Sonoma State University
computer cpu

Information Technology

Division of Administration & Finance

Ticketing System Update
Our new ticketing system is now live. You can access it at help.sonoma.edu/portal

Get IT Help

IT Purchasing Requirements

Section 508 of the Rehabilitation Act mandates that agencies procuring Information and Communications Technology (ICT) products consider accessibility of the product before making the purchase.  Vendors are asked to use the Voluntary Product Accessibility Template (VPAT) to disclose the level of a product’s accessibility conformance, so that buyers can compare similar products and make informed purchasing decisions.

Reading and interpreting a VPAT can be challenging:

Don't Worry!

If you are making an ICT purchase for SSU, Information Technology will review the VPAT.

  • They use the language of technical specifications.
  • They refer to complicated US and European government codes and international accessibility guidelines.
  • They list and describe accessibility principles that buyers may not be familiar with.
  • Not all vendors are equally good at writing VPATs.
  • There are different versions of the VPAT template, so older VPATs include different information than newer VPATs.
  • There is no summary statement that says “Yes this is accessible!”

This document describes the parts of a VPAT, so reading and understanding them will be a little easier for SSU employees who purchase technology products.

Parts of a VPAT

Here is an example of a VPAT 2.x (PDF, 31 pages)

For information about VPAT 1.x, see below (link to anchor).

The VPAT includes several parts:

  • A summary of VPAT product details
  • Applicable Standards/Guidelines
  • Accessibility Conformance Report (ACR) table(s)  
  • Some VPATs also include information and instructions for the vendors who fill out the VPAT, but this is usually omitted.

Summary

The summary briefly lists several general details about the product and VPAT.

  • Product Name
  • VPAT Date
  • Contact information
  • Evaluation Methods used
  • Notes
  • Some vendors might add additional details.

Here’s a screenshot from the VPAT for Microsoft Word.

Screenshot of summary information in VPAT for Microsoft Word

Applicable Standards/Guidelines

This section indicates which standards and guidelines were used to develop the product. These will refer to Web Content Accessibility Guidelines (WCAG) 2.0, Section 508, and EN 301 549 (the European Union’s accessibility requirements).   

Some vendors will also include WCAG 2.0 levels of conformance used when developing the product, as well. There are three levels of conformance:  A, AA and AAA.

Note: This table does NOT summarize the overall accessibility of the product.

Here is a screenshot of the Applicable Standards/Guidelines section of the VPAT for Adobe Dreamweaver.

Screenshot of Applicable Standards/Guidelines table in VPAT for Adobe Dreamweaver

Accessibility Conformance Report (ACR)

The ACR is a table or series of tables listing each of the success criteria.

Usually, the ACR is organized by WCAG’s Principles, also known as POUR.

  • Principle 1: Perceivable - Information and user interface components must be presentable to users in ways they can perceive.
  • Principle 2: Operable - User interface components and navigation must be operable.
  • Principle 3: Understandable - Information and the operation of user interface must be understandable.
  • Principle 4: Robust - Content must be robust enough that it can be interpreted reliably by a wide variety of user agents, including assistive technologies.

The ACR has a table(s) comprised of three columns:

  • Success Criteria - a brief title or description of each applicable WCAG 2.0 criterion, often with a link to the full text of the criterion on WCAG’s website. Sometimes the related Section 508 and EN 301 549 criteria will be listed in the same table cell, especially if the product is a combination of multiple types of ICT (e.g. electronic content, software, hardware, and support documentation and services) and/or the product is sold in Europe.
  • Conformance Level - there are five standard levels of conformance.
    • Supports: The functionality of the product has at least one method that meets the criterion without known defects or meets with equivalent facilitation.
    • Supports with Exceptions: Some functionality of the product does not meet the criterion. Some vendors use the phrase “Partially Supports” instead of “Supports with Exceptions.”
    • Does Not Support: The majority of product functionality does not meet the criterion.
    • Not Applicable: The criterion is not relevant to the product.
    • Not Evaluated: The product has not been evaluated against the criterion. This can be used only in WCAG 2.0 Level AAA
  • Remarks and Explanations - this should be detailed remarks justifying a successful level, or explaining how the product does not meet the requirement.

Here is a sample screenshot of two rows from an ACR for a content repository product. This shows the response for WCAG criteria 1.1.1 Non-text Content, and 1.2.1 Audio-only and Video-only. You can view the same information in the product’s actual VPAT (PDF) here (scroll to page 3).

Screenshot of part of a conformance report table

Notice that in the Remarks and Explanations column, the vendor has described where the success criterion applies (“all images used to represent functionality…”), and where it does not (images that have been uploaded by users to the content areas).  

Older VPATs

Before Section 508 was updated in 2017 (knows as “Section 508 Refresh”), the VPAT had slightly different criterion, which were not closely associated with WCAG 2.0.  Some vendors have not updated their VPATs to the newer version, so you may encounter VPATs that refer to the following technology categories, each with their own success criteria.

