Procurement

Vendor accessibility verification questionnaire

Ask the right questions before you buy software or services. Exposes hidden accessibility risks, weak answers and vendor lip service long before contracts are signed. Make accessibility accountability part of procurement.

↓ Download as PDF Preview the PDF

Who it's for

Procurement teams, security architects, and anyone signing off on third-party software — especially security tooling, IAM, MFA, and endpoint products.

When to use it

Issue with every RFP. Re-run on annual vendor reviews. Use it to make accessibility a contract clause, not a hope.

Why this matters

Most VPATs are written by marketing, not engineering. Vendors claim conformance they cannot demonstrate, and procurement teams have no easy way to test the claim. The questionnaire forces specificity — and gives you a paper trail when things break in production.

What it covers

Evidence of testing — who tested it, when, with what assistive tech, and what they found.
Known limitations the vendor will admit to in writing.
Roadmap commitments with dates, not aspirations.
Support model when an employee can't use the product.
Contractual remedies if accessibility regresses after purchase.

How vendors react

The good ones thank you. The bad ones go quiet, send a generic VPAT, or escalate to your account manager. Both responses are useful information.

In practice

How to run it

1
Send with the RFP — not after shortlisting. It will narrow your shortlist for you.
2
Score answers as evidenced, claimed, or absent. Treat "claimed" as a risk item.
3
Reference the questionnaire in the contract so the answers become enforceable.
4
Re-issue on contract renewal. Things change — usually for the worse.

← Previous

Security-accessibility maturity model

Shadow system risk assessment framework

Want the full story?

The frameworks are most powerful alongside the case studies, research, and playbooks in the book.

Buy Access Denied →