Presentation is loading. Please wait.

Presentation is loading. Please wait.

Models for Monitoring Digital Accessibility Compliance Tim Springer Tammy Cosseboom.

Published byJade Patterson Modified over 9 years ago

Similar presentations

Presentation on theme: "Models for Monitoring Digital Accessibility Compliance Tim Springer Tammy Cosseboom."— Presentation transcript:

1 Models for Monitoring Digital Accessibility Compliance Tim Springer Tammy Cosseboom

2 Agenda Compliance Programs Monitoring Plans Process Monitoring and Auditing Asset Monitoring Asset Audits

3 Compliance Programs

4 What is Compliance? Conforming to the controls and procedures imposed on your organization by appropriate laws or rulings

5 Compliance Elements Seven Elements of Effective Compliance Programs 1.Policies, Procedures and Controls 2.Compliance and Ethics Oversight 3.Exercise Due Diligence 4.Educate Employees 5.Monitor and Audit Compliance 6.Consistent Enforcement and Discipline 7.Respond Appropriately

6 Conceptual Framework Accessibility program maturity is measured along ten key dimensions: Governance, Risk Management, and Compliance Communications Policy and Standards Legal Fiscal Management Development Lifecycle Testing and Validation Support and Documentation Procurement Training

7 Risk Prioritization Not all technology is warrants the same level of scrutiny Worry more about technology that: –Is necessary for completion of core functionality –Pertains specifically to users with disabilities –Receives the highest amount of traffic –Concerns job postings / applications –Utilizes third party vendors –Contains maps or other extensive graphics Higher Risk = Higher Priority

8 Risk Management Prioritization Levels Enterprise Asset Best Practice Risk Model Identify core factors for each level Weight core factors Rank

9 Legal Research Legal research is a continuous compliance process Must be executed at many levels: –Federal –State –Local New laws/regulations should be immediately analyzed for impact and tracked Know your rulemaking process Know your OIRA

10 Compliance Cross-Pollination Compliance processes can be executed the “hard” way or the “easy” way Integrating accessibility into the existing compliance program gets you on the path to the “easy way”

11 Reporting, Metrics, Trends Center of the feedback loop Risk Management, Risk Assessment, Legal Research and Compliance Cross-Pollination feed the data Produce actionable summaries which can be turned into compliance process improvement programs

12 Monitoring Plans

13 It All Starts with a Monitoring Plan Who is involved? What is being monitored? What resources are required? When is plan to be executed? Which compliance plan is monitoring associated with? What types of test methods are being utilized?

14 Monitoring Plan Goals Ensure that the program policies are being followed Periodically evaluate the effectiveness of the program Have and publicize a system to report violations

15 Monitoring Plan – Ad Hoc or Formal? Issues with Ad-hoc plans Sample size not consistent or risk- assessed Testing staff lacks knowledge to identify key work flow structures False negatives or positives if not utilizing users with disabilities Doesn’t leverage automatic testing Doesn’t provide metrics

16 Monitoring Types Process monitoring – operations are conforming to the accessibility policy in practice Asset monitoring – ICT being produced or utilized is accessible –Monitoring = High level ongoing tests –Auditing = Detailed point in time tests Some concepts apply to both types –Monitoring Plan Creation –Risk Prioritization –Risk Management

17 Process Monitoring and Auditing

18 Process Monitoring Approach Roughly: Define Train Measure, Manage, Coach Report Bulletproofing Automate that which can be automated Use software Setup notifications Define process variance tolerances

19 Process Auditing Methodology Process Walkthrough Artifact Review Operations Review Analysis Draft Findings Review Primary Draft Development Primary Draft Review Secondary Changes Delivery

20 Asset Monitoring

21 Accessibility Monitoring Test Types Automated Tests Global Tests Manual Tests Manual Tests with AT

22 Accessibility Compliance Levels - Minimum Automated ICT scan only Pages are rendered in a browser and tested directly against the DOM Results in roughly 25% testing coverage

23 Accessibility Compliance Levels - Baseline Extends minimum level to include manual tests of sample portions of the site Sample tests are extrapolated to remainder of the site Results in roughly 85% testing coverage

24 Accessibility Compliance Levels - Complete Extends base level to include functional use case testing by individuals with disabilities using assistive technology Focuses on key transaction paths in the system Increases compliance coverage to as close to 100% as possible

25 Asset Audits

26 Is My ICT Accessible? Three components need to be reviewed to answer this question: Technical Compliance Functional Compliance Support Compliance

27 Technical Requirements Does the technology conform to the coding requirements in the relevant standards? Requires up-to-date standards Requires the ICT be substantially conformant with standards Requirements are assessed for risk and divided between those that can be tested: ˗ Automatically (24.8%) ˗ Manually (48.3%) ˗ Globally (26.9%)

28 Functional Requirements Can people with disabilities use the application to complete its core tasks? Requires system be usable to people with disabilities using current AT Technical requirements focus on the trees – functional requirements on the forest

29 Support Requirements Is the deployment context of the ICT accessible? Is the ICT documentation accessible? Can the organization provide accessible support for the ICT to its employees and the public? (TTY/TDD, accessible online chat) Is the ICT training accessible? Does the organization have a periodic audit program which assesses the compliance and ethics program?

