HHS Policy for Section 508 Compliance and Accessibility of Information and Communications Technology (ICT)

Document #: HHS-OCIO-OES-2020-07-007
Version #: 2.0
Last Reviewed: 07/2020
Next Review: 07/2023
Owner: OCIO/OES
Approved By: Jose Arrieta, Chief Information Officer (CIO)

Table of Contents

1. Nature of Changes
2. Purpose
3. Background
4. Scope
5. Authorities
6. Policy
7. Roles and Responsibilities
   • 7.1. HHS Chief Information Officer (CIO)
   • 7.2. OpDiv CIOs
   • 7.3. Department-level Enterprise IT Governance Board
   • 7.4. HHS Section 508 Governing Board
   • 7.5. HHS Section 508 Program Director
   • 7.6. OpDiv Section 508 Program Manager
   • 7.7. HHS Staff
8. Information and Assistance
9. Effective Date and Implementation
10. Approval

Appendix A: Procedures

Complaint Resolutions

Requesting Section 508 Exceptions

Appendix B: Standards

General Exceptions

Support Services & Documentation Standards

Software Standards

Hardware Standards

Functional Performance Requirements

Electronic Content Standards

WCAG Level A Requirements

Appendix C: Guidance

Appendix D: Forms and Templates

Voluntary Product Accessibility Template (VPAT™)

Appendix E: Glossary and Acronyms

Glossary

Acronyms

Disclaimer: This document contains links to external websites that provide additional information. HHS cannot attest to the accessibility of or be held responsible for external site content. Links to external sites do not constitute an endorsement by HHS or any of its employees of the sponsors or the information and products presented on the site. By following a link, the user is subject to the destination site’s privacy policy and/or terms of service.

---

1. Nature of Changes

This HHS Policy for Section 508 Compliance and Accessibility of ICT (hereafter referred to as Policy) revises and supersedes the Department of Health and Human Services (HHS) Policy on Section 508 and Accessibility of Technology issued on April 27, 2016. This Policy was revised to reflect updates to roles and responsibilities, procedures, standards, and guidance.

Role titles have been revised to more closely align with the Office of Personnel Management (OPM) terminology. The previous role duties of a Section 508 Official have been rolled up into the responsibilities of a CIO. The title of HHS Section 508 Program Director is a new role that is defined later in this Policy. The title of Section 508 Program Manager is equivalent to the previous role of Section 508 Coordinator.

2. Purpose

The purpose of this Policy is to implement uniformity and conformity of accessibility compliance across all of HHS. This Policy implements Section 794d of Title 29, United States Code (USC), also known as Section 508 of the Rehabilitation Act of 1973, as amended; Part 1193 and 1194 of Title 36, Code of Federal Regulations (CFR); Subpart 39.2 of the Federal Acquisition Regulation (FAR); and Section 508 standards set by the United States Access Board. Additionally, Section 504 of the Rehabilitation Act of 1973, as amended, is addressed where necessary.

All HHS entities and organizations (including examples such as, but not limited to, content creators, grantees, employees, and contractors) conducting business for, and on behalf of, the Department must conform in order to achieve uniformity.

3. Background

Section 504 and Section 508 of the Rehabilitation Act of 1973, codified at sections 29 USC 794 and 794d, as amended, to ensure those with disabilities have equal access to government information as contained on information and communications technology (ICT), and thereby to the government employment, programs, and services to which all citizens are entitled. As use of information technology (IT) has greatly increased within the workplace, and out, in recent years, and additional legislation has required ever-more access to government information, there is a great need for strong, effective policy to ensure compliance with this important law.

This Policy intends to delineate HHS roles and responsibilities, procedures, and standards requisite to ensure HHS is a government leader in accessibility.

