Sean,

Yes, it is the known as the (informally know as) "Safe Harbor" exception
E202.2 Legacy ICT:

" E202.2 Legacy ICT. Any component or portion of existing ICT that complies
with an earlier standard issued pursuant to Section 508 of the
Rehabilitation Act of 1973, as amended (as republished in Appendix D), and
that has not been altered on or after January 18, 2018, shall not be
required to be modified to conform to the Revised 508 Standards. "

Located here:
https://www.access-board.gov/guidelines-and-standards/communications-and-it/about-the-ict-refresh/final-rule/text-of-the-standards-and-guidelines#E202-general-exceptions


For an exact interpretation you might check with the US Access Board, but I
have provided training, with their staff, on this point.

Thanks!

** katie **

*Katie Haritos-Shea*

*Principal ICT Accessibility Architect, **Board Member and W3C Advisory
Committee Rep for Knowbility *

*WCAG/Section 508/ADA/AODA/QA/FinServ/FinTech/Privacy,* *IAAP CPACC+WAS = *
*CPWA* <http://www.accessibilityassociation.org/cpwacertificants>

*Cell: **703-371-5545 <703-371-5545>** |* ****@gmail.com
<***@gmail.com>* *| **Oakton, VA **|* *LinkedIn Profile
<http://www.linkedin.com/in/katieharitosshea/>*

People may forget exactly what it was that you said or did, but they will
never forget how you made them feel.......

Our scars remind us of where we have been........they do not have to
dictate where we are going.

All,

Thanks for this as it is valuable information And clarification.

[https://www.cisco.com/c/dam/m/en_us/signaturetool/images/banners/standard/02_standard_ciscoblue02.png]




Sean Murphy
SR ENGINEER.SOFTWARE ENGINEERING
***@cisco.com<mailto:***@cisco.com>
Tel: +61 2 8446 7751










Cisco Systems, Inc.
The Forum 201 Pacific Highway
ST LEONARDS
2065
Australia
cisco.com



[http://www.cisco.com/assets/swa/img/thinkbeforeyouprint.gif]

Think before you print.

This email may contain confidential and privileged material for the sole use of the intended recipient. Any review, use, distribution or disclosure by others is strictly prohibited. If you are not the intended recipient (or authorized to receive for the recipient), please contact the sender by reply email and delete all copies of this message.
Please click here<http://www.cisco.com/c/en/us/about/legal/terms-sale-software-license-agreement/company-registration-information.html> for Company Registration Information.







From: Jonathan Avila <***@levelaccess.com>
Sent: Friday, 3 August 2018 9:20 AM
To: w3c-wai-***@w3.org
Subject: RE: Procurement of 3rd party tools

I’d also add that FAR rules unifying procurement in the US Federal Government have still not been updated (see open FAR cases (https://www.acq.osd.mil/dpap/dars/opencases/farcasenum/far.pdf) and thus we are still seeing mostly the original standards referenced in Federal procurement. Agencies can have internal guidance as well – but without the FAR updates more of the work seems to be around the revised Section 508 with focus on the development, use, and maintenance of ICT within agencies with less emphasis with updated procurement standards then I would have expected to have seen at this date. GSA has been educating agency staff on the updates but it has taken time to get the updates wide spread in RFP and other procurement documents.

Jonathan

Jonathan Avila, CPWA
Chief Accessibility Officer
Level Access
***@levelaccess.com<mailto:***@levelaccess.com>
703.637.8957 office

Visit us online:
Website<http://www.levelaccess.com/> | Twitter<https://twitter.com/LevelAccessA11y> | Facebook<https://www.facebook.com/LevelAccessA11y/> | LinkedIn<https://www.linkedin.com/company/level-access> | Blog<http://www.levelaccess.com/blog/>

Looking to boost your accessibility knowledge? Check out our free webinars!<https://www.levelaccess.com/compliance-resources/webinars/>

The information contained in this transmission may be attorney privileged and/or confidential information intended for the use of the individual or entity named above. If the reader of this message is not the intended recipient, you are hereby notified that any use, dissemination, distribution or copying of this communication is strictly prohibited.

