RE: Is the accessibility of a 3rd party that represent me still my concern?

Great points Phil, I'd also point out for the benefit of everyone that in regards to Section 508 procurement that the government is required to procure the most compliant product that meets the business needs of the organization.  That is the a non-fully conformant product can be procured, however, the agency must still provide equivalent access for users that have disabilities.

This is similar with the CVAA and other regulations - that is --  if accessibility cannot be achieved there still has to be a way for users with disabilities to have access to the information and services provided to users without disabilities.


From: Phill Jenkins []
Sent: Tuesday, March 29, 2016 8:15 AM
To: wai-ig
Cc: Druckman,Geri
Subject: RE: Is the accessibility of a 3rd party that represent me still my concern?

I agree with the advice from Jonathan.
        504, 508, etc are regulations that are or are not applicable to your institution.  Determining applicability and jurisdiction are typically consider "legal advice".
        For example, 508 has jurisdiction over US Federal agencies (not the vendors directly), and:
        "...Section 508 requires that when Federal agencies develop, procure, maintain, or use electronic and information technology . . ." (Note 1)

Which technical requirements your institution places on your vendors are consider your contractual / procurement requirements.  Whether 504 or 508 requires your institution to place requirements in the contract are one thing, but that does not prevent your institution from placing the requirements in the contract whether or not your are required to by a regulation. The opposite is also unfortunately true, that many (at one point almost half) of the solicitations (RFP's) from the US Federal government did not include the required 508 requirement clauses that they should have had, so then vendors were not held to any contractual obligation even though the omission of the requirements in the contract did not absolve the Federal agencies obligation to comply with the 508 regulation.

Then there is the reality you mentioned of the vendor's solution not currently conforming to WCAG technical standards.  Remember the institution complies with applicable regulation.  The institution's solution, and/or the vendor's solutions conforms to technical standards.  One of the differences between contractual requirements and legal regulations is what applies to whom.  Your institution is the buyer, they can request and specify what ever they want, but as you mentioned, the vendor can also negotiate if and when it will conform to the requirements specified in the RFP and eventual contract. It is the vendor's choice or not to respond to your institutions RFP and/or agree or not to the proposed contract.

Some procurement/negotiations questions to consider:

  1.  If the vendor's solution is not now fully conformant, when will it be?

  1.  Is there a technical gap analysis of the issues, cost sizing, and roadmap to achieve conformance?

  1.  If the vendor's solution is not now fully conformant, what other vendor solutions or choices are available?

  1.  Can the institution provide additional assistive technology to its users to mitigate the issues?

  1.  Are there other institutions (buyers/customers) that also have similar accessibility requirements?  Could they join together in negotiating with the vendor in resolving the non-conformance issues?

  1.  etc.

Disclosure: I am neither a lawyer or procurement official, but I often advised them with recommendations as a subject matter expert,
Note 1: Section  508 Standards 1194.1 Purpose:
Phill Jenkins,
Senior Engineer & Business Development Executive
IBM Research - IBM Accessibility<><><>

From:        Jonathan Avila <<>>
To:        "Druckman,Geri" <<>>, wai-ig <<>>
Date:        03/28/2016 08:32 PM
Subject:        RE: Is the accessibility of a 3rd party that represent me still my   concern?

Geri, others have provided good advice - that indeed if you receive federal funds, provide access to electronic health records, appear on the federal marketplace, etc. then you will likely be subject to regulations such as Section 504, 508 (including CMS or HHS flavors), ADA, WCAG Level A (EHR) or other regulations such as functional performance requirements that apply the categories that I listed.  Requiring vendors to provide compliant products and services is likely the path you will need to take to ensure you are in compliance.  Ultimately if the regulations apply to you - you are then responsible for compliance - contracting out something does not absolve you of the responsibility if vendors want to do business with you then they need to conform to your procurement requirements.   This is not legal advice - if you have any questions about your legal obligations you should seek council.

In case it comes up, there is a portion of the WCAG conformance requirements that address third party content on sites that you did not choose to put there - that is your site is hosted on a service and the service places third party ads on the site.  In those cases you can make a partial claim of conformance - but that does not appear to be the situation you are in.


Jonathan Avila

From: Druckman,Geri []
Sent: Monday, March 28, 2016 4:21 PM
To: wai-ig
Subject: Is the accessibility of a 3rd party that represent me still my concern?

Hi all,

Here's a dilema I have, and I seek your advice hoping any of you have had to deal with a similar situation before.
The institution I work for is in negotiations over a contract with a vendor that will supply us with a web based application solution.  This will NOT be hosted on our servers in any way, it is 100% on the vendors side, and our clients will receive an email with a link, directing them to the vendors site, where they will need to interact with said application.

At the moment to vendor claims not to be section 508 / WCAG compliant and is seeking an exemption in the contract.

My dilemma is, although we have nothing to do with the development or hosting of said application, we are still sending our clients over to that site to interact with it.  Is it still within my institutions responsibility to make sure that this vendor is accessible, or is this all on them?

Any information is greatly appreciated.

Geri Druckman

(cross post with WebAIM)
The information contained in this e-mail message may be privileged, confidential, and/or protected from disclosure. This e-mail message may contain protected health information (PHI); dissemination of PHI should comply with applicable federal and state laws. If you are not the intended recipient, or an authorized representative of the intended recipient, any further review, disclosure, use, dissemination, distribution, or copying of this message or any attachment (or the information contained therein) is strictly prohibited. If you think that you have received this e-mail message in error, please notify the sender by return e-mail and delete all references to it and its contents from your systems.

Received on Tuesday, 29 March 2016 13:36:02 UTC