4. Scope

This Policy applies to all Department ICT developed, procured, funded, maintained, or used by HHS on or after June 21, 2001 and requires adherence to the original Section 508 standards. Furthermore, any ICT developed, procured, funded, maintained, or used on or after January 18, 2018 must adhere to the Revised Section 508 Standards (see Appendix B of this Policy). This Policy applies to all HHS internal content and communications and external content that is available publicly.
Operating Divisions (OpDiv) and Staff Divisions (StaffDiv), at a minimum, must adhere to this Policy and can choose to adopt a more restrictive policy. They must not adopt one that is less restrictive, less comprehensive or less compliant, as deemed by the HHS Section 508 governing board.
Where an OpDiv or StaffDiv cannot provide a federal resource for one or more of the outlined roles, the OpDiv or StaffDiv must supply the Section 508 governing board with a contingency plan on how the listed responsibilities will be maintained and executed. The contingency plan must include, at a minimum, who has authority to make decisions on behalf of the government during vacancies or absences and the re-routing of communication where a recipient is specified in this Policy. A federal employee must determine risk-based decisions, although a contractor may provide guidance and advice to the federal employee to help with the decision. A contractor can also assist a federal employee by being assigned one or more of the listed tasks of a role. Both the individual delegating and the individual accepting responsibility must agree upon all delegations. 

This Policy does not supersede any applicable law or policy other than specified in Section 1.

5. Authorities

Authorities include:

1. Communications Act of 1934, 47 USC § 255 (1996)
2. FAR; Electronic and Information Technology Accessibility, 48 CFR. § 39.2 [FAC 97-27; FAR Case 1999-607]
3. Federal Information Technology Acquisition Reform Act (FITARA), Public Law 113-291, div. A, tit. VIII, Subtitle D, 128 Stat. 3292, 3438-50 (2014)
4. HHS Acquisition Regulation (HHSAR)
5. Information and Communication Technology Accessibility Standards and Guidelines, 36 CFR. § 1193 -1194 (2018)
6. Office of Management and Budget (OMB) Memorandum M-17-06, Policies for Federal Agency Public Websites and Digital Services (2017)
7. OMB Memorandum M-13-13, Open Data Policy-Managing Information as an Asset (2013)
8. OMB Memorandum M-16-20, Category Management Policy 16-3: Improving the Acquisition and Management of Common Information Technology: Mobile Devices and Services (2016)
9. OMB Memorandum, Improving the Accessibility of Government Information (2010)
10. OMB Strategic Plan for Improving Management of Section 508 of the Rehabilitation Act (2013)
11. Rehabilitation Act of 1973, 29 U.S.C. § 701 et seq., as amended, Sections 504 and 508, 29 U.S.C. §§ 794, 794(d), as amended.
12. Workforce Innovation and Opportunities Act, Public Law 113-128 (2016)

6. Policy

All ICT developed, procured, funded, maintained, and used by HHS must be accessible to individuals with disabilities in accordance with Section 504 and Section 508 of the Rehabilitation Act of 1973.  Misrepresentation of ICT accessibility or failure to provide ICT products or services that meet the specified level of conformance puts the agency at risk of legal action and denies those who require comparable access.

1. HHS personnel with disabilities must have the same (or comparable) access to and use of information and data as HHS personnel who do not have disabilities, unless an exception is granted, as detailed in Appendix A of this Policy.
2. Members of the public with disabilities seeking information or services from an HHS OpDiv must have the same (or comparable) access to, and use of, that information and services as members of the public who do not have disabilities, unless an exception is granted, as detailed in Appendix A of this Policy.
3. Content and system owners (see Glossary for definition) and authors are accountable and responsible for ensuring that their system(s), product(s) and/or service(s) are accessible to HHS personnel and members of the public. Owners and authors must consult with their respective OpDiv Section 508 program team to confirm compliance has been met.

7. Roles and Responsibilities

7.1. HHS Chief Information Officer (CIO)

The HHS CIO or designee(s) must:

1. Ensure funding and resources are available for the Department-level and OS comprehensive Section 508 program. Program activities include, but are not limited to, the management, implementation, and governance infrastructure. 
2. Designate an HHS Section 508 Program Director.
3. Facilitate Section 508 governing board issues or concerns to the appropriate HHS leadership organizations (i.e. HHS CIO Council and/or Administration and Management Domain IT Steering Committee (AMD ITSC)).
4. Leverage CIO authorities to ensure Section 508 is incorporated into the acquisition, EPLC, and CPIC processes.