  • 1194.21 - Software Applications and Operating Systems
  • 1194.22 - Web-based Intranet and Internet Information and Applications
  • 1194.23 - Telecommunications Products
  • 1194.24 - Video or Multimedia Products
  • 1194.25 - Self Contained, Closed Products
  • 1194.26 - Desktop and Portable Computers
  • 1194.31 - Functional Performance Criteria
  • 1194.41 - Information, Documentation, and Support

Older VPATs still require the vendor to indicate the level of conformance for each Section 508 criteria, using the same conformance levels: Supports, Supports with Exceptions, Does Not Support, Not Applicable and Not Evaluated.

  1. Once an purchase is submitted through CSUBUY P2P, IT reviews the request

  2. The Software Procurement Team will work on your behalf to contact the vendor for any required information such as:

    a.The most current VPAT on file for the product requested

    b. If the requester provides a VPAT from the vendor:
    -The Software Procurement Team will review VPAT. (See How do I interpret a VPAT?)
    -In the event that the vendor does not have a current VPAT on file or the VPAT provided is not fully compliant, the requester will   be asked to provide a statement of responsibility in lieu of an Equally Effective Alternate Access Plan (EEAAP). The following         message is sent to the requester.

    -​Unfortunately, the vendor has not provided me with a VPAT. Please provide a statement that you will be responsible for working with any users who require accommodation and will continue to work with the vendor to create a VPAT for the future. This is in lieu of creating a full Equally Effective Alternative Access Plan and to meet the requirements of the Sec 508 law stating that we will continue to work with suppliers to have their software be accessible for its users.
    -Below is an acceptable statement:

    -We will be responsible for working with any users who require accommodation and will continue to work with the vendor to obtain a VPAT. This is our plan in lieu of creating a full Equally Effective Alternative Access Plan and to meet the requirements of the Sec 508 law. 

  3. After review, the approved VPAT and/or statement of responsibility is attached to the P2P ticket.
  4. If the software is deemed a cloud service, the IT department will request a HECVAT on your behalf. 
    a. This part of the process is handled by the Security Procurement Team.
  5. Once all appropriate documents have been received and reviewed, the status of the P2P ticket is updated by the Software Procurement Team and moved to the next step in the purchasing process.

This software has successfully gone through the software procurement process and is certified for purchase by Information Technology.  

The items listed below require an IT Purchase Review regardless or whether the purchasing department is requesting support from IT for that equipment. IT Purchase Review is required to ensure that equipment meets SSU and CSU standards for computing, accessibility, and are compatible in Sonoma State's networked computing environment.  Contact [email protected] for any questions regarding the IT Purchase Review process.

Please submit your purchase request through CSUBUY P2P.

The previous “TPR” process is included in P2P and no longer needs to be submitted separately through IT.

More instructions can be found on the finance department website

Computer and Audio/Video items:

  • Computers, servers, and internal computer hardware
  • Monitors
  • Printers, Fax Machines, Scanners
  • Tablets (iPads, Samsung Galaxy, Surfaces, etc.)
  • Video projectors

Network Devices:

  • Routers
  • Switches
  • Hubs
  • Firewalls

Software and Cloud Services:

SSU requires that all software and cloud service purchases receive an IT Purchase Review. This includes any software and cloud services that are free, require users to log in, or have an end user license agreement (EULA).

Websites

  • Custom website development
  • Mobile development
  • Off-campus website hosting
  • Domain name registration

VPAT, or Voluntary Product Accessibility Template, is a document prepared by a product developer or vendor.  It describes how well the product conforms to the accessibility standards of Section 508 of the Rehabilitation Act.

The purpose of a VPAT is to help buyers of Information and Communication Technology (ICT)  make informed decisions before purchasing a product:

  • Understand a product’s level of accessibility compliance.
  • Compare compliance of similar products.
  • Choose a product that best meets accessibility standards and the organization’s functional and legal requirements.
  • Plan for equally effective access when an accessible product is not available.

How do I get a VPAT?

Some vendors publish their VPATs on their website.  Others will provide the VPAT when you request it from their sales or support contact.

Make sure you get the VPAT 2.0 (or higher).  Section 508 was refreshed in 2017, and now measures accessibility using Web Content Accessibility Guidelines (WCAG) 2.0 criteria.  VPATs developed before 2017 may be out of date if the product has been updated since then.

Do we have to get a VPAT?

Section 508 of the Rehabilitation Act requires government agencies to make ICT accessible to people with disabilities.  The State of California applies Section 508 to the CSU. The CSU and SSU has policies and procedures to make ICT accessible to our employees, students and the broader campus community.

Obtaining and reviewing a product’s VPAT is one step in the accessible procurement process.

However, a VPAT is voluntary for vendors - they may choose to not create or provide a VPAT.