The risk management status is a measurement of accessibility risk based on default accessibility policies and remediation progress. Each website/app, workspace, and organization has a risk management status that helps you quickly gauge current risk and identify what needs attention.
Note: Only Enterprise customers in the organization administrator user group have a program dashboard with the organization-level risk management status.
Find the risk management status on the dashboard, website/app overview, or program dashboard. View status trends across all websites/apps from the dashboard or the program dashboard.
On this page:
- What is the risk management status?
- How is this status calculated?
- How can I improve it?
- Why is it different for each automated testing tool?
What is the risk management status?
Note that the risk management status does not represent risk based on compliance to accessibility laws. It represents the status of your organization's remediation progress using the number of resolved findings and policy thresholds from the Dashboard.
The risk management status is an indicator of risk based on remediation progress. The website/app risk management status uses the number of resolved findings and three default accessibility policies from the Dashboard to calculate risk status. The workspace risk management status represents the average risk management status across all website/apps in your workspace. The organization risk management status represents the average risk management status across all workspaces in your organization.
With four risk statuses, it gives you a quick snapshot of accessibility benchmark compliance without having analyze the data yourself. The risk management status uses the following statuses:
- Behind
- Needs attention
- On track
- Excelling
How is this status calculated?
There are three website/app risk management status calculations:
- Default calculation: Uses the three default severity levels.
- Four severity levels: For customers that have one additional custom severity.
- Five severity levels: For customers with two additional custom severities.
The for all calculations, the website/app risk management uses the number of resolved findings and compliance data from the overdue findings accessibility policies:
- Number of resolved findings
- Number of overdue critical severity findings
- Number of overdue high severity findings
- Number of overdue low severity findings
When applicable, the calculation is adjusted for organizations that have additional custom severities to include:
- Number of overdue findings for custom severity 1.
- Number of overdue findings for custom severity 2.
Each variable uses data from scans, monitoring, and evaluations.
To accurately calculate risk, each variable uses a weighted formula. The sum of the weighted variables is the "score" that's then translated to an easy-to-understand risk status. The workspace risk management status uses the average of all website/apps in your workspace. The program dashboard risk management status uses the average of all workspaces across your organization. These calculations set a consistent benchmark for accessibility risk and strength of your accessibility program.
The risk management status updates daily, so you can always have an understanding of your progress.
Default calculation
The following table describes the calculation variables, their weight, and default policy thresholds for the default calculation.
Variable | Weight | Default thresholds |
---|---|---|
Resolved findings | High | N/A |
Overdue critical severity findings | Medium | 45 days |
Overdue high severity findings | Low | 50 days |
Overdue low severity findings | Low | 60 days |
Four severity levels
The following table describes the adjusted calculation variables, their weight, and default policy thresholds for organizations with four severity levels.
Variable | Weight | Default thresholds |
---|---|---|
Resolved findings | High | N/A |
Overdue critical severity findings | Medium | 45 days |
Overdue high severity findings | Low | 50 days |
Overdue findings for custom severity 1 | Low | 55 days |
Overdue low severity findings | Low | 60 days |
Five severity levels
The following table describes the adjusted calculation variables, their weight, and default policy thresholds for organizations with five severity levels.
Variable | Weight | Default thresholds |
---|---|---|
Resolved findings | High | N/A |
Overdue critical severity findings | Medium | 45 days |
Overdue high severity findings | Low | 50 days |
Overdue findings for custom severity 1 | Low | 55 days |
Overdue findings for custom severity 2 | Low | 60 days |
Overdue low severity findings | Low | 70 days |
How can I use it?
The risk management status is a governance tool that empowers you to track and improve your accessibility program. Use the risk management status to:
- Measure accessibility risk in an understandable and meaningful way.
- Effectively communicate status and progress of your accessibility program to executives and stakeholders.
- Identify which websites/apps need attention and why.
- View and analyze risk trends overtime.
- Benchmark your remediation progress for each website/app and workspace.
From the Dashboard or Overview, select How is this status calculated? to get a more detailed overview of the status, what's affecting it, and how you can use the platform to improve it.
How can I improve it?
Your risk management status is directly tied to the number of resolved findings and default accessibly policy thresholds. To improve your risk management status:
- Remediate findings on your websites/apps. The number of remediated findings directly impacts your risk status. The more findings you remediate, the more likely your risk management status will improve.
- Fix findings in a timely manner. The threshold for fixing critical findings is 45 days, any unresolved critical findings beyond that threshold will affect your risk management status.
- Address the high weighted variables first. Addressing all critical severity findings has a bigger impact on your risk management status than fixing all low severity findings.
Why is it different for each automated testing tool?
The risk management status considers scan, monitoring, and manual findings. While the scan results are only one component of the risk management status, the status may vary by testing tool.
Every scan collects data from four different testing tools: Access Engine, equal-access, WAVE, and axe-core. If you check the same set of scan results with different tools, you’ll notice that each tool shows different results.
Each testing tool has a unique library of rules that it tests against during a scan. Because the scan results vary, the values in the risk management calculation vary as well.
Use one tool consistently to leverage the benefits of the risk management status.
Comments
0 comments
Article is closed for comments.