7.2. OpDiv CIOs

Each OpDiv CIO or designee(s) must:

1. Serve as the Section 508 Official. 
2. Ensure funding and resources are available for the OpDiv comprehensive Section 508 program.
3. Designate an OpDiv Section 508 Program Manager and communicate that selection to the HHS Section 508 Program Director.
4. Facilitate Section 508 issues or concerns to the appropriate OpDiv leadership organization.
5. Leverage CIO authorities to ensure Section 508 is incorporated into the acquisition, EPLC, and CPIC processes.

7.3. Department-level Enterprise IT Governance Board

The responsibilities specific to Section 508 are as follows:

1. Confirm ICT acquisitions, investments, and projects follow Section 508 standards and guidelines set forth by the HHS Section 508 governing board.
2. Collaborate with the HHS Section 508 governing board on the promotion of Section 508 awareness.

7.4. HHS Section 508 Governing Board

The HHS Section 508 governing board is accountable for providing consistent direction and oversight on HHS-wide Section 508 activities. The HHS Section 508 governing board must:

1. Institute HHS-wide standards, policies, guidelines, and criteria for Section 508 related activities.
2. Regularly apprise the Department-level Enterprise IT Governance Board of Section 508 recommendations and status.
3. Collaborate on best practices and lessons learned from Section 508 review and testing of ICT.
4. Resolve disparities and issues between OpDivs regarding Section 508 interpretations.
5. Review, provide update recommendations, and uphold this Policy.

7.5. HHS Section 508 Program Director

The HHS Section 508 Program Director or designee(s) must:

1. Organize the support of the HHS Section 508 governing board.
2. Collaborate on Department-level Section 508 related activities consisting at a minimum of trainings, acquisitions, evaluations, exceptions, and complaint consultations.
3. Consolidate HHS Section 508 reporting metrics, as requested.
4. Administer Section 508 data collection tools for the agency.
5. Coordinate communications between the Section 508 governing board and Department-level Enterprise IT Governance Board on Section 508 recommendations and status.
6. Facilitate the review, updates, and maintenance of HHS policies involving Section 508.
7. Escalate Department-level Section 508 concerns and issues to the Section 508 governing board.
8. Represent the Department in all federal and interagency activities related to Section 508.
9. Routinely monitor the Section 508 website of the U.S. Access Board and the General Services Administration (GSA) for updated guidance, training opportunities, and best practices.

7.6. OpDiv Section 508 Program Manager

Each respective OpDiv Section 508 Program Manager or designee(s) must:

1. Oversee the OpDiv Section 508 Program activities, including ensuring the OpDiv abides by established standards and implementing OpDiv and agency policies, guidelines, and best practices.
2. Execute OpDiv owned and managed Section 508 related activities consisting at a minimum of trainings, acquisitions, evaluations, exceptions, and complaint consultations.
3. Establish the respective OpDivs’ Section 508 management, implementation, and governance plans that are at a minimum in compliance with Department-level Section 508 policies, procedures, and performance measures. 
4. Develop and implement methods for monitoring adherence to Section 508 policies and procedures and provide reports, as necessary.
5. Participate in the OpDiv CPIC, acquisition, EPLC, and business operations processes to ensure ICT appropriately includes Section 508.
6. Authorize or reject, or determine guidelines for, ICT in which the OpDiv procures, develops, maintains, or uses to be deployed or published on the merits of Section 508 conformance.
7. Collect and report OpDiv Section 508 metrics as required to the HHS Section 508 Program Director.
8. Escalate Section 508 concerns and issues related to the OpDiv or Department to the Section 508 governing board.
9. Represent the OpDiv within the HHS Section 508 governing board.
10. Represent the OpDiv in all federal and interagency activities related to Section 508.
11. Routinely monitor the Section 508 website of the U.S. Access Board and the General Services Administration (GSA) for updated guidance, training opportunities, and best practices.

