Organization: | Office of the State Auditor |
---|---|
Date published: | December 26, 2024 |
Executive Summary
In accordance with Section 12 of Chapter 11 of the Massachusetts General Laws, the Office of the State Auditor has conducted a performance audit of the University of Massachusetts (UMass) Boston for the period July 1, 2022 through August 31, 2023.
The purpose of this performance audit was to determine whether UMass Boston’s website and its learning management system (LMS), Blackboard, adhered to the accessibility standards established by the Web Content Accessibility Guidelines (WCAG) 2.0 and 2.1, respectively, for user accessibility, keyboard accessibility, navigation accessibility, language, error identification, and color accessibility. WCAG ensures that all users, regardless of ability, can access the content and functions of UMass Boston’s website and LMS. Further, it supports UMass Boston’s commitment to equal access for students, faculty members, and visitors, fulfilling legal1 and ethical standards.
Additionally, we determined whether UMass Boston ensured that its employees completed cybersecurity awareness training in accordance with its “Information and Security Awareness Policy.” Cybersecurity awareness is important because adhering to internal security policies helps UMass Boston demonstrate the university’s commitment to protecting sensitive information.
Below is a summary of our findings, the effects of those findings, and our recommendations, with links to each page listed.
Finding 1 | UMass Boston’s website is not fully accessible for all Massachusetts residents and users. |
Effect | Broken or faulty hyperlinks limit users from having equitable access to critical information and key online services offered by UMass Boston. They also increase the likelihood that Massachusetts residents and students will either access outdated or incorrect information or be directed to webpages that no longer exist. |
Recommendation | UMass Boston should continually review its webpages to ensure that all hyperlinks lead to related information and provide equitable access to critical information and services offered online by UMass Boston. |
Finding 2 | UMass Boston’s learning management system, Blackboard, is not fully accessible for all students. |
Effect | The above instances of noncompliance have the following effects on the user: Broken or Faulty Hyperlinks
Missing Search Bars
Hyperlinks Without Identifiable Markers or Sufficient Contrast
Zoom In to 200% and 400%
Bypass Blocks
Portrait Mode
Keyboard Accessibility/Navigation
Titles
Language Attributes
Error Identification
|
Recommendation | UMass management should review the accessibility statements and reports of its LMS vendor to determine instances of WCAG noncompliance. UMass management should work with its LMS vendor to ensure that any potential instances of WCAG noncompliance are resolved. |
Finding 3 | UMass Boston did not always ensure that its employees completed cybersecurity awareness training. |
Effect | If UMass Boston does not educate all employees on their responsibility to protect its information assets by requiring cybersecurity awareness training, then UMass Boston is exposed to a higher-than-acceptable risk of cybersecurity attacks, which may cause financial and/or reputational losses. |
Recommendation | UMass Boston should revise its policy to implement a mechanism that requires employees to complete cybersecurity awareness training at hire and at least annually thereafter; UMass Boston should consider cutting off user access if an employee does not complete their training by a stated deadline. |
In addition to the conclusions we reached regarding our audit objectives, we also identified issues not specifically addressed by our objectives. For more information, see Other Matters.
1. Title II of the Americans with Disabilities Act requires that state universities’ and colleges’ websites be accessible.
Table of Contents
Downloads
-
Open PDF file, 852.47 KB, Audit Report - University of Massachusetts Boston (English, PDF 852.47 KB)