Accessibility Risk Decision Matrix

(Low / Moderate / High Impact Framework for VPAT Review)

Use this matrix to classify vendor gaps by core workflow impact and regulatory exposure, then select a clear decision path (remediation required, conditional approval, or acceptable residual risk).

Bank-ready rule: A gap becomes High when it blocks independent completion of a core task (authenticate, submit, approve, pay) or breaks keyboard/screen reader access.

Step 1: Identify the Type of Gap

WCAG / EN Area Example Issue Core Workflow Impact Regulatory Exposure Risk Level
2.1.1 Keyboard Cannot submit invoice without mouse Blocks transaction High HIGH
1.3.1 Labels Unlabeled required field Blocks form completion High HIGH
4.1.2 Name/Role/Value Custom grid not announced correctly Severe usability barrier High HIGH
1.4.3 Contrast Secondary badge text low contrast Usability friction Moderate MODERATE
2.4.7 Focus Visible Weak focus indicator Navigational difficulty Moderate MODERATE
2.5.8 Target Size Small icon in dense grid Motor difficulty Moderate MODERATE
1.4.1 Use of Color Chart color-only legend Informational gap Moderate MODERATE
1.2.4 Captions No live video in product Not applicable Low LOW
AAA only criteria Not evaluated Not required Low LOW
↑ Back to top

Risk Determination Rules

HIGH RISK

  • Blocks authentication, transaction, invoice approval
  • Prevents keyboard-only use
  • Breaks screen reader access
  • Legal/financial workflow impacted
  • Reputational risk
Decision: Remediation required before full approval

MODERATE RISK

  • Does not block task completion
  • Impacts usability or efficiency
  • Fix available in roadmap
  • Vendor acknowledges issue
Decision: Conditional approval with remediation tracking

LOW RISK

  • Cosmetic or minor usability issue
  • No core workflow impact
  • AAA criteria
  • Not applicable criteria
Decision: Acceptable residual risk
↑ Back to top