7.7. HHS Staff

In order to ensure all content, systems, products or services that are procured, designed, authored, developed, maintained or used conform to Section 508 standards, all HHS entities or organizations must:

1. Adhere to federal, Department-level, and OpDiv Section 508 standards for all ICT.
2. Engage with a respective OpDiv Section 508 program team as early as possible in the acquisition, development, or authoring process of any type of ICT.
3. Seek guidance and advice on accessibility principles and standards from a respective OpDiv Section 508 program team during any phase of acquisition, authoring, or development.
4. Consult with a respective OpDiv Section 508 program team to confirm compliance is met for any system, content, product or service being procured, funded, developed, maintained or used.
5. Provide evidence of accessibility conformance when required.

8. Information and Assistance

Accessibility-related information and communications applicable to all of HHS will be disseminated electronically and through the OpDiv Section 508 programs.  Questions, comments, suggestions, and requests for information about HHS’ implementation, activities and other items should be addressed to a user’s respective OpDiv Section 508 program.

The Section 508 governing board is responsible for the development and management of this Policy.  Questions, comments, suggestions, and requests for information about this Policy should be directed to the HHS Section 508 Helpdesk.

9. Effective Date and Implementation

The effective date of this Policy is the date on which the policy is approved. This Policy must be reviewed, at a minimum, every three (3) years from the approval date.  The HHS CIO has the authority to grant a one (1) year extension of the policy.  To archive this Policy, approval must be granted, in writing, by the HHS CIO.

10. Approval

/S/

Jose Arrieta, Chief Information Officer (CIO)

07/18/2020

Appendix A: Procedures

Please note that this appendix is subject to change at any time. The current version of this Policy will always reside in the OCIO Policy Library

Complaint Resolutions

For general questions or comments regarding accessibility pertaining to the Department or OS send an email to the HHS Section 508 Help Desk or for other OpDivs contact the respective OpDiv Section 508 program team. Note: Do not disclose procurement sensitive information until a representative has responded to the inquiry.

Formal complaints must either be routed to the Office for Civil Rights (OCR) or the Equal Employment Opportunity (EEO) office. It is up to the party filing the complaint to determine if an OpDiv-level or agency-wide entity will receive the submission. Upon request of an OCR or EEO entity, the respective Section 508 Program Manager or designee will assist in the complaint process. Each OpDiv Section 508 Program Manager or designee is responsible for aiding in complaints pertaining to an OpDiv system, product, content, or service.  Assistance may include, but is not limited to, gathering data, performing evaluations or providing guidance.

Prior to a complaint being submitted, the nature of the complaint must be determined. The OCR investigates complaints related to civil rights, conscience, religious freedom, and health information privacy at covered entities under the follow authorities:

• Federal civil rights laws,
• Conscience and religious freedom laws,
• Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security, and Breach Notification Rules, and
• Patient Safety Act and Rules

Complaints can be filed on behalf of yourself, someone else, or an organization. OCR complaints must be filed using the OCR’s Complaint Portal Assistant. The OCR’s procedures will be followed and the applicable parties will be contacted if the complaint refers to an entity within an OpDiv.

The EEO office processes complaints of employment discrimination based on disability.  Federal employees and applicants for federal employment who believe they have been subjected to discrimination must contact an EEO counselor within forty-five (45) calendar days of the alleged discriminatory action. EEO contact information can be located on the EEO Programs and Offices website. The complaint will then follow the EEO office’s procedures until a determination is reached.

Requesting Section 508 Exceptions

ICT systems, products, content, or services that are available to the public or to federal employees must be accessible to people with disabilities, unless a formal request for an exception is submitted and approved. Exceptions will be considered on a case-by-case basis. When exceptions are necessary during the acquisition lifecycle, the decision process must be consistent with the exception processes set forth in FAR 39.204 and HHSAR 339.204-1. Exceptions only apply to specific features or functions that cannot be made accessible or meet other defined criteria as contained in the FAR, HHSAR, and U.S. Access Board rules/issuances. In a majority of cases, it is not likely one hundred percent (100%) of a system, product, content, or service will be granted an exception. Exceptions are granted in limited instances.

