Access Denied
← All frameworks

Vendor

Vendor security product accessibility assessment

Test whether accessibility claims hold up under real use. Evaluate suppliers, benchmark progress, and make accessibility a living measure — not a marketing statement. Practical, repeatable and human.

↓ Download as PDFPreview the PDF

Who it's for

Security architects and product owners evaluating MFA, SSO, EDR, SIEM and other security tooling that real humans have to use every day.

When to use it

During proof-of-concept. Before rollout. After any major vendor release. Anywhere a security control depends on a human successfully completing a task.

Beyond the VPAT

VPATs tell you what a vendor claims. This assessment tells you what actually happens when an employee using a screen reader, a switch device, or a magnifier tries to authenticate at 8:55am on a Monday.

What you actually test

  • First-time enrolment with each major assistive tech.
  • Recovery flows — usually the worst-designed and the most security-critical.
  • Time-to-complete compared to the unassisted baseline.
  • Failure modes — what the user sees when something goes wrong.
  • Support pathways when self-service fails.

In practice

How to run it

  1. 1

    Recruit two to three real users of assistive tech — pay them properly for their time.

  2. 2

    Run the same scripted task on the candidate product and on your current baseline.

  3. 3

    Record what you observe, not what the vendor says should happen.

  4. 4

    Score on completion, time and confidence. Share results with the vendor — and with procurement.

← Previous

Shadow system risk assessment framework

Next →

The integrated security-accessibility framework

Want the full story?

The frameworks are most powerful alongside the case studies, research, and playbooks in the book.

Buy Access Denied →