Re: Is the accessibility of a 3rd party that represent me still my concern? from Gregg Vanderheiden on 2016-03-29 (w3c-wai-ig@w3.org from January to March 2016)

From: Gregg Vanderheiden <gregg@raisingthefloor.org>
Date: Tue, 29 Mar 2016 08:37:37 -0500
To: IG - WAI Interest Group List list <w3c-wai-ig@w3.org>
Message-Id: <8D196B37-092E-4E0A-8C2E-8FBE939C5744@raisingthefloor.org>
I think there were two questions being asked — and a third point that is sometimes missed.

And of course all these posts are from each person’s own understanding and opinion.  Only the opinion of the judge in your court case, if there is one, will matter. We are all just trying to predict what that will be based on what we know of other cases and ruling etc. 


my understandings


1) Do you need to make things accessible under 508?   I will leave that to lawyers - but 508 applies to the US Gov purchases / services - -and to certain other things covered such as US Gov services provided through another entity.  Some say that this applies to people getting grants or funding and some say no.   Big debate. 

2) There is still the ADA and that would apply to publicly offered services.   Many courts turn to the 508 standards when saying “what does accessible mean”.   So the 508 standards may be applied to you — even though the 508 law does not.    So be careful in interpreting the number 508.  You need to separate the law from the standard which is often used beyond just the 508 law.

3) you also seemed to ask (if they are providing the service for us — are we responsible — or are they.    IF you would be responsible if you did it — and you contract for another to do it for you (but you are still offering the service in your name)   — then you are still responsible — since you are still offering the service - no matter where the product or service was developed, or operated. 

good luck 

gregg

> On Mar 29, 2016, at 7:14 AM, Phill Jenkins <pjenkins@us.ibm.com> wrote:
> 
> I agree with the advice from Jonathan.  
>         504, 508, etc are regulations that are or are not applicable to your institution.  Determining applicability and jurisdiction are typically consider "legal advice".
>         For example, 508 has jurisdiction over US Federal agencies (not the vendors directly), and:
>         "...Section 508 requires that when Federal agencies develop, procure, maintain, or use electronic and information technology . . ." (Note 1)
>         
> Which technical requirements your institution places on your vendors are consider your contractual / procurement requirements.  Whether 504 or 508 requires your institution to place requirements in the contract are one thing, but that does not prevent your institution from placing the requirements in the contract whether or not your are required to by a regulation. The opposite is also unfortunately true, that many (at one point almost half) of the solicitations (RFP's) from the US Federal government did not include the required 508 requirement clauses that they should have had, so then vendors were not held to any contractual obligation even though the omission of the requirements in the contract did not absolve the Federal agencies obligation to comply with the 508 regulation.   
> 
> Then there is the reality you mentioned of the vendor's solution not currently conforming to WCAG technical standards.  Remember the institution complies with applicable regulation.  The institution's solution, and/or the vendor's solutions conforms to technical standards.  One of the differences between contractual requirements and legal regulations is what applies to whom.  Your institution is the buyer, they can request and specify what ever they want, but as you mentioned, the vendor can also negotiate if and when it will conform to the requirements specified in the RFP and eventual contract. It is the vendor's choice or not to respond to your institutions RFP and/or agree or not to the proposed contract.  
> 
> Some procurement/negotiations questions to consider:
> If the vendor's solution is not now fully conformant, when will it be?
> Is there a technical gap analysis of the issues, cost sizing, and roadmap to achieve conformance?
> If the vendor's solution is not now fully conformant, what other vendor solutions or choices are available?  
> Can the institution provide additional assistive technology to its users to mitigate the issues?
> Are there other institutions (buyers/customers) that also have similar accessibility requirements?  Could they join together in negotiating with the vendor in resolving the non-conformance issues?
> etc.
> 
> Disclosure: I am neither a lawyer or procurement official, but I often advised them with recommendations as a subject matter expert,
> Note 1: Section  508 Standards 1194.1 Purpose: https://www.access-board.gov/guidelines-and-standards/communications-and-it/about-the-section-508-standards/section-508-standards#subpart_a <https://www.access-board.gov/guidelines-and-standards/communications-and-it/about-the-section-508-standards/section-508-standards#subpart_a>
> ___________
> Regards,
> Phill Jenkins, 
> Senior Engineer & Business Development Executive
> IBM Research - IBM Accessibility
> ibm.com/able <http://www.ibm.com/able>
> facebook.com/IBMAccessibility <http://www.facebook.com/IBMAccessibility>
> twitter.com/IBMAccess <http://twitter.com/IBMAccess>
> 
> 
> 
> 
> From:        Jonathan Avila <jon.avila@ssbbartgroup.com>
> To:        "Druckman,Geri" <GDruckman@mdanderson.org>, wai-ig <w3c-wai-ig@w3.org>
> Date:        03/28/2016 08:32 PM
> Subject:        RE: Is the accessibility of a 3rd party that represent me still my   concern?
> 
> 
> 
> Geri, others have provided good advice – that indeed if you receive federal funds, provide access to electronic health records, appear on the federal marketplace, etc. then you will likely be subject to regulations such as Section 504, 508 (including CMS or HHS flavors), ADA, WCAG Level A (EHR) or other regulations such as functional performance requirements that apply the categories that I listed.  Requiring vendors to provide compliant products and services is likely the path you will need to take to ensure you are in compliance.  Ultimately if the regulations apply to you – you are then responsible for compliance – contracting out something does not absolve you of the responsibility if vendors want to do business with you then they need to conform to your procurement requirements.   This is not legal advice – if you have any questions about your legal obligations you should seek council.
>  
> In case it comes up, there is a portion of the WCAG conformance requirements that address third party content on sites that you did not choose to put there – that is your site is hosted on a service and the service places third party ads on the site.  In those cases you can make a partial claim of conformance – but that does not appear to be the situation you are in.
>  
> Jonathan
>  
> Jonathan Avila
> SSB BART Group
>  
> From: Druckman,Geri [mailto:GDruckman@mdanderson.org <mailto:GDruckman@mdanderson.org>] 
> Sent: Monday, March 28, 2016 4:21 PM
> To: wai-ig
> Subject: Is the accessibility of a 3rd party that represent me still my concern?
>  
> Hi all,
>  
> Here’s a dilema I have, and I seek your advice hoping any of you have had to deal with a similar situation before.
> The institution I work for is in negotiations over a contract with a vendor that will supply us with a web based application solution.  This will NOT be hosted on our servers in any way, it is 100% on the vendors side, and our clients will receive an email with a link, directing them to the vendors site, where they will need to interact with said application.
>  
> At the moment to vendor claims not to be section 508 / WCAG compliant and is seeking an exemption in the contract.
>  
> My dilemma is, although we have nothing to do with the development or hosting of said application, we are still sending our clients over to that site to interact with it.  Is it still within my institutions responsibility to make sure that this vendor is accessible, or is this all on them?
>  
> Any information is greatly appreciated.
>  
> Geri Druckman
>  
> (cross post with WebAIM)
> The information contained in this e-mail message may be privileged, confidential, and/or protected from disclosure. This e-mail message may contain protected health information (PHI); dissemination of PHI should comply with applicable federal and state laws. If you are not the intended recipient, or an authorized representative of the intended recipient, any further review, disclosure, use, dissemination, distribution, or copying of this message or any attachment (or the information contained therein) is strictly prohibited. If you think that you have received this e-mail message in error, please notify the sender by return e-mail and delete all references to it and its contents from your systems.
> 
>
Received on Tuesday, 29 March 2016 13:38:09 UTC