Prior to being considered for a Section 508 exception, the system or content owner must determine which exception to claim and perform an evaluation against the Section 508 exception criteria as laid out in the Section 508 standards.

An exception request with accompanying documentation must be sent to the OpDiv Section 508 Program Manager for consideration.  Submission of the exception request does not indicate acceptance or denial of an exception.  The OpDiv Section 508 Program Manager and/or designee will provide a determination following a review of the documentation and performing a risk analysis.  Unless an exception has been granted, the Section 508 standards always apply.

Documentation of the evaluation must be created to include but not limited to:

1. Date of Justification;
2. Name of the system, product, content, or service;
3. Version Number (where applicable);
4. Name of the content or system owner;
5. Contact information for the content or system owner;
6. Name of the feature(s) or function(s) for which an exception is being requested;
7. Name of the exception being claimed;
8. The criteria deemed to warrant the exception;
9. Justification of the exception (including where applicable which technical standards cannot be met);
10. Screenshots (where applicable);
11. List of controls (i.e. the impacted actionable elements, where applicable);
12. Identify a plan to meet the needs of people with disabilities through alternative means.

Granted exceptions are subject to periodic review in order to determine the current status of the exception. System and content owners must notify the respective OpDiv Section 508 program team if there are any modifications or status changes to the exempted feature(s) and/or function(s). Changes to or removal of the exempted portion(s) will initiate a follow-up review and determination.

Appendix B: Standards

Please note that this appendix is subject to change at any time. The current version of this Policy will always reside in the OCIO Policy Library

ICT products can pertain to one or more groups of standards. To be considered compliant the ICT must be evaluated under any and all applicable standards. The evaluation workflow should determine the applicability of an exception and then assess the applicable technical standard(s). (Categories and format of content curtesy ofGSA’s Revised 508 Standards Applicability Checklist.)

General Exceptions

• Legacy ICT
• National Security Systems
• ICT Acquired Incidental to a Federal Contract
• Functions Located in Maintenance or Monitoring Spaces
• Undue Burden
• Fundamental Alteration
• Best Meets

Support Services & Documentation Standards

• 602 Support Documentation
• 603 Support Services

Software Standards

• 502 Interoperability with Assistive Technology
• 503 Application
• 504 Authoring Tools

Hardware Standards

• 402 Closed Functionality
• 403 Biometrics
• 404 Preservation of Information Provided for Accessibility
• 405 Privacy
• 406 Standard Connections
• 407 Operable Parts
• 408 Display Screens
• 409 Status Indicators
• 410 Color Coding
• 411 Audible Signals
• 412 ICT with Two Way Voice Communications
• 413 Closed Caption Processing Technologies
• 414 Audio Description Processing Technologies
• 415 User Controls for Captions and Audio Descriptions

Functional Performance Requirements

The following apply when the 508 Standards do not address one or more functions of the ICT, or when determining “equivalent facilitation.”

• 302.1 Without Vision
• 302.2 With Limited Vision
• 302.3 Without Perception of Color
• 302.4 Without Hearing
• 302.5 With Limited Hearing
• 302.6 Without Speech
• 302.7 With Limited Manipulation
• 302.8 With Limited Reach and Strength
• 302.9 With Limited Language, Cognitive, and Learning Abilities

Electronic Content Standards

WCAG Level A Requirements

• 1.1.1 Non-text Content
• 1.2.1 Audio-only and Video-only (Prerecorded)
• 1.2.2 Captions (Prerecorded)
• 1.3.1 Info and Relationships
• 1.3.2 Meaningful Sequence
• 1.3.3 Sensory Characteristics
• 1.4.1 Use of Color
• 1.4.2 Audio Control
• 2.1.1 Keyboard
• 2.1.2 No Keyboard Trap
• 2.2.1 Timing Adjustable
• 2.2.2 Pause, Stop, Hide
• 2.3.1 Three Flashes or Below Threshold
• 2.4.1 Bypass Blocks (not required for non-web documents and software)
• 2.4.2 Page Titled
• 2.4.3 Focus Order
• 2.4.4 Link Purpose (In Context)
• 3.1.1 Language of Page
• 3.2.1 On Focus
• 3.2.2 On Input
• 3.3.1 Error Identification
• 3.3.2 Labels or Instructions
• 4.1.1 Parsing
• 4.1.2 Name, Role, Value

