies to ensure our product remains accessible to all users without requiring special modes or interfaces.

Example Response 2

Our product currently has a dedicated accessibility mode that can be activated through the settings menu This mode was implemented to address specific needs for users with visual impairments by providing higher contrast themes and larger text options However, we recognize this is not the ideal approach We have a documented roadmap to integrate these accessibility features into our main product interface over the next 12 months Phase 1 (Q3 2023) will integrate the contrast options into the main UI Phase 2 (Q1 2024) will implement responsive text sizing throughout the application By Q2 2024, we plan to eliminate the separate accessibility mode entirely, with all features available to all users within the standard interface We do not use third-party overlays or AI-based alternatives for accessibility compliance.

Example Response 3

Yes, our product currently relies on a third-party accessibility overlay solution that activates when users with screen readers or other assistive technologies access our platform We implemented this solution as a quick fix to address immediate accessibility concerns while our development team works on more permanent solutions We recognize this approach is not ideal and does not fully comply with accessibility standards We are currently in the process of redesigning our core product with built-in accessibility features following WCAG 2.1 AA guidelines Our roadmap includes removing the overlay solution within the next 8 months and replacing it with native accessibility features In the interim, we conduct additional security reviews of the overlay solution to mitigate potential security risks.

Context

Tab
IT Accessibility
Category
IT Accessibility

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Signature
Neil Cameron
Founder, ResponseHub
Neil Cameron