VPAT / ACR Review Checklist

VPAT / ACR Review Checklist Template — you can literally use this as your intake checklist.

Use this page while reviewing vendor-provided VPATs/ACRs. Check items as you validate scope, scan for red flags, and confirm the final risk position.

Tip: If multiple items in Red Flag Scan are checked, treat the VPAT as low-confidence and request clarifications or an updated ACR before finalizing a risk decision.

Optional: checkbox states can persist locally in your browser (same device) using the built-in script at the bottom.

🔎 A. Scope Validation

Done	Checklist Item
	WCAG version referenced (2.1 / 2.2 preferred)
	Level A & AA included
	All tables completed (no blank rows)
	Assistive technologies listed (NVDA, JAWS, VoiceOver)
	Browsers listed
	Evaluation date within 24 months
	Web + Mobile + PDFs covered (if applicable)
	Support documentation accessibility addressed

↑ Back to top

🔎 B. Red Flag Scan

Done	Checklist Item
	Excessive “Supports” without remarks
	“Partially Supports” without user impact explanation
	No remediation timeline
	Outdated WCAG version (2.0 only)
	No mention of keyboard testing
	No mention of screen reader testing

↑ Back to top

🔎 C. Core Risk Criteria (Must Review Closely)

Done	Checklist Item
	1.3.1 Info & Relationships
	2.1.1 Keyboard
	4.1.2 Name, Role, Value
	1.4.3 Contrast
	2.4.7 Focus Visible
	3.3.1 Error Identification
	2.2.1 Timing Adjustable
	2.5.8 Target Size (2.2)

↑ Back to top

🔎 D. EN 301 549 Clauses

Done	Checklist Item
	Clause 9 – Web
	Clause 11 – Software
	Clause 12 – Documentation
	Clause 13 – Support Services

↑ Back to top

🔎 E. Final Risk Position

Select	Risk Position
	Low
	Moderate (Conditional)
	High (Remediation Required)

Reminder: Your risk position should be based on workflow impact (e.g., invoice submission/approval), credibility of testing evidence, and alignment with WCAG + EN 301 549 where applicable.

↑ Back to top