Voluntary Product Accessibility Template® (VPAT®)

Drata Accessibility Conformance Report

WCAG Edition

(Based on VPAT Version 2.4Rev)


Product Description: 

Drata is the world's most advanced security and compliance automation platform with the mission of making compliance effortless and accessible for companies of all sizes. With Drata, thousands of companies streamline over 14 compliance frameworks—such as SOC 2, ISO 27001, GDPR, and more—through continuous, automated control monitoring and evidence collection, resulting in a strong security posture, lower costs, and less time spent preparing for audits.


Contact Information: 

[email protected] 

Attn: Drata Legal Dept


Evaluation Methods Used:

Drata was evaluated using machines running Chrome on MacOS 13 and on Windows 10. Assistive technologies used in this evaluation included JAWS, NVDA (screen reader, Windows), Voice Over(Mac OS)  and screen magnification function as well as exclusive use of the keyboard to navigate and operate the site content and functionality.


Applicable Standards/Guidelines WCAG 2.1 AA

This report covers the degree of conformance for the following accessibility standard/guidelines:



Standard/Guideline

Included In Report

Web Content Accessibility Guidelines 2.0

Level A (Yes)

Level AA (Yes)

Level AAA (No)



Web Content Accessibility Guidelines 2.1

Level A (Yes)

Level AA (Yes )

Level AAA (No)




Terms

The terms used in the Conformance Level information are defined as follows:


  • Supports: The functionality of the product has at least one method that meets the criterion without known defects or meets with equivalent facilitation.
  • Partially Supports: Some functionality of the product does not meet the criterion.
  • Does Not Support: The majority of product functionality does not meet the criterion.
  • Not Applicable: The criterion is not relevant to the product.


Not Evaluated: The product has not been evaluated against the criterion. This can be used only in WCAG 2.0 Level AAA.


WCAG 2.1 Report

Note: When reporting on conformance with the WCAG 2.1 Success Criteria, they are scoped for full pages, complete processes, and accessibility-supported ways of using technology as documented in the WCAG 2.0 Conformance Requirements.


Table 1: Success Criteria, Level A

Notes:


Criteria

Conformance Level

Remarks and Explanations

1.1.1 Non-text Content (Level A)

Supports

Drata partially supports this criterion. However, we found some exceptions that have been fixed and will be in our next release.

1.2.1 Audio-only and Video-only (Prerecorded) (Level A)

Not Applicable

Drata does not have pre-recorded Video or Audio therefore this criterion does not apply in the current version of the app

1.2.2 Captions (Prerecorded) (Level A)

Not Applicable

Drata does not have pre-recorded Video or Audio therefore this criterion does not apply in the current version of the app

1.2.3 Audio Description or Media Alternative (Prerecorded) (Level A)

Not Applicable

Drata does not have pre-recorded Video or Audio therefore this criterion does not apply in the current version of the app

1.3.1 Info and Relationships (Level A)

Partially Supports

Information, structure, and relationships conveyed through presentation can be programmatically determined or are available in text. Some exceptions exist in the Help & Feedback drawer.. We are working to address these issues in future releases

1.3.2 Meaningful Sequence (Level A)

Partially Supports

Instructions do not rely solely on sensory characteristics. However, we found that some instructions could be more descriptive. We are working to address this in future releases.

1.4.1 Use of Color (Level A)



Partially Supports

Drata partially supports this criterion. Some exceptions exist on the Risk Management page

We are working to address this in future releases.

1.4.2 Audio Control (Level A)

Not Applicable

Drata does not have pre-recorded Video or Audio therefore this criterion does not apply in the current version of the app

2.1.1 Keyboard (Level A)

Partially Supports

Drata partially supports this criterion.  Some exceptions exist on the following components/pages:

  • Tasks 
  • Personnel
  • Assets
  • Vendors 
  • Risk Management
  • Edit Report Modal 
  • Event Tracking
  • Monitoring 
  • Frameworks
  • Controls
  • Mapped requirements
  • Cards are not accessible to keyboard users
  • All the accordions are not accessible with keyboard
  • Download options with Bar graph are not in keyboard
  • Statistics cards are not keyboard accessible
  • Focus Order Violation in the Navbar
  • controls modal
  • Live button menu 
  • Menu items are not keyboard accessible at smaller breakpoints


We are working to address this in future releases.

