How The Web Accessibility Framework was designed

Pope Tech launched V1 of The Web Accessibility Framework. We designed The Web Accessibility Framework to give any sized organization in any industry a way to improve the accessibility of their website by helping them define their unique goals, scope, risk appetite, gaps, processes, and desired state.

In this article, we explain why and how we built the framework. To learn more about the framework itself, visit The Web Accessibility Framework.

If you’re interested in learning more about building an accessibility strategy with The Web Accessibility Framework, register for our free Web Accessibility Framework webinar on April 3 at 11 AM MT.

Noticed a need

Accessibility and compliance are possible. Any organization can improve its web accessibility today, but it isn’t as simple as checking a box or adding a line of code.

True web accessibility comes when organizations consider their entire organization and content lifecycle and embed accessibility processes into the organization. This includes getting leadership support, setting up processes, clearly defining goals and outcomes, and doing regular automated and manual testing.

As we worked with our customers of various sizes and in varying industries, we noticed many organizations struggled to think about everything that could go into a successful website accessibility strategy. Often, they wouldn’t know where to start or didn’t have enough experience to know what they should do. And, considering all that can go into it, it’s understandably overwhelming.

This is where the need for a web accessibility framework came from. Organizations needed a framework that helped them organize and think about everything that goes into accessibility. A framework also gives everyone a shared way to talk about accessibility.

We didn’t want it to just help, though. We wanted it to help quickly. Helping organizations quickly get started with all the facets of accessibility was a critical goal when building The Web Accessibility Framework.

What was a resource we could send our customers and potential customers that would help them create a sustainable accessibility initiative that met their organization where it was?

Existing web accessibility frameworks

It’s worth recognizing the few existing accessibility frameworks that there are. Unlike security there aren’t a lot of options.

The most developed frameworks are:

  1. The WebAIM Strategic Accessibility Framework: A great resource created by WebAIM that was originally created for the GOALS project administered by The National Center on Disability and Access to Education and funded through the U.S. Department of Education (FIPSE). This was published on the WebAIM blog after we had created v.5 of the accessibility framework.
  2. W3C Maturity Model (Group Draft Note): Focus is for executive levels of organizations and other levels of management, the maturity model has different maturity levels with proof points.
  3. ISO/IEC 30071-1:2019 Information Technology: A narrower focus on design and development.

Each has good ideas and could be great for many organizations. They are worth referencing if you want to go deeper.

We wanted to share something with our clients that was easy to understand, quick to get started, flexible for any organization or department, and could be used by various roles without being prescriptive. These goals led us to develop a new framework.

Inspired by an existing, trusted framework

Instead of building a framework from scratch, we used a mature, existing framework that has proven flexibility for varying organization sizes and industries. A framework that met our customer’s goals but for cybersecurity instead of accessibility.

We based The Web Accessibility Framework on the National Institute of Standards and Technology (NIST) Cybersecurity Framework (we’ll refer to it as the NIST Security Framework).

About the NIST Security Framework

Executive Order (EO) 13636, Improving Critical Infrastructure Cybersecurity, was issued in February 2013. In response to this, NIST worked with stakeholders to develop a voluntary framework to reduce cyber risks. The framework is based on existing standards, guidelines, and practices.

Its goals are to give a “prioritized, flexible, repeatable, performance-based, and cost-effective approach, including information security measures and controls, to help owners and operators of critical infrastructure identify, assess, and manage cyber risk.”

Similarities between security and accessibility

Accessibility has several similarities with security. They both are technology-based and their goals are similar. For example, it’s easy to revise the goals of the NIST Security Framework for accessibility: Organizations need a flexible, repeatable, cost-effective approach that includes measures and controls to help businesses identify, assess, and manage accessibility issues.

The other similarities between accessibility and security are in how they need to be thought about. First, both are ongoing standards and processes – they’re not a one-and-done or check-it-off-the-list project.

Second, people often relate security and accessibility to compliance, or they want to avoid a lawsuit. But, getting both right is more than not getting sued – it’s keeping user’s information secure or making content accessible to everyone.

Lastly, both require the entire organization to be consistently successful. Especially for large organizations, one person or a team of people can’t maintain the security or accessibility of everything. Everyone has to know basic standards and best practices to avoid issues.

Benefits of the NIST Security Framework

In our research of the NIST Security Framework, we found feedback from companies, organizations, and universities using it. They reported these benefits:

  • Measure current state and inform risk
  • Flexible and adjustable
  • Easily combined with other frameworks and existing efforts
  • Gives a shared way to talk about it
  • Works for one department or large higher ed system
  • Easier to secure funding by connecting the ask to the business goals
  • Helps people know everything they should consider
  • Supports continuous progress over perfection
  • An honest assessment of our baseline to track progress over time
  • Help organizations realize it’s a shared responsibility
  • Easy to start with no prior experience
  • Don’t need to wait until conditions are perfect to begin – beginning makes the perfect conditions

This is what we wanted for accessibility, the benefits of the NIST Security Framework are the same benefits organizations need from an accessibility framework.

