Main Content Region

ICT Procurement Process

ICT Accessibility & Security Review

Upon submission of a completed Information and Communication Technology Accessibility & Security Review Online Form, Accessible Technology Services and Compliance Initiatives Office will determine the level of review required.  The accessibility review process depends on several factors, including the impact of the purchase, the product's existing level of accessibility, and communication from the vendor. The requester is copied on all communication with the vendor. This provides transparency and allows the requester to help expedite the vendor response if required. Information Security requirements will be vetted as a parallel process by the Compliance Initiatives office. A security risk assessment will be conducted depending on how users access the product and the level of sensitive data a product stores. 

The steps are as follows:

  1. Inquire about product accessibility and security and obtain documentation from vendor
  2. Complete the ICT form online. The form addresses:
    • Product Information
      • Requester, alternate contact, vendor information, product purpose, life cycle
    • Product Use and Impact
      • Type of users, is it required, how/where will it be accessed?
    • Information Security
      • Is sensitive information handled, where is it stored, how do users login?
  3. Receive ICT Assessment PDF and include with requisition paperwork to purchasing
      <a href=";showinfo=0">Watch ICT Accessibility and Security Review Form YouTube Video</a>

Framework for Review


  1. Level of Critical Review Established
    • Who will use this product and how?
    • Is the product required?
    • How many users will have access?
    • Will access be restricted or public?
    • Who are the users: Students, Faculty, Staff, Public?
  2. Potential barriers are documented and vendor is engaged in critical review process of stated accessibility conformance 
  3. Action plan is implemented to mitigate barriers
  4. Vendors held accountable for ensuring accessibility of products


  1. Level of Critical Review Established
    • Will sensitive data be stored? 
    • What level of sensitive data will be stored
    • How will users access the data
    • Will access be restricted or public? 
    • Who are the users: Students. Faculty, Staff, Public? 
  2. Security risk assessments completed
  3. Security recommendations given to procurement 
  4. Vendors held accountable for ensuring security of products

Turnaround Time for ICT Assessments

Please note that our teams make every effort to expedite assessments. Some products may be considered low impact for accessibility but high impact for security and vice versa, so turnaround time fluctuates on a case-by-case basis. 

Depending on the level of review required and ease in communicating with the product vendor, it may take up to 90 days to receive approval. As such, please submit ICT forms well in advance of required implementation date. For purchases that are high impact for both accessibility and security, the review may not be complete if the form is submitted with 60 days lead time, and is unlikely to be complete is less than 30 days notice is given. 

Selecting More Accessible ICT Products

As you are selecting a product for purchase, consider the following:

  1. Search for product's accessibility on the web to identify overall accessibility themes of the product.
  2. Ask the product vendor about the accessibility of their product.
  3. Ask the product vendor to provide you with a completed VPAT (Accessibility Conformance Report) if possible. (See more info about VPATs below).
  4. If the outlook for the product's accessibility looks poor (vendor is unaware or unwilling to engage), investigate a competitor product that meets your needs.

A Voluntary Product Accessibility Template (VPAT) is a blank document to be filled by a product vendor. Once the vendor has completed the VPAT, it is known as an Accessibility Conformance Report (ACR). The vendor is responsible for providing this document upon request, though it may be readily available on their website. If required, you can download a word version of a blank VPAT with instructions to your vendor. Upload ACR documentation via the ICT Accessibility & Security Review online form. Alternatively, you can send the ACR as an attachment to