WCAG 2.1 Level AA
The technical standard incorporated by both the DOJ ADA Title II rule and the HHS Section 504 rule. Published by W3C in June 2018. The version referenced by regulation is the 2018 static version, not newer iterations.
Methodology
Four phases. One compliance record.
AccessMark structures federal accessibility compliance work into four defined phases. Each produces a citation-grounded deliverable that documents conformance against the applicable CFR section and the technical standard — WCAG 2.1 Level AA. The four phases are sequential for an initial engagement and continuous thereafter.
Phase 01
Audit
A structured WCAG 2.1 AA conformance review of the entity's web content and mobile applications, with findings mapped to the applicable CFR section. The audit is the reference point for every subsequent phase.
Scope
Covered properties include the entity's primary website, internal-facing web applications that deliver public-facing services, patient or constituent portals, mobile applications, and third-party content hosted under the entity's domain. The scope is defined in writing before the audit begins.
Inputs from the entity
Access credentials for authenticated areas of the site, an inventory of mobile applications, a point of contact for technical clarifications, and any prior accessibility reports or vendor attestations. Credentials are handled under a signed confidentiality agreement.
Method
Automated conformance testing across representative page templates, followed by manual review of interactive components, forms, navigation patterns, and dynamically generated content. Manual review is non-negotiable — automated tools detect roughly one-third of WCAG failures.
Deliverable
A technical findings report listing each nonconformance, with severity rating, affected page or component, WCAG success criterion, and the corresponding CFR reference. Findings are organized for direct handoff to developers.
Severity framework
Each finding receives a severity rating that reflects both the WCAG level and the operational impact on users with disabilities.
Critical
Blocks users with disabilities from completing a primary task. Examples: missing form labels on a patient-intake form, inaccessible login flow, no keyboard path to submit content.
Serious
Causes significant difficulty but a workaround exists. Examples: insufficient color contrast on critical text, missing skip links, poor focus management in modals.
Moderate
Creates friction without blocking access. Examples: non-descriptive link text, heading hierarchy skips, missing language declarations on embedded content.
Minor
Technical nonconformance with low user impact. Examples: redundant alternative text, decorative images lacking null alt, table headers without scope attributes.
Phase 02
Remediation
Prioritized correction of findings, coordinated with the entity's in-house or contracted development resources. Remediation turns a findings report into a change log — the auditable evidence that each nonconformance was addressed.
Scope of AccessMark's role
AccessMark specifies each correction, reviews implementations, and retests against the original finding. The entity executes code and content changes. This division preserves AccessMark's independence as the certifying party.
Prioritization
Critical findings are sequenced first. Serious findings follow. Moderate and minor findings are grouped into a second remediation pass. The sequence is documented so that progress can be reported to governance bodies before the engagement concludes.
Pattern-based corrections
Findings that recur across templates are corrected at the pattern level — the design system component, the form field wrapper, the navigation module — rather than page-by-page. Pattern-level fixes produce durable conformance and reduce future audit burden.
Deliverable
A remediation log listing each finding with the correction applied, the date of retest, and the post-remediation conformance status. Findings not fully resolved are flagged for continuous-monitoring attention rather than held open indefinitely.
Phase 03
Certification
Issuance of an AccessMark certification letter documenting the scope, standard, conformance status, and monitoring arrangement. Certification is a compliance record — it documents factual conformance at a defined point in time against a published standard. It is not a legal opinion.
The certification letter
The letter states the certified entity, the scope of covered properties, the technical standard (WCAG 2.1 AA), the applicable CFR section or sections, the date of certification, the twelve-month validity period, and the certification identifier. Certification identifiers follow the format ACM-YYYY-NNN.
Validity and renewal
Certifications are valid for twelve months from issuance and are renewed annually. Renewal is conditional on continued enrollment in continuous monitoring and on retest of any material changes to the covered properties during the term.
Scope addendum
Each certification is accompanied by a scope addendum that enumerates the domains, subdomains, mobile applications, and third-party integrations included in — and excluded from — the certification. The addendum is the authoritative reference if scope becomes a question during enforcement review.
What certification is not
Certification does not guarantee immunity from enforcement, litigation, or OCR complaint investigation. It is a documented, independent record of conformance against a named standard — the evidentiary foundation most entities currently lack when required to demonstrate their accessibility posture.
Phase 04
Continuous monitoring
Ongoing conformance surveillance across the covered properties. A point-in-time audit does not sustain compliance: content is published daily, components are redesigned, third-party integrations are updated. Continuous monitoring is how a certification remains meaningful across its twelve-month term.
Cadence
Scheduled re-audits run on a defined interval — typically monthly for automated conformance scans and quarterly for manual review of high-traffic pages. Change-triggered rechecks occur when material updates are deployed to covered properties.
Surface covered
The full certified scope is monitored, including mobile applications and authenticated areas. New pages and sections added during the term are incorporated into the monitoring surface under the scope addendum's update procedure.
Handling new findings
Findings surfaced during continuous monitoring enter the same remediation workflow used in the initial engagement. Critical findings trigger immediate notification to the entity's point of contact; lower-severity findings are grouped into a monthly report.
Deliverable
A compliance record updated throughout the certification term, available to the entity on demand. The record is the evidentiary document most often requested during OCR compliance reviews, state audits, and procurement processes.
Note
Continuous monitoring is delivered as a service. A dashboard-based product, MarkIQ, is in development and will be made available to certified entities as an additional surface into the same compliance record.
Standards and regulatory anchors
What the methodology is measured against.
28 CFR §35.200 — §35.205
ADA Title II — Web and Mobile Accessibility. Adopted by DOJ final rule in April 2024; compliance dates amended by DOJ Interim Final Rule effective April 20, 2026.
45 CFR Part 84 — §84.85(c)
HHS Section 504 — Accessibility of Web Content, Mobile Apps, and Kiosks. Published May 2024; first compliance date currently May 11, 2026, subject to an HHS Interim Final Rule under OIRA review as of April 2026.
45 CFR §180.50
CMS Hospital Price Transparency. Requires that machine-readable standard-charges files be accessible on a publicly available website, with consumer-friendly display for shoppable services.
45 CFR §164.520
HIPAA Privacy — Notice of Privacy Practices. When posted on a covered entity's website, the notice must be accessible alongside the entity's other public-facing content; the accessibility obligation is inherited from ADA Title II and Section 504 where applicable.
Reference framework
AccessMark reports cite the exact WCAG success criterion and the corresponding CFR section for each finding. This citation structure makes findings traceable to the regulatory source during enforcement review.
Ready to map your compliance posture?
The first step is a scoped audit. Engagements typically begin within two weeks of initial contact.