Archived 508 Coordinators Reference Manual - Section 4
Section 4: Implementing Section 508
This section offers a number of considerations to keep in mind in the development of your Section 508 strategies. These include issues from an EIT design and development perspective as well as the ever-important role of the budget process in ensuring appropriate resources are available to support the agency's Section 508 Implementation Plan.4.1 Implementation Plan
Developing an executable implementation plan for Section 508 requires a thorough review of the EIT environment. This includes activities performed internally as well as those achieved through purchase of products or services from vendors. Therefore, it is important when assessing your agency's compliance levels, determining strategies for achieving full compliance, and allocating resources to meet agency mission, that the Section 508 requirements be considered and included in a variety of activities. A sample plan is attached in Appendix B.4.2 Budget Issues
One of the major thrusts of Section 508 is to ensure that baseline accessibility is "built-in" to EIT that the Federal government uses, thereby broadening access to the general public and reducing expenses related to accommodating individual employees. The following recommendations offer guidance for effectively participating in the Capital Planning and Investment Control Process.- Know who is responsible for Capital Planning and Investment Control in your Agency.
- If it is a major cost (i.e., Section 508 specific), then you need to be involved in filling out Exhibit 300B.
- Ensure accessibility requirements are included in Exhibit 300B EIT investment proposals (training, EIT Architecture, etc.).
- Review FY 99 and 00 investment proposals to ensure Section 508 requirements are included in development efforts scheduled for implementation after June 21, 2001 (the process may vary from agency to agency).
- Ensure Section 508 is considered in the review process for FY 03 cycle that will occur in January or February 2001.
- Be involved in developing the Return on Investment (ROI) for initiatives targeted for making EIT software and Web sites accessible.
4.3 Strategic Planning
It is important to link to the strategic planning process in your agency. The following activities will help ensure implementation:- Research the procedures your agency uses for strategic planning and identify key contacts
- Link to Strategic Planning Process to ensure Section 508 is included in budget planning
- Use performance measures to measure how budget allocation is used to improve accessibility.
4.4 Work with Developers
Although the Access Board defines the final Section 508 provisions, it may be necessary for your software application/web developers to have further guidance through the use of examples, code and checklists. This will ensure that everyone has a clear understanding within your Agency of what is meant by each requirement. By providing guidelines and checklists to your developers as a reference tool, there will be less confusion, frustration, and redundancy. It is suggested that a checklist that can be used by developers to ensure that their products are compliant accompany the guidelines. There are numerous guideline documents that exist today that can be used as models (e.g., Social Security Administration, Department of Education, and the US Postal Service). The Section 508 Coordinator should make sure that the guidelines and checklists are available on their Intranet and that the developers are made aware of their existence. (Some examples of checklists are in Section 5 of this publication)4.5 Software Development Life Cycle
IT Agencies should add the applicable Section 508 technical provisions-as well as references to equivalent facilitation-into their requirement documents. Developing accessible applications that are Section 508 compliant does not have to cost an agency a lot of money if the provisions are built into the software from the beginning of the development process. If usability testing is conducted during the development process, the application should be tested for usability and accessibility with assistive technologies, if available. This is a good opportunity to bring in employees with disabilities to test applications. As an application is developed, it is generally modified numerous times. Therefore, Section 508 testing should be integrated into the verification and validation that takes place before final deployment of software or web applications. Some federal agencies are involved in developing software that is agency specific or mission critical. This development may be accomplished through in-house developers, contractors, or a combination of both. Some of the development may be procured and will fall under the FAR regulations, however, not all software is procured. Therefore, it may be necessary for the Section 508 Coordinator and the EIT Accessibility Team to closely examine the software development life cycle within the agency to ensure that the Section 508 provisions are included in all applications whether they are client-server or web-based.4.6 Section 508 EIT Security Issues
While security is not addressed in the provisions, it is a practicality and reality of system development that may have 508 implications. The Section 508 EIT Accessibility Team should include the agency EIT Security Officer as a member. Even though the basic EIT security issues should be addressed in the agency security plan there will be security issues that need to be addressed with regard to accessibility. Doing a risk assessment for EIT Accessibility will provide a solid base for addressing these areas. Risk assessment is a very important part of computer security planning. No plan of action can be put into place before a risk assessment has been performed. The risk assessment provides a baseline for implementing security plans to protect assets against various threats. There are three basic questions one needs to ask in order to improve the security of a system:- What assets within the organization need protection?
- What are the risks to each of these assets?
- How much time, effort, and money is the organization willing to expend to upgrade or obtain new adequate protection against these threats?
Authentication Technologies, Passwords, Encryption Keys, Electronic Signatures, Kiosks, Headphones, EIT Security Training, Integrity Protection, Websites, and Ergonomics.