2.1.2 No Keyboard Trap (Level A)

Partially Supports

Drata partially supports this criterion. Some exceptions exist on the Frameworks page.

We are working to address this in future releases.

2.1.4 Character Key Shortcuts (Level A 2.1 only)

Supports

Drata supports this criterion

2.2.1 Timing Adjustable (Level A)

Not Applicable

Drata does not have pre-recorded Video or Audio therefore this criterion does not apply in the current version of the app

2.2.2 Pause, Stop, Hide (Level A)

Not Applicable

Drata does not have pre-recorded Video or Audio therefore this criterion does not apply in the current version of the app

2.3.1 Three Flashes or Below Threshold (Level A)

Not Applicable

Drata does not have pre-recorded Video or Audio therefore this criterion does not apply in the current version of the app

2.4.1 Bypass Blocks (Level A)

Supports

Drata has a “skip to main content” feature implemented at the top of the tab order, therefore supports this criterion

2.4.2 Page Titled (Level A)

Partially Supports

Drata partially supports this criterion. Some exceptions exist throughout the app.

We are working to address this in future releases.

2.4.3 Focus Order (Level A)

Partially Supports

Drata partially supports this criterion. Some exceptions exist in the Edit Report Modal and on the Event Tracking page

We are working to address this in future releases.

2.4.4 Link Purpose (In Context) (Level A)

Partially Supports

Drata partially supports this criterion.  Some exceptions exist on the following components/pages:

  • Tasks
  • Policy Center
  • Personnel 
  • Vendors
  • Risk Management 
  • Risk Assessment
  • Audit Hub
  • Event Tracking
  • Live button needs an aria-label to explain its purpose to the screen reader user
  • Fix now button is too generic for screen reader users
  • Button "Learn More" on Quick Start page is too generic


We are working to address this in future releases.

2.5.1 Pointer Gestures (Level A 2.1 only)

Supports

Drata supports this criterion

2.5.2 Pointer Cancellation (Level A 2.1 only)

Supports

Drata supports this criterion

2.5.3 Label in Name (Level A 2.1 only)

Partially Supports

Drata partially supports this criterion. However, we found that some elements could be fixed:

  • Sporadic labels across the site are being identified


We are working to address this in future releases.

2.5.4 Motion Actuation (Level A 2.1 only)

Not Applicable

Drata does not have any features that depend on kinetic motion of the device (e.g. shake, raise, lower, tilt)

3.1.1 Language of Page (Level A)

Supports

Drata supports this criterion

3.2.1 On Focus (Level A)

Supports

Drata supports this criterion

3.2.2 On Input (Level A)

Partially Supports

Drata partially supports this criterion.  Some exceptions exist in theAudit Hub

We are working to address this in future releases.

3.3.1 Error Identification (Level A)

Partially Supports

Drata partially supports this criterion.  Some exceptions exist on the Vendors and Risk Assessment pages

We are working to address this in future releases

3.3.2 Labels or Instructions (Level A)

Partially Supports

Drata partially supports this criterion.  Some exceptions exist on the following components/pages:

  • Personnel 
  • Assets 
  • Vendors
  • Risk Management
  • Risk Assessment
  • Create Auditor 
  • Audit Hub
  • Event Tracking 
  • Monitoring page
  • Frameworks
  • On controls modal
  • Controls 


We are working to address this in future releases.

4.1.1 Parsing (Level A)

Partially Supports

Drata partially supports this criterion. However, we found that some elements could be fixed:

  • Duplicate ID attribute value

We are working to address this in future releases.

