Pub. 6 2017 Issue 1

January 2017 7 l e a d i n g a d v o c a t e f o r t h e b a n k i n g i n d u s t r y i n k a n s a s A DA WEBSITE ACCESSIBILITY is a trending topic in the community banking industry. Why? Recently several financial institutions have received letters threatening lawsuits because banking websites are not “accessible.” The Americans with Disabilities Act (ADA), enacted in 1990, is a civil rights law created to prohibit discrimination against individuals with disabilities. In 2010, the Department of Justice (DOJ) initiated the rulemaking process concerning website accessibility. This process consists of calls for public comments on proposed rules, impact and cost analysis, and finally acceptance into the federal register. Since 2010, the process has been continually delayed. As of right now, finalized rules are expected to be released sometime in 2018, leaving no clear guidelines to follow at the moment. Without these guidelines in place, how can your bank protect itself from opportunistic legal battles while committing to provide an accessible site to your customers? Accessibility policies and vendor management are the answer. What purpose does a Web Accessibility Policy serve? Without standards set by the DOJ, banks and other private organizations should take the initiative to commit to providing ADAwebsite accessibility themselves. Primarily, a Website Accessibility policy will increase the usability of online bank services for disabled customers. Secondarily, if your organization receives a threatening letter or complaint, an instituted policy will greatly assist in diverting liability. What does a Web Accessibility Policy look like? Like any policy, a Website Accessibility policy begins with defining the scope. For example, what digital media will be covered by this policy? Is only the informational site addressed by the policy? What about the mobile website version? Are mobile applications going to be taken into consideration as well? To answer these questions, and others like them, perform an assessment of your current online presence to determine your exposure. Next, define a standard. Your defined standard will determine how your website developer proceeds with the project. While the DOJ has not released concrete frameworks for compliance, there are a number of standards available to provide guidance. Two standards that are well accepted are the Web Content Accessibility Guidelines (WCAG 2.0 - https://www.w3.org/ TR/WCAG20/) and Section 508 of the Rehabilitation Act (https://www.section508.gov/) . Review these standards with your website developer and determine which one best fits your scope and supports the decisions outlined in your Website Accessibility policy. If pieces from both need to be implemented, then do so. While planning with your website developer, be sure to set a realistic timeline for implementation, knowing that for many organizations it is neither necessary nor cost effective to completely redesign a website. Understand that a two- year project that shows continual progress will benefit your customers more than a rushed three-month attempt. During this planning process, create a road map to ADA compliance with your chosen standard(s), documenting each step along the way. For example, begin with the home page of your website and expand into other top level pages before approaching more time and cost intensive projects such as your mobile website and application. Finally, assign responsibility for associated tasks within the policy. Determine which committee or persons will be responsible for interfacing with developers, evaluating changes, and monitoring for future accessibility concerns. What about vendor management? The remaining element necessary to implement your new Website Accessibility policy is vendor management. Ensure vendor management processes evaluate the accessibility of vendor services. Include accessibility discussions when evaluating your online banking provider, mobile application, and other services directly accessed by customers. ADA compliance is not limited to only areas within your informational site’s digital footprint. Evaluate the accessibility of ordering checks, reporting a lost debit card, or changing a mailing address. Additionally, review your vendor contracts for commitments to accessibility and assess liability. A clear, realistic Website Accessibility policy should be easily understood and contain defined actions your bank will take. This commitment to improving online presence will better serve the needs of your community. Leadership in ADA accessibly is desperately needed and your organization can lead by setting a positive example. Preston Curry is a security and compliance consultant for CoNetrix. CoNetrix is a provider of information technology consulting, IT/GLBA audits and security testing, Aspire IT hosting, and the developer of tandem, a security and compliance software suite. Visit CoNetrix at www.conetrix.com/ContactUs and ask about web accessibil- ity assessments for your site. WEBSITE ADA COMPLIANCE: A POLICY PERSPECTIVE. By Preston Curry, CISA, CISSP, CoNetrix

RkJQdWJsaXNoZXIy OTM0Njg2