Mitigation plans and letters
The Commonwealth increasingly buys more information technology (IT) than it builds. Not all commercial off-the-shelf (COTS) software or Software-as-a-Service (SaaS) offerings are in full compliance with EOTSS’ accessibility standards when an agency wants to procure them. The Enterprise IT Accessibility Standards set out a "waiver" process for when commercial software is not in compliance. However, we cannot waive responsibilities under state and federal laws relating to use of information technology by people with disabilities. In addition to requesting a waiver, any deficiency in compliance requires a mitigation plan in the form of a mitigation letter.
A mitigation letter gives an overview of the project and the accessibility analysis of the proposed solution, as well as a mitigation plan. Mitigation plans outline strategies, specific activities, or other actions needed to minimize the difficulties people with disabilities may have in using that IT system. This may include planned remediation by software providers, configuration or customizations that will be done by the integration vendor, and reasonable accommodations agencies will need to provide until accessibility deficiencies have been remediated.
Requesting a mitigation letter
Mitigation planning should be done as part of contract negotiations, in cooperation with EOTSS’ Director of IT Accessibility, to give agencies the ability to require and enforce vendor responsibilities.
When you have selected an apparent winning vendor, request a Voluntary Product Accessibility Template® (VPAT) for any COTS or SaaS products in the proposal if they have not already been provided. VPATs are completed by vendors to give a high level overview of their compliance with the federal accessibility regulations known as "Section 508". If the VPAT indicates less than full compliance, you will need to request a mitigation letter. Send requests for a mitigation letter with the VPATs to Sarah Bourne, EOTSS’ Director of IT Accessibility.
After EOTSS review of the VPATs, additional information usually needs to be gathered, by email correspondence or telephone conferences, in order to draft a mitigation plan.
The Massachusetts Office on Disabilities is given three business days to review and comment on the draft mitigation plan. It is then submitted for EOTSS Legal’s approval and the resulting mitigation letter is issued by EOTSS’ Chief Information Officer (CIO) or an EOTSS Deputy CIO. The mitigation letter must be included as part of the contract.
Mitigation letters are not issued for completely custom code as there is no reason to not build in accessibility from the beginning.
Factors in issuing a mitigation letter
The following factors are used to evaluate a proposed solution and develop a mitigation plan:
- Vendor agreement with the terms of the required IT accessibility contract language.
- The degree to which the proposed solution complies with the accessibility standards and the overall usability for people with disabilities.
- Vendor timeline for addressing known accessibility deficiencies.
- Vendor’s knowledge of and expertise in accessibility.
- Whether there are known viable alternatives that meet the business requirements and have better accessibility.
- Possible options for remediating deficiencies for external users.
- Possible options for remediating deficiencies or providing equitable accommodations for internal users.
Mitigation letter sections
This section identifies the agency, project, apparent winning vendor and other details that help to uniquely identify what the request is for.
Background provides more detail about the project. It should include what the system is for, who will be using it and for what, and how many users of different types there are. It should also outline the procurement and selection process, especially in the case of specialty software that may have few or no competitors. It may also need to describe how different commercial software will be used, project phases and roll-outs, and other relevant information.
This section lists information sources that were used to come up with the mitigation plan and conclusions drawn from them. Information sources often include:
- Voluntary Product Accessibility Template® (VPAT): An industry standard form for reporting compliance with the federal Section 508 accessibility requirements.
- Other accessibility testing results.
- Email correspondence or telephone interviews.
- Accessibility information provided on vendor websites.
Waiver and conditions
The “waiver” portion only covers the requirement for compliance with the accessibility standards at the time of contract completion, and is contingent on agreeing to the conditions for both the procuring agency and the vendor.
The conditions outline the minimum actions that are needed to avoid discrimination. As the project progresses, the agency is expected to consult with the project Accessibility Advisory Committee on more detailed plans or adjustments needed due to project changes.