The similarities between accessibility and security and the benefits organizations have already had with the NIST Security Framework make it a good start for an accessibility framework.

Feedback and iterations

How we got to version 1

With the NIST Security Framework as a base, we created The Web Accessibility Framework and started sharing it and iterating on it. In Fall 2022, we added it in all our sales slide decks and called it version 0.1.

The “aha” moment comes when we present this slide. It’s a very simple intro to the Core of the Web Accessibility Framework. Each function of the Core is in a circle graphic indicating that web accessibility is ongoing. The 5 Core functions have a few examples:

  1. Identify:
    • Understand scope
    • Document and video scope
    • 3rd party scope
    • Define risk tolerance
    • Define goals
  2. Prevent:
    • Training
    • Procurement
    • Change management process
  3. Detect:
    • Sampling
    • Manual testing
    • Automated testing
    • User Feedback
  4. Respond:
    • Ticketing system/Documentation
    • Prioritization
    • Customer communication
    • Legal
  5. Remediate:
    • Fixing issues
    • Fixing processes

Each time we present this slide, it helps people understand the breadth and depth of what it takes to be accessible – they have the “aha” moment that it’s not just implementing an automated checker or checking off the yearly audit.

In sharing this, we used what we learned to inform Version .5, which I presented most recently at Accessing Higher Ground’s 2023 Conference. Additional feedback from that conference and customers has led us to today where we can announce The Web Accessibility Framework Version 1.

A community resource

Now that V1 is published, we’ll keep collecting feedback to inform future versions. Since its foundation comes from the NIST Security Framework, we’ve submitted it to NIST for their feedback.

Our main goal is a more accessible web for everyone and know this framework can help organizations do just that. To help, we’ve made this framework open-source. It can be used for any purpose including commercial.

Now, it can be a community resource everyone can benefit from and give feedback on.

Submit feedback by form or visit our Web Accessibility Framework GitHub.

Meet The Web Accessibility Framework

That’s why and how we created The Web Accessibility Framework. Now, here’s a brief introduction to it.

Explore specific examples and learn more about each part of The Web Accessibility Framework.

The Web Accessibility Framework has three parts:

  1. Core: Core is a list of accessibility outcomes. Your organization customizes this list for its size and need. You’ll find accessibility opportunities and understand what actions to take toward improving accessibility.
  2. Tiers: Implementation tiers help you understand your organization’s current and desired state for responding to and managing web accessibility.
  3. Profiles: Profiles take an organization’s requirements, objectives, risk appetite, and resources and compare them with the desired outcomes of the Core. Profiles help identify opportunities for improving web accessibility by comparing a current profile with a target profile.
Web Accessibility Framework includes the Core, Tiers, and Profile

We designed The Web Accessibility Framework to be flexible and easy to start, so organizations can use one, two, or all three pieces to help them improve accessibility.


For example, organizations could start and focus on only the Core piece. The Core consists of five functions and each function has outcomes the organization can choose from.

Here are the five core functions, descriptions of what each function entails, and two examples of outcomes from each:

  1. Identify: Define your scope, risk tolerance, and goals.
    • Public-facing websites and pages are inventoried
    • Videos are inventoried
  2. Prevent: Ways to prevent issues through training, procurement processes with 3rd party software, and change management processes.
    • Inform and train all users according to their roles.
    • Evaluate web accessibility during the procurement process of new software before purchase.
  3. Detect: Ways to detect issues with intentional sampling, manual testing, automated testing, and user feedback.
    • Sampling methods are used to create cost-effective and accurate detection.
    • Schedule automated testing on a regular cadence.
  4. Respond: The organization’s response plan to issues including where they’re documented, how they’re prioritized, customer communication guidelines, and legal response plans
    • Document and log detected issues (or groups of issues) in the central system along with non-accessibility issues.
    • Users who report accessibility issues receive clear and prompt responses.
  5. Remediate: How your organization will fix issues and processes.
    • Remediate issues regularly.
    • Analyze the cause of accessibility issues.

Focusing here would help organizations identify their goals, establish processes, realize the current state, plan how to respond to issues, and actually fix problems.

As the organization matures its accessibility strategies, it could add more outcomes and include tiers and profiles if it makes sense for that organization.

Learn more about each part of The Web Accessibility Framework.