RE: Is the accessibility of a 3rd party that represent me still my concern? from Phill Jenkins on 2016-03-29 (w3c-wai-ig@w3.org from January to March 2016)

From: Phill Jenkins <pjenkins@us.ibm.com>
Date: Tue, 29 Mar 2016 06:14:54 -0600
To: wai-ig <w3c-wai-ig@w3.org>
Cc: "Druckman,Geri" <GDruckman@mdanderson.org>
Message-Id: <201603291215.u2TCF9HH014153@d03av03.boulder.ibm.com>
I agree with the advice from Jonathan. 
        504, 508, etc are regulations that are or are not applicable to 
your institution.  Determining applicability and jurisdiction are 
typically consider "legal advice".
        For example, 508 has jurisdiction over US Federal agencies (not 
the vendors directly), and:
        "...Section 508 requires that when Federal agencies develop, 
procure, maintain, or use electronic and information technology . . ." 
(Note 1)
 
Which technical requirements your institution places on your vendors are 
consider your contractual / procurement requirements.  Whether 504 or 508 
requires your institution to place requirements in the contract are one 
thing, but that does not prevent your institution from placing the 
requirements in the contract whether or not your are required to by a 
regulation. The opposite is also unfortunately true, that many (at one 
point almost half) of the solicitations (RFP's) from the US Federal 
government did not include the required 508 requirement clauses that they 
should have had, so then vendors were not held to any contractual 
obligation even though the omission of the requirements in the contract 
did not absolve the Federal agencies obligation to comply with the 508 
regulation. 

Then there is the reality you mentioned of the vendor's solution not 
currently conforming to WCAG technical standards.  Remember the 
institution complies with applicable regulation.  The institution's 
solution, and/or the vendor's solutions conforms  to technical standards. 
One of the differences between contractual requirements and legal 
regulations is what applies to whom.  Your institution is the buyer, they 
can request and specify what ever they want, but as you mentioned, the 
vendor can also negotiate if and when it will conform to the requirements 
specified in the RFP and eventual contract. It is the vendor's choice or 
not to respond to your institutions RFP and/or agree or not to the 
proposed contract. 

Some procurement/negotiations questions to consider:
If the vendor's solution is not now fully conformant, when will it be?
Is there a technical gap analysis of the issues, cost sizing, and roadmap 
to achieve conformance?
If the vendor's solution is not now fully conformant, what other vendor 
solutions or choices are available? 
Can the institution provide additional assistive technology to its users 
to mitigate the issues?
Are there other institutions (buyers/customers) that also have similar 
accessibility requirements?  Could they join together in negotiating with 
the vendor in resolving the non-conformance issues?
etc.

Disclosure: I am neither a lawyer or procurement official, but I often 
advised them with recommendations as a subject matter expert,
Note 1: Section  508 Standards 1194.1 Purpose: 
https://www.access-board.gov/guidelines-and-standards/communications-and-it/about-the-section-508-standards/section-508-standards#subpart_a
___________
Regards,
Phill Jenkins, 
Senior Engineer & Business Development Executive
IBM Research - IBM Accessibility
ibm.com/able
facebook.com/IBMAccessibility
twitter.com/IBMAccess




From:   Jonathan Avila <jon.avila@ssbbartgroup.com>
To:     "Druckman,Geri" <GDruckman@mdanderson.org>, wai-ig 
<w3c-wai-ig@w3.org>
Date:   03/28/2016 08:32 PM
Subject:        RE: Is the accessibility of a 3rd party that represent me 
still my   concern?



Geri, others have provided good advice ? that indeed if you receive 
federal funds, provide access to electronic health records, appear on the 
federal marketplace, etc. then you will likely be subject to regulations 
such as Section 504, 508 (including CMS or HHS flavors), ADA, WCAG Level A 
(EHR) or other regulations such as functional performance requirements 
that apply the categories that I listed.  Requiring vendors to provide 
compliant products and services is likely the path you will need to take 
to ensure you are in compliance.  Ultimately if the regulations apply to 
you ? you are then responsible for compliance ? contracting out something 
does not absolve you of the responsibility if vendors want to do business 
with you then they need to conform to your procurement requirements. This 
is not legal advice ? if you have any questions about your legal 
obligations you should seek council.
 
In case it comes up, there is a portion of the WCAG conformance 
requirements that address third party content on sites that you did not 
choose to put there ? that is your site is hosted on a service and the 
service places third party ads on the site.  In those cases you can make a 
partial claim of conformance ? but that does not appear to be the 
situation you are in.
 
Jonathan
 
Jonathan Avila
SSB BART Group
 
From: Druckman,Geri [mailto:GDruckman@mdanderson.org] 
Sent: Monday, March 28, 2016 4:21 PM
To: wai-ig
Subject: Is the accessibility of a 3rd party that represent me still my 
concern?
 
Hi all,
 
Here?s a dilema I have, and I seek your advice hoping any of you have had 
to deal with a similar situation before.
The institution I work for is in negotiations over a contract with a 
vendor that will supply us with a web based application solution.  This 
will NOT be hosted on our servers in any way, it is 100% on the vendors 
side, and our clients will receive an email with a link, directing them to 
the vendors site, where they will need to interact with said application.
 
At the moment to vendor claims not to be section 508 / WCAG compliant and 
is seeking an exemption in the contract.
 
My dilemma is, although we have nothing to do with the development or 
hosting of said application, we are still sending our clients over to that 
site to interact with it.  Is it still within my institutions 
responsibility to make sure that this vendor is accessible, or is this all 
on them?
 
Any information is greatly appreciated.
 
Geri Druckman
 
(cross post with WebAIM)
The information contained in this e-mail message may be privileged, 
confidential, and/or protected from disclosure. This e-mail message may 
contain protected health information (PHI); dissemination of PHI should 
comply with applicable federal and state laws. If you are not the intended 
recipient, or an authorized representative of the intended recipient, any 
further review, disclosure, use, dissemination, distribution, or copying 
of this message or any attachment (or the information contained therein) 
is strictly prohibited. If you think that you have received this e-mail 
message in error, please notify the sender by return e-mail and delete all 
references to it and its contents from your systems.
Received on Tuesday, 29 March 2016 12:17:00 UTC