Accessibility Risk Decision Matrix

(Low / Moderate / High Impact Framework for VPAT Review)

Use this matrix to classify vendor gaps by core workflow impact and regulatory exposure, then select a clear decision path (remediation required, conditional approval, or acceptable residual risk).

Bank-ready rule: A gap becomes High when it blocks independent completion of a core task (authenticate, submit, approve, pay) or breaks keyboard/screen reader access.

Step 1: Identify the Type of Gap

WCAG / EN Area	Example Issue	Core Workflow Impact	Regulatory Exposure	Risk Level
2.1.1 Keyboard	Cannot submit invoice without mouse	Blocks transaction	High	HIGH
1.3.1 Labels	Unlabeled required field	Blocks form completion	High	HIGH
4.1.2 Name/Role/Value	Custom grid not announced correctly	Severe usability barrier	High	HIGH
1.4.3 Contrast	Secondary badge text low contrast	Usability friction	Moderate	MODERATE
2.4.7 Focus Visible	Weak focus indicator	Navigational difficulty	Moderate	MODERATE
2.5.8 Target Size	Small icon in dense grid	Motor difficulty	Moderate	MODERATE
1.4.1 Use of Color	Chart color-only legend	Informational gap	Moderate	MODERATE
1.2.4 Captions	No live video in product	Not applicable	Low	LOW
AAA only criteria	Not evaluated	Not required	Low	LOW

↑ Back to top

Risk Determination Rules

HIGH RISK

Blocks authentication, transaction, invoice approval
Prevents keyboard-only use
Breaks screen reader access
Legal/financial workflow impacted
Reputational risk

Decision: Remediation required before full approval

MODERATE RISK

Does not block task completion
Impacts usability or efficiency
Fix available in roadmap
Vendor acknowledges issue

Decision: Conditional approval with remediation tracking

LOW RISK

Cosmetic or minor usability issue
No core workflow impact
AAA criteria
Not applicable criteria

Decision: Acceptable residual risk

↑ Back to top