From: Katie Haritos-Shea <***@gmail.com<mailto:***@gmail.com>>
Sent: Thursday, August 2, 2018 6:59 PM
To: Sean Murphy (seanmmur) <***@cisco.com<mailto:***@cisco.com>>
Cc: Salazar, Joshua Allen <***@cmich.edu<mailto:***@cmich.edu>>; w3c-wai-***@w3.org<mailto:w3c-wai-***@w3.org>
Subject: Re: Procurement of 3rd party tools

There is a caveat to the VPAT 1.0 being valid today, the only way US government will accept it, as I understand the new standards, is if that product was proven to be 100% compliant with the old standard at some time before January 18, 2018 - and that nothing has changed with the product.


* katie *

Katie Haritos-Shea
Principal ICT Accessibility Architect,
Board Member and W3C Advisory Committee Rep for Knowbility

WCAG/Section 508/ADA/AODA/QA/FinServ/FinTech/Privacy, IAAP CPACC+WAS = CPWA<http://www.accessibilityassociation.org/cpwacertificants>

Cell: 703-371-5545<tel:703-371-5545> | ***@gmail.com<mailto:***@gmail.com> | Oakton, VA | LinkedIn Profile<http://www.linkedin.com/in/katieharitosshea/>

People may forget exactly what it was that you said or did, but they will never forget how you made them feel.......

Our scars remind us of where we have been........they do not have to dictate where we are going.

On Thu, Aug 2, 2018 at 6:42 PM, Sean Murphy (seanmmur) <***@cisco.com<mailto:***@cisco.com>> wrote:
Joshua

The VPAT 1.0 is still a valid document to evaluate products that have not been updated since the introduction of the refresh Section 508 which started the beginning of this year and the introduction of VPAT 2.0. The two documents are clearly different and is very easy to identify the differences. I expect companies will only upgrade to the new version of VPAT 2.0 when new releases of their products hit the market.




[https://www.cisco.com/c/dam/m/en_us/signaturetool/images/banners/standard/02_standard_ciscoblue02.png]




Sean Murphy
SR ENGINEER.SOFTWARE ENGINEERING
***@cisco.com<mailto:***@cisco.com>
Tel: +61 2 8446 7751










Cisco Systems, Inc.
The Forum 201 Pacific Highway<https://maps.google.com/?q=201+Pacific+Highway+%0D%0A+ST+LEONARDS+%0D%0A+2065+%0D%0A+Australia&entry=gmail&source=g>
ST LEONARDS<https://maps.google.com/?q=201+Pacific+Highway+%0D%0A+ST+LEONARDS+%0D%0A+2065+%0D%0A+Australia&entry=gmail&source=g>
2065<https://maps.google.com/?q=201+Pacific+Highway+%0D%0A+ST+LEONARDS+%0D%0A+2065+%0D%0A+Australia&entry=gmail&source=g>
Australia<https://maps.google.com/?q=201+Pacific+Highway+%0D%0A+ST+LEONARDS+%0D%0A+2065+%0D%0A+Australia&entry=gmail&source=g>
cisco.com<http://cisco.com>



[http://www.cisco.com/assets/swa/img/thinkbeforeyouprint.gif]

Think before you print.

This email may contain confidential and privileged material for the sole use of the intended recipient. Any review, use, distribution or disclosure by others is strictly prohibited. If you are not the intended recipient (or authorized to receive for the recipient), please contact the sender by reply email and delete all copies of this message.
Please click here<http://www.cisco.com/c/en/us/about/legal/terms-sale-software-license-agreement/company-registration-information.html> for Company Registration Information.







From: Salazar, Joshua Allen <***@cmich.edu<mailto:***@cmich.edu>>
Sent: Friday, 3 August 2018 3:01 AM
To: 'w3c-wai-***@w3.org<mailto:w3c-wai-***@w3.org>' <w3c-wai-***@w3.org<mailto:w3c-wai-***@w3.org>>

Subject: RE: Procurement of 3rd party tools

Thank you all for your input. I’ve received a lot of useful resources and advice so far. I’m diligently reviewing your responses to compile communication to share with administration and legal.