WCAG Level AA Requirements

• 1.2.4 Captions (Live)
• 1.2.5 Audio Description (Prerecorded)
• 1.4.3 Contrast (Minimum)
• 1.4.4 Resize Text
• 1.4.5 Images of Text
• 2.4.5 Multiple Ways (not required for non-web documents and software)
• 2.4.6 Headings and Labels
• 2.4.7 Focus Visible
• 3.1.2 Language of Parts
• 3.2.3 Consistent Navigation (not required for non-web documents and software)
• 3.2.4 Consistent Identification (not required for non-web documents and software)
• 3.3.3 Error Suggestion
• 3.3.4 Error Prevention (Legal, Financial, Data)

WCAG Conformance Requirements

• Understanding Conformance Requirements
  • Conformance Levels - Requirement 1
  • Full Pages - Requirement 2
  • Complete Processes - Requirement 3
    • (for software, see E207.3)
  • Only Accessibility-Supported Ways of Using Technologies - Requirement 4
  • Non-Interference - Requirement

Appendix C: Guidance

Please note that this appendix is subject to change at any time. The current version of this Policy will always reside in the OCIO Policy Library

The displayed chart provides a graphical view of the Section 508 hierarchy and structure within HHS. The HHS CIO, Department-level Enterprise IT Governance Board, and OpDiv CIOs are on the same level, while the HHS Section 508 Program Director, HHS Section 508 governing board, and OpDiv Section 508 Program Managers are on a second level. Each first-level entity interacts with the second-level entity as follows:

• HHS CIO appoints the HHS Section 508 Program Director
• OpDiv CIO appoints the respective OpDiv Section 508 Program Manager
• The HHS CIO and OpDiv CIOs are represented on the Department-level Enterprise IT Governance Board
• The Section 508 Program Director and OpDiv Section 508 Program Managers are represented on the HHS Section 508 governing board
• HHS Section 508 governing board reports to the Department-level Enterprise IT Governance Board

The following table is a RACI (Responsible, Accountable, Consulted, and Informed) chart of the roles and responsibilities as they relate to Section 508 activities within and belonging to the Department. A legend is provided to identify each role.

• HHS CIO = HHS CIO
• OpDiv CIO = OpDiv CIO
• EIT GB = Department-level Enterprise IT Governance Board
• 508 GB = HHS Section 508 governing board
• HHS 508 PD = HHS Section 508 Program Director
• OpDiv PM = OpDiv Section 508 Program Manager
• HHS Staff = All HHS Entities and Organizations

