Skip to secondary navigation Skip to main content

Section 508 Considerations for Change Control Processes

Federal agencies must consider Section 508 requirements from the outset when updating or modifying their information and communication technology (ICT). Integrating Section 508 into the change control process ensures that accessibility is evaluated at every stage. This proactive approach prevents the introduction of new barriers, avoids costly rework, and maintains compliance with federal requirements. By embedding accessibility checks into standard change control steps, agencies can ensure system updates continue to meet the needs of every user.

Tip: Project teams should consider ICT accessibility implications early in the change control process and document it through analysis, development, and testing. Agencies should also ensure that vendor and contractor deliverables, including patches, releases, or enhancements, are accompanied by updated Accessibility Conformance Reports (ACRs or Voluntary Product Accessibility Template (VPAT)) and accessibility regression testing results.

Agencies should work closely with their Change Control Board (CCB) stakeholders, such as the Chief Technology Officer (CTO), Chief Information Officer (CIO), Chief Information Security Officer (CISO), Information System Security Officers (ISSOs), Privacy officials, and Contracting Officers (COs) or their representatives (CORs). A Section 508 Subject Matter Expert (SME) should be included in CCB discussions to provide authoritative input on accessibility considerations; final decision authority remains with the CCB leadership.

ICT accessibility considerations throughout each stage of the change control process are outlined below.

  1. Identification and Initiation

    Process: Submit change request and log request for tracking.

    Section 508 consideration: Include Section 508 considerations on the intake form such as: Does the change impact ICT accessibility? Has Section 508 been considered during the design and development process? Have you engaged with the Section 508 program as part of this change request? Require requesters to document any expected accessibility risk such as the likelihood of affecting public-facing content, major UI elements, or essential functions.

  2. Review and Assess

    Process: CCB performs an initial screening to ensure completeness, conduct an impact analysis, and complete a feasibility study to determine if change is technically feasible.

    Section 508 consideration: Include a Section 508 SME on the CCB who can confirm if the change applies to ICT and who can evaluate whether the change may introduce new accessibility defects or require additional Section 508 testing. Project teams should assess and categorize accessibility risk, such as Low, Moderate, or High user impact, in parallel with security, privacy, and operational risks.

  3. Approval and Prioritization

    Process: CCB reviews the change request and impact analysis, makes a determination to approve, reject, or defer the change or request additional information, and changes are prioritized.

    Section 508 consideration: Include a Section 508 SME on the CCB to ensure ICT accessibility is considered in the approval process. The Section 508 SME provides authoritative input to the CCB; if unresolved issues are identified, the CCB should require remediation or document risks in the approval record.

  4. Planning and Scheduling

    Process: Design technical implementation of the change, create a comprehensive test and implementation plan, and allocate resources.

    Section 508 consideration: Ensure Section 508 conformance testing is explicitly included in the test plan. Testing should include both automated and manual methods consistent in alignment with the ICT Accessibility Testing Baselines such as the Trusted Tester process, and should be documented in alignment with “Essential Elements of an Accessibility Test Report.”

  5. Implementation and Test

    Process: Implement the change according to relevant plans, conduct testing to verify the change, and track and resolve any defects or bugs found during testing.

    Section 508 consideration: Ensure comprehensive Section 508 conformance testing is completed and defects are identified and prioritized for remediation. If any defects are identified as critical issues, require remediation prior to approval. Agencies should confirm that vendor-delivered updates include Section 508 regression test evidence. Accessibility defects should be logged in the defect tracking system and, if unresolved, added to the system’s Plan of Action and Milestones (POA&M).

  6. Deployment and Monitoring

    Process: Deploy the change, monitor the change to ensure functionality is as expected, and conduct post-deployment review.

    Section 508 consideration: Ensure Section 508 conformance testing is included in post-deployment monitoring and review. Post-deployment accessibility checks should occur:
    1. After any significant user interface or user experience (UI/UX) changes.
    2. Upon receipt of user complaints or Help Desk tickets related to accessibility.
    3. On a recurring cadence such as quarterly review for high-impact systems.

  7. Documentation and Closeout

    Process: Attach all documentation in the tracking system and close change request.

    Section 508 consideration: Include Section 508 conformance testing results, remediation plans, and all other relevant ICT accessibility documentation in the tracking system. Ensure that accessibility documentation is linked to the broader system compliance record such as System Security Plan, Accessibility Compliance repository, or POA\&M, to support audits and Office of Management and Budget (OMB) reporting.

Reviewed/Updated: September 2025

Section508.gov

An official website of the General Services Administration

Looking for U.S. government information and services?
Visit USA.gov