This article was originally published in the August 2016 issue of Mealey’s™ Litigation Report: Cyber Tech & E-Commerce as “COMMENTARY: Policy-Driven Adoption For Accessibility (PDAA), Adding Vendor Governance Evaluation To State Procurement” and is also available for download as an accessible PDF. Mealey’s is a subscription-based information provider and a division of LexisNexis.
The challenge of procuring software that is perceivable and usable by people who have vision, hearing, mobility, and/or cognitive challenges can be a daunting task for both the public and private sector. There have been many attempts to lessen this burden on state procurement officers such as the adoption of the Voluntary Product Accessibility Template® (VPAT®) and Government Product/Service Accessibility Template (GPAT). Each of these vehicles approach accessibility from the perspective of the individual software package. While this seems to be an intuitive approach, both the VPAT and GPAT rely on the software provider to self-evaluate a product’s level of compliance. The result of these evaluations can be less than clear for a procurement officer to understand and make decisions since responses are technical and tend to be vague.
In response to this, the National Association of State Chief Information Officers (NASCIO) created an additional evaluation tool, the Policy-Driven Adoption for Accessibility (PDAA), that examines an organization’s commitment to accessibility by having them self-report on the organization’s inner accessibility governance. The theory is if an organization has strong accessibility policies, procedures, and integration throughout the organization, then it stands to reason that the software products will have higher degrees of accessibility. And finally, combining the PDAA with VPAT/GPAT, the procurement officer should have a good view of both an organization’s commitment to accessibility as well as the technical levels of product compliance, albeit a self-reported one.
The PDAA is a procurement evaluation tool for information and communications technology (ICT) created by the National Association of State Chief Information Officers (NASCIO). Unlike other attempts to directly evaluate the accessibility of individual products, the PDAA focuses on evaluating the organization’s accessibility governance models.
For more on VPATs and government procurement, read Introducing VPAT® 2.0, the More Stringent Accessibility Reporting Tool Required for Government IT Procurement and Section 508 Refresh: How WCAG Impacts Federal Website Accessibility Requirements, two more Mealey’s CyberTech and E-Commerce commentaries by Hiram Kuykendall.
The PDAA can be broken down into three components: The PDAA Core Criteria, the PDAA Maturity Model, and the PDAA Vendor Self-Assessment Tool.
The PDAA Core Criteria
The core criteria are a set of governance guidelines. The intent is to provide guidance and measurement of accessibility policies and procedures throughout the organization. The following list has been directly taken from the NASCIO Accessibility in IT Procurement Part 2, released August 2015.
- Develop, implement, and maintain an ICT accessibility policy.
The ICT accessibility policy is the foundation on which accessibility programs and initiatives can be built. Without it, accessibility work is tactical, and not part of a holistic organization-wide strategy.
- Establish and maintain an organizational structure that enables and facilitates progress in ICT accessibility.
This ensures that ICT accessibility is positioned appropriately within the organization, and that accessibility related position roles and responsibilities across the organization are defined, including the designation of an executive sponsor.
- Integrate ICT accessibility criteria into key phases of development, procurement, acquisitions, and other relevant business processes.
This ensures that ICT accessibility happens in a consistent, repeatable fashion, and is not dependent on a specific individual(s) who “carries the torch” for any specific event or project where ICT accessibility is required.
- Provide a process for addressing inaccessible ICT.
This ensures that plans are developed to address ICT accessibility issues once they are identified. Corrective actions in project plans, procurement of more accessible ICT, and providing alternate means of access to the ICT product or service are examples.
- Ensure the availability of relevant ICT accessibility skills and other resources within (or to) the organization.
This ensures that the organization has the skills, tools, or external resources needed to create and maintain accessible ICT.
- Make information regarding ICT accessibility policy, plans, and progress available to customers.
Providing information about how Core Criteria numbers 1 through 5 are met gives procurement organizations additional data points on a vendors’ ability and commitment to ICT accessibility beyond just VPAT® or other documentation.
The PDAA Maturity Model
The maturity model simply takes the six core criteria and adds three steps to each: launch, integrate and optimize. Note the maturity model does not give specific detail on implementation, but rather establishes what would be an expected outcome of each. This allows the organization to adapt their specific internal processes rather than orchestrating new layers of governance. Once again, the following matrix has been directly taken from the NASCIO Accessibility in IT Procurement Part 2.
