Maturity
Assess how far your organisation has come — and how far it still has to go — in embedding accessibility into culture, design and risk management. Practical, evidence-based, and built to spark honest conversations across teams (not compliance theatre).
Who it's for
Security leaders, accessibility leads, risk managers and CISOs who want a shared language for where they really are — not where the policy says they should be.
When to use it
Use at the start of an annual planning cycle, before a board update, or when accessibility keeps slipping off the security roadmap.
The maturity model maps five stages of capability — from ad-hoc to embedded — across culture, design, technology, governance and measurement. It moves the conversation away from binary compliance ("are we WCAG AA?") to honest capability ("can our people use what we built?").
Each domain is scored independently. You will rarely sit at the same level across all five — and that's the point.
Most organisations score level 2 in culture and level 4 in policy — meaning the paperwork is ahead of the practice. The model surfaces those gaps so you can prioritise the lift that actually changes outcomes.
In practice
Score each of the five domains independently with three to five colleagues from different teams.
Compare scores — the disagreement is the insight. Where you disagree is where culture and reality diverge.
Pick the lowest two domains and define one concrete action per quarter.
Re-score every six months. Track movement, not perfection.
The frameworks are most powerful alongside the case studies, research, and playbooks in the book.
Buy Access Denied →