Re: Procurement of 3rd party tools

There is a caveat to the VPAT 1.0 being valid today, the only way US
government will accept it, as I understand the new standards, is if that
product was proven to be 100% compliant with the old standard at some time
before January 18, 2018 - and that nothing has changed with the product.

** katie **

*Katie Haritos-Shea*

*Principal ICT Accessibility Architect, **Board Member and W3C Advisory
Committee Rep for Knowbility *

*WCAG/Section 508/ADA/AODA/QA/FinServ/FinTech/Privacy,* *IAAP CPACC+WAS = *
*CPWA* <http://www.accessibilityassociation.org/cpwacertificants>

*Cell: **703-371-5545 <703-371-5545>** |* *ryladog@gmail.com
<ryladog@gmail.com>* *| **Oakton, VA **|* *LinkedIn Profile
<http://www.linkedin.com/in/katieharitosshea/>*

People may forget exactly what it was that you said or did, but they will
never forget how you made them feel.......

Our scars remind us of where we have been........they do not have to
dictate where we are going.


On Thu, Aug 2, 2018 at 6:42 PM, Sean Murphy (seanmmur) <seanmmur@cisco.com>
wrote:

> Joshua
>
>
>
> The VPAT 1.0 is still a valid document to evaluate products that have not
> been updated since the introduction of the refresh Section 508 which
> started the beginning of this year and the introduction of VPAT 2.0. The
> two documents are clearly different and is very easy to identify the
> differences. I expect companies will only upgrade to the new version of
> VPAT 2.0 when new releases of their products hit the market.
>
>
>
>
>
>
>
>
>
> [image:
> https://www.cisco.com/c/dam/m/en_us/signaturetool/images/banners/standard/02_standard_ciscoblue02.png]
>
> *Sean Murphy*
>
> SR ENGINEER.SOFTWARE ENGINEERING
>
> seanmmur@cisco.com
>
> Tel: *+61 2 8446 7751*
>
>
>
>
>
>
>
>
>
> Cisco Systems, Inc.
>
> The Forum 201 Pacific Highway
> <https://maps.google.com/?q=201+Pacific+Highway+%0D%0A+ST+LEONARDS+%0D%0A+2065+%0D%0A+Australia&entry=gmail&source=g>
>
> ST LEONARDS
> <https://maps.google.com/?q=201+Pacific+Highway+%0D%0A+ST+LEONARDS+%0D%0A+2065+%0D%0A+Australia&entry=gmail&source=g>
>
> 2065
> <https://maps.google.com/?q=201+Pacific+Highway+%0D%0A+ST+LEONARDS+%0D%0A+2065+%0D%0A+Australia&entry=gmail&source=g>
>
> Australia
> <https://maps.google.com/?q=201+Pacific+Highway+%0D%0A+ST+LEONARDS+%0D%0A+2065+%0D%0A+Australia&entry=gmail&source=g>
>
> cisco.com
>
> [image: http://www.cisco.com/assets/swa/img/thinkbeforeyouprint.gif]
>
> Think before you print.
>
> This email may contain confidential and privileged material for the sole
> use of the intended recipient. Any review, use, distribution or disclosure
> by others is strictly prohibited. If you are not the intended recipient (or
> authorized to receive for the recipient), please contact the sender by
> reply email and delete all copies of this message.
>
> Please click here
> <http://www.cisco.com/c/en/us/about/legal/terms-sale-software-license-agreement/company-registration-information.html>
> for Company Registration Information.
>
>
>
>
>
> *From:* Salazar, Joshua Allen <salaz3j@cmich.edu>
> *Sent:* Friday, 3 August 2018 3:01 AM
> *To:* 'w3c-wai-ig@w3.org' <w3c-wai-ig@w3.org>
>
> *Subject:* RE: Procurement of 3rd party tools
>
>
>
> Thank you all for your input. I’ve received a lot of useful resources and
> advice so far. I’m diligently reviewing your responses to compile
> communication to share with administration and legal.
>
>
>
> Thank you again.
>
>
>
> Joshua Salazar
>
> UI / UX Designer & Developer
>
> Office of Information Technology
>
> PA Council Academic Division
>
> P: 989-774-3424
>
>
>
>
>
> *From:* Urban, Mark (CDC/OCOO/OCIO/ITSO) <fka2@cdc.gov>
> *Sent:* Thursday, August 2, 2018 11:34 AM
> *To:* Salazar, Joshua Allen <salaz3j@cmich.edu>; 'w3c-wai-ig@w3.org' <
> w3c-wai-ig@w3.org>
> *Subject:* RE: Procurement of 3rd party tools
>
>
>
> Hi Josh,
>
>
>
> There was a similar discussion a few weeks back on this list.  I’ll
