The risk management status is a measurement of accessibility risk based on default accessibility policies and remediation progress. Each website/app, workspace, and organization has a risk management status that helps you quickly gauge current risk and identify what needs attention.
Note: Only Enterprise customers in the organization administrator user group have a program dashboard with the organization-level risk management status.
Find the risk management status on the dashboard, website/app overview, or program dashboard. View status trends across all websites/apps from the dashboard or the program dashboard.
On this page:
- What is the risk management status?
- How is this status calculated?
- How can I improve it?
- Why is it different for each automated testing tool?
What is the risk management status?
Note that the risk management status does not represent risk based on compliance to accessibility laws. It represents the status of your organization's remediation progress using the number of resolved findings and policy thresholds from the Dashboard.
The risk management status is an indicator of risk based on remediation progress. The website/app risk management status uses the number of resolved findings and three default accessibility policies from the Dashboard to calculate risk status. The workspace risk management status represents the average risk management status across all website/apps in your workspace. The organization risk management status represents the average risk management status across all workspaces in your organization.
With four risk statuses, it gives you a quick snapshot of accessibility benchmark compliance without having analyze the data yourself. The risk management status uses the following statuses:
- Behind
- Needs attention
- On track
- Excelling
How is this status calculated?
The website/app risk management status calculation uses the number of resolved findings and compliance data from three default accessibility policies, totalling four variables in the calculation:
- Number of resolved findings
- Number of overdue critical severity findings
- Number of overdue high severity findings
- Number of overdue low severity findings
Each variable uses scan, monitoring, and manual finding data.
To accurately calculate risk, each variable uses a weighted formula. The sum of the weighted variables is the "score" that's then translated to an easy-to-understand risk status. This calculation sets a consistent benchmark for accessibility risk and strength of your accessibility program.
The risk management status updates daily, so you can always have an understanding of your progress.
The following table describes the calculation variables, their weight, and default policy thresholds.
Variable | Weight | Default thresholds |
---|---|---|
Resolved findings | High | N/A |
Overdue critical severity findings | Medium | 45 days |
Overdue high severity findings | Low | 50 days |
Overdue low severity findings | Low | 60 days |
The workspace risk management status uses the average of all website/apps in your workspace.
The program dashboard risk management status uses the average of all workspaces across your organization.
How can I use it?
The risk management status is a governance tool that empowers you to track and improve your accessibility program. Use the risk management status to:
- Measure accessibility risk in an understandable and meaningful way.
- Effectively communicate status and progress of your accessibility program to executives and stakeholders.
- Identify which websites/apps need attention and why.
- View and analyze risk trends overtime.
- Benchmark your remediation progress for each website/app and workspace.
From the Dashboard or Overview, select How is this status calculated? to get a more detailed overview of the status, what's affecting it, and how you can use the platform to improve it.
How can I improve it?
Your risk management status is directly tied to the number of resolved findings and default accessibly policy thresholds. To improve your risk management status:
- Remediate findings on your websites/apps. The number of remediated findings directly impacts your risk status. The more findings you remediate, the more likely your risk management status will improve.
- Fix findings in a timely manner. The threshold for fixing critical findings is 45 days, any unresolved critical findings beyond that threshold will affect your risk management status.
- Address the high weighted variables first. Addressing all critical severity findings has a bigger impact on your risk management status than fixing all low severity findings.
Why is it different for each automated testing tool?
The risk management status considers scan, monitoring, and manual findings. While the scan results are only one component of the risk management status, the status may vary by testing tool.
Every scan collects data from four different testing tools: Access Engine, equal-access, WAVE, and axe-core. If you check the same set of scan results with different tools, you’ll notice that each tool shows different results.
Each testing tool has a unique library of rules that it tests against during a scan. Because the scan results vary, the values in the risk management calculation vary as well.
Use one tool consistently to leverage the benefits of the risk management status.
Comments
0 comments
Article is closed for comments.