4.1.2 Name, Role, Value (Level A)

Partially Supports

Drata partially supports this criterion. Some exceptions exist on the following components/pages:

  • Personnel
  • Edit Report Modal
  • Monitoring 
  • Frameworks 
  • New Custom Framework Modal 
  • Add button under Mapped Requirements
  • Delete(X) button next to control owners
  • Event Tracking
  • Monitoring
  • Controls modal


We are working to address this in future releases.

Drata supports this criterion

Drata supports this criterion

Drata supports this criterion

Drata supports this criterion

Drata supports this criterion

Drata supports this criterion


Table 2: Success Criteria, Level AA

Notes:


Criteria

Conformance Level

Remarks and Explanations

1.2.4 Captions (Live) (Level AA)

Not Applicable

Drata does not have live Video or Audio therefore this criterion does not apply in the current version of the app

1.2.5 Audio Description (Prerecorded) (Level AA)

Not Applicable

Drata does not have live Video or Audio therefore this criterion does not apply in the current version of the app

1.3.4 Orientation (Level AA 2.1 only)

Does Not Support

Drata does not support the 1.3.4 Orientation success criteria. We are working to address this in future releases.

1.3.5 Identify Input Purpose (Level AA 2.1 only)

Supports

Drata supports this criterion

1.4.3 Contrast (Minimum) (Level AA)

Partially Supports

Drata partially supports this criterion. Some exceptions exist on the following components/pages:

  • Color Contrast fails for gray on white for both text and non text
  • Color contrast fails for submenu options
  • Live button menu option fails the color contrast test
  • Vendors 
  • Risk Management
  • Color contrast fails for green check icon


We are working to address this in future releases.

1.4.4 Resize text (Level AA)

Supports

Drata supports this criterion

1.4.5 Images of Text (Level AA)

Supports

Drata supports this criterion

1.4.10 Reflow (Level AA 2.1 only)

Partially Supports

Drata partially supports this criterion. However, we found that some elements could be fixed:

  • Content is not accessible at 400% zoom

We are working to address this in future releases.

1.4.11 Non-text Contrast (Level AA 2.1 only)

Partially Supports

Drata partially supports this criterion.  Some exceptions exist on the following components/pages:

  • Policy Center
  • Vendors 
  • Monitoring

We are working to address this in future releases.

1.4.12 Text Spacing (Level AA 2.1 only)

Supports

Drata supports this criterion

1.4.13 Content on Hover or Focus (Level AA 2.1 only)

Partially Supports

Drata partially supports this criterion. However, we found that some elements could be fixed:

  • Hover on some elements does not receive focus

We are working to address this in future releases.

2.4.5 Multiple Ways (Level AA)

Does Not Support

Drata does not support the 1.3.4 Orientation success criteria. We are working to address this in future releases.

2.4.6 Headings and Labels (Level AA)

Partially Supports

Drata partially supports this criterion. While most headings and labels are descriptive, some areas of the platform have been identified where the headings and labels could be improved for better clarity and understanding. We are working on improving the descriptiveness of these headings and labels in future releases.

2.4.7 Focus Visible (Level AA)

Partially Supports

Drata partially supports this criterion.  Some exceptions exist on the following components/pages:

  • Vendors
  • Auditor’s Profile Modal
  • Monitoring 
  • Event Tracking

We are working to address this in future releases.

3.1.2 Language of Parts (Level AA)

Supports

Drata supports this criterion

3.2.3 Consistent Navigation (Level AA)

Supports

Drata supports this criterion

3.2.4 Consistent Identification (Level AA)

Partially Supports

The application has some issues with duplicate ID attribute values. This can be improved by ensuring that all ID attributes are unique across the application.

3.3.3 Error Suggestion (Level AA)

Partially Supports

Drata partially supports this criterion. While most errors provide suggestions for correction, there are some areas where this could be improved. We are working on improving the error suggestions in future releases.