Task	HHS CIO	OpDiv CIO	EIT GB	508 GB	HHS 508 PD	OpDiv PM	HHS Staff
Ensure funding and resources are available for the Department-level and OS comprehensive Section 508 program. Program activities include, but are not limited to, the management, implementation, and governance infrastructure.	A, R	I	I	I	C, I	C
Designate an HHS Section 508 Program Director.	A, R	I	I	I		C, I
Facilitate Section 508 governing board issues or concerns to the appropriate HHS leadership organizations (i.e. HHS CIO Council and/or Administration and Management Domain IT Steering Committee (AMD ITSC)).	A, R		I	I	C, I	I
Leverage CIO authorities to ensure Section 508 is incorporated into the acquisition, EPLC, and CPIC processes.	A, R	A, R
Ensure funding and resources are available for the OpDiv comprehensive Section 508 program.	I	A, R		I		C, I
Designate an OpDiv Section 508 Program Manager.	I	A, R		I	C, I
Facilitate Section 508 issues or concerns to the appropriate OpDiv leadership organizations.		A, R		I	I	C, I
Confirm ICT acquisitions, investments, and projects follow Section 508 standards and guidelines set forth by the HHS Section 508 governing board.			A, R	C, I	C	I
Collaborate with the HHS Section 508 governing board on the promotion of Section 508 awareness.			A, R	C, I	C	I
Institute HHS-wide standards, policies, guidelines, and criteria for Section 508 related activities.				A,R	C
Collaborate on best practices and lessons learned from Section 508 review and testing of ICT.			I	A, R	C	C
Regularly apprise the Department-level Enterprise IT Governance Board of Section 508 recommendations and status.			I	R, C	A, R	I
Resolve disparities and issues between OpDivs regarding Section 508 interpretations.				A, R	C, I	C. I
Review, provide recommendations to update, and uphold this policy.				A, R	C	C	I
Organize the support of the HHS Section 508 governing board.	I			C, I	A, R
Collaborate on Department-level Section 508 related activities consisting at a minimum of trainings, acquisitions, evaluations, exceptions, and complaint consultations.	I	I		C, I	A, R
Consolidate HHS Section 508 reporting metrics, as requested.				I	A, R
Administer Section 508 data collection tools for the agency.				C, I	A, R	C, I
Coordinate communications between the Section 508 governing board, Department-level Enterprise IT Governance Board, and HHS CIO on Section 508 recommendations and status.	C, I		C, I	C, I	A, R
Facilitate the review, updates, and maintenance of HHS policies involving Section 508.				C, I	A, R	I	I
Escalate Department-level Section 508 concerns and issues to the Section 508 governing board.				C, I	A, R
Represent the Department in all federal and interagency activities related to Section 508.				C, I	A, R
Routinely monitor the Section 508 website of the U.S. Access Board and the General Services Administration (GSA) for updated guidance, training opportunities, and best practices.				R	A, R	R
Establish the respective OpDivs' Section 508 management, implementation and governance plans that are at a minimum in compliance with Department-level Section 508 policies, procedures, and performance measures.		I		C, I	C, I	A, R
Oversee the OpDiv Section 508 Program activities, including ensuring the OpDiv abides by established standards and implementing OpDiv and agency policies, guidelines, and best practices.					C	A, R
Execute OpDiv owned and managed Section 508 related activities consisting at a minimum of trainings, acquisitions, evaluations, exceptions, and complaint consultations.		I		I	I	A, R	I
Participate in the OpDiv CPIC, acquisition, EPLC, and business operations processes to ensure ICT appropriately includes Section 508.		I				A, R
Authorize or reject, or determine guidelines for, ICT in which the OpDiv procures, develops, maintains, or uses to be deployed or published on the merits of Section 508 conformance.				I	C	R, A
Collect and report OpDiv Section 508 metrics as required to the HHS Section 508 Program Director.					C, I	A, R
Develop and implement methods for monitoring adherence to Section 508 policies and procedures and provide reports, as necessary.					C, I	A, R
Represent the OpDiv within the HHS Section 508 governing board.				I		A, R
Represent the OpDiv in all federal and interagency activities related to Section 508.				C, I	C, I	A, R
Escalate Section 508 concerns and issues related to the OpDiv or Department to the Section 508 governing board.		I		I	C, I	A, R
Adhere to OpDiv, HHS, and Section 508 standards for all ICT.							A, R
Engage with a respective OpDiv Section 508 program team as early as possible in the acquisition, development or authoring process of any type of ICT.					I	I	A, R
Seek guidance and advice on accessibility principles from a respective OpDiv Section 508 program team during any phase of acquisition, authoring or development.						I	A, R
Consult with a respective OpDiv Section 508 program team to confirm compliance is met for any system, content, product or service being procured, funded, developed, maintained or used.							A, R
Provide evidence of accessibility conformance when required.							A, R

Appendix D: Forms and Templates

Please note that this appendix is subject to change at any time. The current version of this Policy will always reside in the OCIO Policy Library

Voluntary Product Accessibility Template (VPAT™)

Vendors can complete a Voluntary Product Accessibility Template (VPAT™) to evaluate how accessible their product is in accordance with the Section 508 standards. This template must be used in order to produce what is known as an Accessibility Conformance Report (ACR), to assist the government in ensuring the most accessible product is procured. Visit GSA’s Section508.gov site to learn more about and download the latest VPAT template.