The PDAA Maturity Model Matrix
|PDAA Core Criteria||Launch||Integrate||Optimize|
|Develop, implement, and maintain an ICT accessibility policy.||Have an ICT accessibility policy.||Have appropriate plans in place to implement and maintain the policy.||Establish metrics and track progress towards achieving compliance to the policy.|
|Establish and maintain an organizational structure that enables and facilitates progress in ICT accessibility.||Develop an organization wide governance system.||Designate one or more individuals responsible for implementation.||Implement a reporting/ decision mechanism and maintain records.|
|Integrate ICT accessibility criteria into key phases of development, procurement, acquisitions, and other relevant business processes.||Identify candidate processes for criteria integration.||Implement process changes.||Integrate fully into all key processes.|
|Provide processes for addressing inaccessible ICT.||Create plans that include dates for compliance of inaccessible ICT.||Provide alternate means of access until the ICT is accessible; implement corrective actions process for handling accessibility technical issues and defects.||Maintain records of identified inaccessible ICT, corrective action, and tracking.|
|Ensure the availability of relevant ICT accessibility skills within (or to) the organization.||Define skills/job descriptions.||Identify existing resources that match up and address gaps.||Manage progress in acquiring skills and allocating qualified resources.|
|Make information regarding ICT accessibility policy, plans, and progress available to customers.||Make Launch level information available.||Make Integrate level information available.||Make Optimize level information available.|
PDAA Vendor Self-Assessment Tool
While the previous steps assist in building an understanding of the PDAA requirements, the PDAA Vendor Self-Assessment Tool takes those steps and transforms them into a questionnaire designed to gauge an organization’s maturity. At least two states, Texas and Minnesota have created Excel-based versions of the questionnaire (Texas questionnaire (XLSX file), Minnesota questionnaire (XLSX)). Each of these spreadsheets asks a series of questions related to the maturity model which result in a graphical assessment.
The creators of the PDAA also went to the extraordinary step of outlining implementation times for each of the maturity levels. Their assertion is that a committed organization with no accessibility governance can achieve an optimized state in 24 months.
The PDAA Generic Implementation Timetable
Criteria (begins when vendor is informed of PDAA)
- Develop, implement, and maintain an ICT accessibility policy. Overall time for implementation: 18 months
- Have an ICT accessibility policy — Within 6 months
- Have appropriate plans in place to implement and maintain the policy — Within 12 months
- Establish metrics and track progress towards achieving compliance to the policy — Within 18 months
- Establish and maintain an organizational structure that enables and facilitates progress in ICT accessibility. Overall time for implementation: 12 months
- Develop an organization wide governance system — Within 12 months
- Designate one or more individuals responsible for implementation — Within 6 months
- Implement reporting/decision mechanism and maintain records — Within 12 months
- Integrate ICT accessibility criteria into key phases of development, procurement, acquisitions, and other relevant business processes. Overall time for implementation: 18 months
- Identify candidate processes for criteria integration — Within 6 months
- Implement process changes — Within 12 months
- Integrate fully into all key processes — Within 18 months
- Within 12 months, provide a process for addressing inaccessible ICT including:
- a plan / date for compliance of an inaccessible ICT — Within 12 months
- an alternate means of access until the ICT is accessible — Within 12 months
- a corrective action process for handling accessibility technical issues and defects — Within 12 months
- Ensure the availability of relevant ICT accessibility skills within (or to) the organization. Overall time for implementation: 24 months
- Define skills/job descriptions — Within 6 months
- Identify existing resources that match up and address gaps — Within 18 months
- Manage progress in acquiring skills and allocating qualified resources — Within 24 months
- Make information regarding ICT accessibility policy, plans, and progress available to customers. Overall time for implementation: 12 months
- Make Launch level information available — Within 12 months
- Make Integrate level information available — Within 12 months
- Make Optimize level information available — Within 12 months
In conclusion, the Policy-Driven Adoption for Accessibility (PDAA) offers an opportunity to provide procurement officers with valuable insight into an organizations’ governance. The PDAA does not replace a VPAT, GPAT or other procurement centric processes. Rather, the PDAA is another tool that provides additional confidence that an organization is willing, ready, and able to provide the state with accessible ITC products.
About the Author
Hiram Kuykendall is chief technology officer for Microassist. He has more than 20 years of experience in custom application development and over 10 years of accessibility remediation for custom application development, elearning, and instructor-led training. In addition, Hiram advocates through public speaking and volunteer work specifically focused on the technical aspects of web accessibility. Hiram can be reached at email@example.com.
Copyright © 2016 by Hiram Kuykendall. Responses welcome.
Accessibility Services for Government
Our extensive experience in state government as a DIR-contracted vendor equips us to help both vendors and agency procurement professionals navigate the process of selling and acquiring accessible information and communications technologies. Contact us today for questions about PDAA, VPATs, and accessibility requirements.
“Voluntary Product Accessibility Template” and “VPAT” are Federally Registered Service Marks of the Information Technology Industry Council (ITI).