Thank you again.

[cid:***@01D42B0C.05BD7010]

Joshua Salazar
UI / UX Designer & Developer
Office of Information Technology
PA Council Academic Division
P: 989-774-3424



From: Urban, Mark (CDC/OCOO/OCIO/ITSO) <***@cdc.gov<mailto:***@cdc.gov>>
Sent: Thursday, August 2, 2018 11:34 AM
To: Salazar, Joshua Allen <***@cmich.edu<mailto:***@cmich.edu>>; 'w3c-wai-***@w3.org<mailto:w3c-wai-***@w3.org>' <w3c-wai-***@w3.org<mailto:w3c-wai-***@w3.org>>
Subject: RE: Procurement of 3rd party tools

Hi Josh,

There was a similar discussion a few weeks back on this list. I’ll reiterate the approach I recommend below. Whether you use a third-party vendor or use your own tool, it’s the platform AND actual content (or authored output) that needs to be accessible to WCAG 2.0 or 2.1 BASED ON THE USAGE:

<quote begins>

Speaking for myself, I try to keep these things easy. The legal minutia can get fuzzy, and frankly is not always clear from case to case. So, in layman’s terms: If you are covered by the ADA and/or Rehab Act (State Universities in the US are covered by both), then:


• If you MADE the content or someone could reasonably assume it was made by you, then it must be fully accessible. (we often put this at CDC in the terms, “if it has our logo, it has our responsibility”)

• If you REQUIRE content’s use as part of your service, then it must be either accessible or an accommodation provided. (e.g. a course homework to watch a YouTube video not made by you, a Doodle poll for setting office hours)

• If you NEITHER MADE NOR REQUIRE the content, then you do not generally need to ensure accessibility (again, weird and extraneous case law here, so check with a lawyer in your area), though of course I’d always recommend it or at least ask the platform/creator to make it accessible.

Note that if you are using funds from HHS, we specifically state WCAG/508 conformance as our standard for meeting 504 responsibilities for grant-funded activities.

<end quote>

Many third party vendors have VPATs for Federal 508 reporting. Its always worth asking if a VPAT isavailable for the platform when considering the service. The challenge in a lot of educational environs is that there is no governance in the usage of anything. I know security professionals who lose a lot of sleep in this area – you may want to partner with them to get a better handle on the toolsets being used and the process for approval.

Regards,
Mark D. Urban
CDC/ATSDR Section 508 Coordinator
Office of the Chief Information Officer (OCIO)
Office of the Chief Operating Officer (OCOO)
***@CDC.gov<mailto:***@CDC.gov> | 919-541-0562 office
[cid:***@01D39E67.CE8948C0]


From: Salazar, Joshua Allen <***@cmich.edu<mailto:***@cmich.edu>>
Sent: Thursday, August 2, 2018 10:14 AM
To: w3c-wai-***@w3.org<mailto:w3c-wai-***@w3.org>
Subject: Procurement of 3rd party tools

Hello,

I work in higher education and we’re currently going through a rather large accessibility initiative right now. Yesterday something interesting came up and I thought this group would be a good group to consult.

We have a process of requiring information from 3rd party vendors, but do not have a set accessibility standard for which they must meet. We are often finding all or a majority of vendors are not fully ADA compliant and, up until recently, we’ve been okay with it. Since the vendors are meeting all of our technical and business process requirements, we don’t want to give up on them if they’re not ADA compliant. Currently, our process is still very much up in the air since there are a lot of variables. We do require a VPAT as part of the RFI but we don’t really do much with it right now.

I’m working with legal at my institution to find and define a standard for which third party tools must meet. We are also working on communication with the vendors to discuss remediation plans. My question for the group, does anyone else have a similar process they would be willing to share? How we might define “ADA compliance” as it relates to 3rd party tools? Should we develop our own instrument for assessing this, is there a minimum score/response on the VPAT that we should require, or ???

Any information would be helpful.

Thank you!
-Josh