> reiterate the approach I recommend below.  Whether you use a third-party
> vendor or use your own tool, it’s the platform AND actual content (or
> authored output) that needs to be accessible to WCAG 2.0 or 2.1 BASED ON
> THE USAGE:
>
>
>
> <quote begins>
>
>
>
> Speaking for myself, I try to keep these things easy.  The legal minutia
> can get fuzzy, and frankly is not always clear from case to case.  So, in
> layman’s terms:  If you are covered by the ADA and/or Rehab Act (State
> Universities in the US are covered by both), then:
>
>
>
> ·        If you MADE the content or someone could reasonably assume it
> was made by you, then it must be *fully accessible*.  (we often put this
> at CDC in the terms,  “if it has our logo, it has our responsibility”)
>
> ·        If you REQUIRE content’s use as part of your service, then it
> must be *either accessible or an accommodation provided*. (e.g. a course
> homework to watch a YouTube video not made by you, a Doodle poll for
> setting office hours)
>
> ·        If you NEITHER MADE NOR REQUIRE the content, then you do *not
> generally need to ensure accessibility* (again, weird and extraneous case
> law here, so check with a lawyer in your area), though of course I’d always
> recommend it or at least ask the platform/creator to make it accessible.
>
>
>
> Note that if you are using funds from HHS, we specifically state WCAG/508
> conformance as our standard for meeting 504 responsibilities for
> grant-funded activities.
>
>
>
> <end quote>
>
>
>
> Many third party vendors have VPATs for Federal 508 reporting.  Its always
> worth asking if a VPAT isavailable for the platform when considering the
> service.  The challenge in a lot of educational environs is that there is
> no governance in the usage of anything.  I know security professionals who
> lose a lot of sleep in this area – you may want to partner with them to get
> a better handle on the toolsets being used and the process for approval.
>
>
>
> Regards,
>
>
> *Mark D. Urban CDC/ATSDR Section 508 Coordinator*
>
> Office of the Chief Information Officer (OCIO)
>
> Office of the Chief Operating Officer (OCOO
> *) **Murban@CDC.gov* <Murban@CDC.gov>* | 919-541-0562 office *
>
> [image: cid:image001.png@01D39E67.CE8948C0]
>
>
>
>
>
> *From:* Salazar, Joshua Allen <salaz3j@cmich.edu>
> *Sent:* Thursday, August 2, 2018 10:14 AM
> *To:* w3c-wai-ig@w3.org
> *Subject:* Procurement of 3rd party tools
>
>
>
> Hello,
>
>
>
> I work in higher education and we’re currently going through a rather
> large accessibility initiative right now. Yesterday something interesting
> came up and I thought this group would be a good group to consult.
>
>
>
> We have a process of requiring information from 3rd party vendors, but do
> not have a set accessibility standard for which they must meet. We are
> often finding all or a majority of vendors are not fully ADA compliant and,
> up until recently, we’ve been okay with it. Since the vendors are meeting
> all of our technical and business process requirements, we don’t want to
> give up on them if they’re not ADA compliant. Currently, our process is
> still very much up in the air since there are a lot of variables. We do
> require a VPAT as part of the RFI but we don’t really do much with it right
> now.
>
>
>
> I’m working with legal at my institution to find and define a standard for
> which third party tools must meet. We are also working on communication
> with the vendors to discuss remediation plans. My question for the group,
> does anyone else have a similar process they would be willing to share? How
> we might define “ADA compliance” as it relates to 3rd party tools?
> Should we develop our own instrument for assessing this, is there a minimum
> score/response on the VPAT that we should require, or ???
>
>
>
> Any information would be helpful.
>
>
>
> Thank you!
>
> -Josh
>
>
>