RE: Procurement of 3rd party tools

Hi Josh,

There was a similar discussion a few weeks back on this list.  I'll reiterate the approach I recommend below.  Whether you use a third-party vendor or use your own tool, it's the platform AND actual content (or authored output) that needs to be accessible to WCAG 2.0 or 2.1 BASED ON THE USAGE:

<quote begins>

Speaking for myself, I try to keep these things easy.  The legal minutia can get fuzzy, and frankly is not always clear from case to case.  So, in layman's terms:  If you are covered by the ADA and/or Rehab Act (State Universities in the US are covered by both), then:


*         If you MADE the content or someone could reasonably assume it was made by you, then it must be fully accessible.  (we often put this at CDC in the terms,  "if it has our logo, it has our responsibility")

*         If you REQUIRE content's use as part of your service, then it must be either accessible or an accommodation provided. (e.g. a course homework to watch a YouTube video not made by you, a Doodle poll for setting office hours)

*         If you NEITHER MADE NOR REQUIRE the content, then you do not generally need to ensure accessibility (again, weird and extraneous case law here, so check with a lawyer in your area), though of course I'd always recommend it or at least ask the platform/creator to make it accessible.

Note that if you are using funds from HHS, we specifically state WCAG/508 conformance as our standard for meeting 504 responsibilities for grant-funded activities.

<end quote>

Many third party vendors have VPATs for Federal 508 reporting.  Its always worth asking if a VPAT isavailable for the platform when considering the service.  The challenge in a lot of educational environs is that there is no governance in the usage of anything.  I know security professionals who lose a lot of sleep in this area - you may want to partner with them to get a better handle on the toolsets being used and the process for approval.

Regards,
Mark D. Urban
CDC/ATSDR Section 508 Coordinator
Office of the Chief Information Officer (OCIO)
Office of the Chief Operating Officer (OCOO)
Murban@CDC.gov<mailto:Murban@CDC.gov> | 919-541-0562 office
[cid:image001.png@01D39E67.CE8948C0]


From: Salazar, Joshua Allen <salaz3j@cmich.edu>
Sent: Thursday, August 2, 2018 10:14 AM
To: w3c-wai-ig@w3.org
Subject: Procurement of 3rd party tools

Hello,

I work in higher education and we're currently going through a rather large accessibility initiative right now. Yesterday something interesting came up and I thought this group would be a good group to consult.

We have a process of requiring information from 3rd party vendors, but do not have a set accessibility standard for which they must meet. We are often finding all or a majority of vendors are not fully ADA compliant and, up until recently, we've been okay with it. Since the vendors are meeting all of our technical and business process requirements, we don't want to give up on them if they're not ADA compliant. Currently, our process is still very much up in the air since there are a lot of variables. We do require a VPAT as part of the RFI but we don't really do much with it right now.

I'm working with legal at my institution to find and define a standard for which third party tools must meet. We are also working on communication with the vendors to discuss remediation plans. My question for the group, does anyone else have a similar process they would be willing to share? How we might define "ADA compliance" as it relates to 3rd party tools?  Should we develop our own instrument for assessing this, is there a minimum score/response on the VPAT that we should require, or ???

Any information would be helpful.

Thank you!
-Josh