Appendix E: Glossary and Acronyms

Glossary

• Accessibility Conformance Report (ACR) - Describes how the item(s) will fully address the accessibility requirements outlined in the solicitation; and provides a description of the evaluation methods the offeror will use to validate for conformance to the Section 508 standards.
• Accountable - The one ultimately answerable for the correct and thorough completion of the deliverable or task, the one who ensures the prerequisites of the task are met and who delegates the work to those responsible. In other words, an accountable must sign off (approve) work that responsible provides. There must be only one accountable specified for each task or deliverable.
• Alternative Means - Providing individuals with disabilities access to the information or data involved by an alternative media, format, or technology that allows the individual to use the information or data.
• Compliance - The act or process of conforming, submitting, or adapting (as to a regulation or to another's wishes) as required or requested. The agency must comply with the Section 508 law.
• Conformance - To act in accordance with, whereas ICT must be in accordance with Section 508 standards.
• Consulted - Those whose opinions are sought, typically subject matter experts; and with whom there is two-way communication.
• Equivalent Facilitation - Substantially equivalent or greater access to and use of a product for people with disabilities.
• Information and Communications Technology (ICT) - “ICT” is an extension of “IT” that stresses the role of unified communications and the integration of telecommunications and computers, as well as necessary enterprise software, middleware, storage, and audiovisual systems. ICT is a broad subject that covers any product that will store, retrieve, manipulate, transmit, or receive information electronically in a digital form.
• Information Technology (IT) - “IT” is defined as any services, equipment, or interconnected system(s) or subsystem(s) of equipment, that are used in the automatic acquisition, storage, analysis, evaluation, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of data or information by the agency.
• Informed - Those who are kept up-to-date on progress, often only on completion of the task or deliverable; and with whom there is just one-way communication.
• Owner - System and content owners are individuals or an HHS entities who serve as the primary point of contact and are responsible for the information and/or data provided within the ICT.
• Policy - A set of principles, rules, and guidelines formulated or adopted by an organization to reach its long-term goals
• Responsible - Those who do the work to complete the task. There is at least one role with a participation type of responsible, although others can be delegated to assist in the work required (see also RACI below for separately identifying those who participate in a supporting role).
• Voluntary Product Accessibility Template (VPAT™) - The Voluntary Product Accessibility Template (VPAT) is a document which evaluates how accessible a particular product is according to the Section 508 standards. It is a self-disclosing document produced by the vendor which details each aspect of the Section 508 requirements and how the product supports each criterion.

Acronyms:

• ACR - Accessibility Conformance Report
• AMD ITSC - Administration and Management Domain Information Technology Steering Committee
• ASA - Assistant Secretary for Administration
• CFR - Code of Federal Regulations
• CIO - Chief Information Officer
• CPIC - Capital Planning and Investment Control
• EEO - Equal Employment Opportunity
• EPLC - Enterprise Performance Life Cycle
• FAR - Federal Acquisition Regulation
• FITARA - Federal Information Technology Acquisition Reform Act
• GSA - General Services Administration
• HIPAA - Health Insurance Portability and Accountability Act
• HHS - United States Department of Health and Human Services
• ICT - Information and Communications Technology
• IT - Information Technology
• OCIO - Office of the Chief Information Officer
• OCR - Office for Civil Rights
• OMB - Office of Management and Budget
• OpDiv - Operating Division
• OPM - Office of Personnel Management
• OS - Office of the Secretary
• RACI - Responsible, Accountable, Consulted, Informed
• StaffDiv - Staff Division
• VPAT - Voluntary Product Accessibility Template
• USC - United States Code