30 Questions?

31 Thank You Contact Us Tim Springer tim.springer@ssbbartgroup.com Tammy Cosseboom tammyc@ssbbartgroup.com Download Slide Deck Info.ssbbartgroup.com/CSUN2015 Follow Us @SSBBARTGroup linkedin.com/company/ SSB-BART-Group facebook.com/ SSBBARTGroup SSBBARTGroup.com/blog

32 About SSB BART Group Unmatched Experience Focus on Accessibility Solutions That Manage Risk Real-World Strategy Organizational Strength and Continuity Dynamic, Forward-Thinking Intelligence Fourteen hundred organizations (1445) Fifteen hundred individual accessibility best practices (1595) Twenty-two core technology platforms (22) Fifty-five thousand audits (55,930) One hundred fifty million accessibility violations (152,351,725) Three hundred sixty-six thousand human validated accessibility violations (366,096)

33 Appendix A – Compliance Programs

34 Policies, Procedures and Controls Publish an accessibility statement Modify existing policies (HR, Customer Support) Set internal controls –Protect resources –Ensure accuracy and reliability –Secure compliance with policies –Evaluate performance

35 Oversight Visibility, knowledge, and oversight High-level sponsorship Roles and responsibilities clearly identified Clearly assigned responsibilities Day-to-day operations have resources, authority and access to governing authority –Resources == budgets –Authority == compliance can tell other departments what to do In accessibility? Really? –Direct access to the governing authority == if compliance thinks there is a problem, but their leadership is stonewalling them, they can do an end run straight to the BoD

36 RACI Matrix

37 Educate Employees on Programs Communicate policies, standards and procedures of compliance and ethics program Conduct effective training programs Disseminate information appropriate to respective roles

38 Consistent Enforcement and Discipline Policies, Procedures, and Controls need to include disciplinary steps for all levels of employees/agents If retraining is an option: –Maintain metrics on improvement after retraining –Document all training If termination is potential outcome, update contracts to define penalties

39 Respond to/Prevent Future Incidents Two elements must be implemented: Accessibility Issue Resolution Policy / Procedures –Reasonable Accommodation must be provided –Why did the accessibility violation get overlooked? Root Cause Analysis –Why did the accessibility violation get overlooked? –What improvements can be made to procedures?

Download ppt "Models for Monitoring Digital Accessibility Compliance Tim Springer Tammy Cosseboom."

Similar presentations

How Will it Help Me Do My Job?

How Will it Help Me Do My Job?
Service Delivery – your ticket to play

Service Delivery – your ticket to play
Course: e-Governance Project Lifecycle Day 1

Course: e-Governance Project Lifecycle Day 1
Agency Risk Management and Internal Control Standards Presentation to the Board of Visitors November 14, 2014.

Agency Risk Management and Internal Control Standards Presentation to the Board of Visitors November 14, 2014.
AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.

AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.
Managing the Information Technology Resource Jerry N. Luftman

Managing the Information Technology Resource Jerry N. Luftman
Quality evaluation and improvement for Internal Audit

Quality evaluation and improvement for Internal Audit
The Information Systems Audit Process

The Information Systems Audit Process
Mobile Accessibility: Next Generation Techniques & Tools Tim Springer, SSB BART Group Bill Curtis-Davidson, IBM.

Mobile Accessibility: Next Generation Techniques & Tools Tim Springer, SSB BART Group Bill Curtis-Davidson, IBM.
High-Level Assessment Month Year

High-Level Assessment Month Year
Supplier Ethics: Program Checklist

Supplier Ethics: Program Checklist
Procurement Transformation State of North Carolina

Procurement Transformation State of North Carolina
Database Administration Chapter 16. Need for Databases  Data is used by different people, in different departments, for different reasons  Interpretation.

Database Administration Chapter 16. Need for Databases  Data is used by different people, in different departments, for different reasons  Interpretation.
How to Measure Data Quality

How to Measure Data Quality
Vendor Risk: Effective Management is Essential

Vendor Risk: Effective Management is Essential
Information Technology Audit

Information Technology Audit
Internal Auditing and Outsourcing

Internal Auditing and Outsourcing
Launching a Successful Digital Accessibility Program Tim Springer Matt Arana.

Launching a Successful Digital Accessibility Program Tim Springer Matt Arana.
COMPLYING WITH HIPAA BUSINESS ASSOCIATE REQUIREMENTS Quick, Cost Effective Solutions for HIPAA Compliance: Business Associate Agreements.

COMPLYING WITH HIPAA BUSINESS ASSOCIATE REQUIREMENTS Quick, Cost Effective Solutions for HIPAA Compliance: Business Associate Agreements.
What is Business Analysis Planning & Monitoring?

What is Business Analysis Planning & Monitoring?

Similar presentations

Ads by Google