3.3.4 Error Prevention (Legal, Financial, Data) (Level AA)

Partially Supports

Drata supports this criterionDrata partially supports this criterion. Some exceptions exist in Event Tracking

We are working to address this in future releases.

4.1.3 Status Messages (Level AA 2.1 only)

Partially Supports

Drata partially supports this criterion. Some exceptions exist on the following components/pages:

  • Risk Assessment
  • Audit Hub
  • Monitoring
  • Frameworks 
  • New Custom Framework Modal
  • Controls
  • Search results
  • Loading spinner should announced to the screen reader user
  • Event Tracking 
  • For any control, when no result found then the status message is not announced by the screen reader

We are working to address this in future releases.


Table 3: Success Criteria, Level AAA

Notes:



Criteria

Conformance Level

Remarks and Explanations

1.2.6 Sign Language (Prerecorded) (Level AAA)

Not Evaluated

 

1.2.7 Extended Audio Description (Prerecorded) (Level AAA)

Not Evaluated

1.2.8 Media Alternative (Prerecorded) (Level AAA)

Not Evaluated

1.2.9 Audio-only (Live) (Level AAA)

Not Evaluated


1.3.6 Identify Purpose (Level AAA 2.1 only)

Not Evaluated


1.4.6 Contrast (Enhanced)  (Level AAA)

Not Evaluated


1.4.7 Low or No Background Audio (Level AAA)

Not Evaluated


1.4.8 Visual Presentation (Level AAA)

Not Evaluated


1.4.9 Images of Text (No Exception) (Level AAA)

Not Evaluated


2.1.3 Keyboard (No Exception) (Level AAA)

Not Evaluated


2.2.3 No Timing (Level AAA)

Not Evaluated


2.2.4 Interruptions (Level AAA)

Not Evaluated


2.2.5 Re-authenticating (Level AAA)

Not Evaluated


2.2.6 Timeouts (Level AAA 2.1 only)

Not Evaluated


2.3.2 Three Flashes (Level AAA)

Not Evaluated


2.3.3 Animation from Interactions (Level AAA 2.1 only)

Not Evaluated


2.4.8 Location (Level AAA)

Not Evaluated


2.4.9 Link Purpose (Link Only) (Level AAA)

Not Evaluated


2.4.10 Section Headings (Level AAA)

Not Evaluated


2.5.5 Target Size (Level AAA 2.1 only)

Not Evaluated


2.5.6 Concurrent Input Mechanisms (Level AAA 2.1 only)

Not Evaluated


3.1.3 Unusual Words (Level AAA)

Not Evaluated


3.1.4 Abbreviations (Level AAA)

Not Evaluated


3.1.5 Reading Level (Level AAA)

Not Evaluated


3.1.6 Pronunciation (Level AAA)

Not Evaluated


3.2.5 Change on Request (Level AAA)

Not Evaluated


3.3.5 Help (Level AAA)

Not Evaluated


3.3.6 Error Prevention (All) (Level AAA)

Not Evaluated



Legal Disclaimer 

Drata Inc. All rights reserved.


The names of actual companies and products mentioned herein may be the trademarks of their respective owners. The information contained in this document represents the current view of Drata on the issues discussed as of the date of publication. Drata regularly updates its websites with new information about the accessibility of products as that information becomes available.


Customization of the product voids this conformance statement from Drata. Customers may make independent conformance statements if they have conducted due diligence to meet all relevant requirements for their customization.


Please consult with Assistive Technology (AT) vendors for compatibility specifications of specific AT products. This document is for informational purposes only. 


Drata does not warrant that this document is error free, nor does it provide any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. Drata specifically disclaims any liability with respect to this document and no contractual obligations are formed either directly or indirectly by this document. Drata further makes no representation concerning the ability of assistive technologies or other products to interoperate with Drata’s Services.