Access Denied
← All frameworks

Metrics

Security-accessibility metrics framework

Brings accessibility and security together in measurable form. Identify where exclusion creates risk and where inclusion strengthens resilience. Connect accessibility metrics to real-world security outcomes.

↓ Download as PDFPreview the PDF

Who it's for

Anyone who has been asked "can you show me the numbers?" and discovered the existing metrics measure activity, not outcomes.

When to use it

When you need to justify investment, defend a budget, or show progress to a board that wants evidence not anecdote.

The problem with current metrics

Most accessibility metrics measure compliance ("we passed WCAG AA") and most security metrics measure activity ("95% completed training"). Neither tells you whether the people you employ can safely do their jobs.

What this framework measures instead

  • Task completion rates by assistive technology used.
  • Help-desk tickets per security control, segmented by access need.
  • Time-to-recover after an authentication failure.
  • Shadow-system creation rate as a proxy for control usability.
  • Incidents prevented by accessibility-led changes.

In practice

How to run it

  1. 1

    Pick three metrics. Don't try to measure everything in quarter one.

  2. 2

    Establish a baseline before you change anything. You will need it.

  3. 3

    Report monthly to the security leadership team, quarterly to the board.

  4. 4

    Add metrics as you mature — and retire the ones that stop driving decisions.

← Previous

The integrated security-accessibility framework

Next →

The integrated policy framework

Want the full story?

The frameworks are most powerful alongside the case studies, research, and playbooks in the book.

Buy Access Denied →