Play 2: Assess your Section 508 program maturity

Some agencies have not established a formal Section 508 compliance program. Other agencies are just beginning to establish a Section 508 program, and they need to establish policies, procedures, training and communications to build awareness of what is required and who is responsible for addressing compliance needs. Agencies further along may have dedicated resources to perform testing to validate Section 508 conformance claims, but do not have a systematic approach to perform testing. Mature agencies demonstrate the ability to measure and monitor conformance to policies and actual compliance levels, and they use data to drive decision making to improve the effectiveness of their overall Section 508 program. Section 508 activities appropriate for mature organizations may not be appropriate for less mature organizations that do not have an adequate foundation to build upon. Therefore, an assessment of your agency’s Section 508 program maturity is essential to gauge where you are, and to determine what steps are necessary to improve your program.

Key Questions

• What is the current maturity of your agency’s Section 508 compliance program?
• How is your program’s maturity enabling or inhibiting your agency’s ability to provide accessible digital services and technology solutions?

Section 508 Program Maturity Levels

In the Government-wide Section 508 Strategic Plan, OMB requires agencies to assess their Section 508 program maturity using the following criteria:

• Ad Hoc: No formal policies, processes, or procedures defined.

  Your agency has not established a framework for the consistent management of Section 508 compliance requirements for the technology it buys, builds maintains and uses.

• Planned: Policies, processes, and procedures defined and communicated.

  Your agency’s approach to ensuring technology is Section 508 compliant is defined and integrated into its policies and procedures. Section 508 policies and procedures sufficiently address all technology your agency buys, builds maintains and uses, as scoped by the Section 508 standards.

• Resourced: Resources committed and/or staff trained to implement policies, processes, and procedures.

  Your agency’s leadership and staff understand and support the Section 508 policies and procedures, and know how to implement them. Your agency has dedicated sufficient resources to implement your Section 508 policies and procedures.

• Measured: Validation is performed; results are measured and tracked.

  Your agency tests and validates agency digital services and technology solutions to ensure they conform to the Section 508 standards. You are able to determine whether your policies and procedures are actually being followed. You measure the effectiveness of your Section 508 policies and procedures, and are able to use your measures to manage risk and prioritize opportunities for improving your compliance program.

Section 508 Program Maturity Domains

In the Government-wide Section 508 Strategic Plan, OMB requires agencies to assess their Section 508 program maturity in each of the following domains:

• Acquisition: Conduct validation of procurement solicitations to ensure incorporation of Section 508 contract language into Statements of Work and Performance Work Statements.

  When purchasing technology, you must ensure the acquisition process addresses section 508 requirements.  Solicitation language must clearly state what standards apply to the digital service or technology solution, and require potential vendors to demonstrate they can meet the requirements.

• Agency technology life cycles: Conduct validation of Section 508 requirements to ensure incorporation into agency life cycle activities, including enterprise architecture, design, development, testing, deployment, and ongoing maintenance activities.

  Enterprise life cycles are used to define the end-to-end approach to approving, building, deploying, and supporting agency technology. The least effective and most expensive approach to supporting compliance is to treat Section 508 requirements as an afterthought in response to test results, or worse in response to complaints from people with disabilities. The most effective and least expensive approach is to consider Section 508 requirements at all stages of the enterprise life cycle. This is analogous to the saying “it’s cheaper and easier to use an eraser to modify an architectural drawing than a sledgehammer to tear down a wall.”

• Testing and Validation: Testing and validation of Section 508 conformance claims.

  While a review of Voluntary Product Accessibility Templates (VPAT®) provided by a vendor or contractor is a starting point, sometimes testing may be required to validate assertions of Section 508 compliance, to inform remediation planning, and to monitor agency progress with achieving Section 508 compliance. In addition, testing may be required on an ongoing basis to validate the technology developed, maintained, and used by an agency is compliant with the applicable 508 standards as components are updated or replaced.

• Complaint Management: Track and resolve incoming Section 508 complaints.

  A clear process for addressing and tracking Section 508 complaints is necessary to provide for effective communication with complainants, to validate Section 508 non-compliance claims, to support an appropriate agency response aimed at minimizing legal exposure, costs, and loss of administrative time, and to serve as input into decisions related to resource and work planning.

• Training: Training for stakeholders on roles and responsibilities related to Section 508 compliance.

  Successful Section 508 programs rely on personnel with skills and expertise. Relevant resources need to be identified and trained. Mandatory training needs to be established and tracked. This includes, but is not limited to, training for web and software developers, acquisition professionals, human resource employees and communications specialists.

Basic Checklist

• Evaluate how existing agency policies, practices, and procedures support each maturity area.
  • Technology Processes: Technology Domains, Processes, Activities,
  • Technology Resources: Applications, Information, Infrastructure, People, and
  • Business Requirements: Effectiveness, Efficiency, Confidentiality, Integrity, Availability, Compliance, Reliability.
• Identify strengths and weaknesses of the organization’s current accessibility processes.
• Review Section 508 compliance challenges raised in previous complaints.
• Determine overall maturity level ratings using the OMB Agency Section 508 Reporting Template and instructions.
• Use data from maturity assessments to inform the agency’s response to the biennial Department of Justice Section 508 Survey.

Advanced Checklist

• Identify how the maturity of the current Section 508 program prepares you to transition to the new 508 standards.
• Assess the maturity of the Section 508 Program Team’s collaboration with offices that support:
  • Internal technology design, development, configuration, deployment, and maintenance,
  • Accommodations (Section 504 and 501),
  • Equal Opportunity Office,
  • Enterprise Architecture,
  • Investment Management,
  • Acquisition Management,
  • Enterprise Life Cycle Governance,
  • User Experience Design,
  • Help Desk and Customer Support,
  • Communications, Public Affairs, and Advocacy Group Outreach,
  • Security & Privacy, and
  • Legal.

Resources

• Strategic Plan: Improving Management of Section 508 of the Rehabilitation Act
• Training - How to Measure Your Agency’s 508 Program Training
• Section 508 OMB Dashboard/Reporting Template
• Section 508 OMB Dashboard/Reporting Template Instructions
• IT Dashboard.gov - For agency E-Gov Act accessibility related summaries