Voluntary Product Accessibility Template® (VPAT®)
Version 2.4Rev
Published July 17, 2023
Drata Accessibility Conformance Report
WCAG Edition
(Based on VPAT Version 2.4Rev)
Report Date: July 17, 2023
Product Description:
Drata is the world's most advanced security and compliance automation platform with the mission of making compliance effortless and accessible for companies of all sizes. With Drata, thousands of companies streamline over 14 compliance frameworks—such as SOC 2, ISO 27001, GDPR, and more—through continuous, automated control monitoring and evidence collection, resulting in a strong security posture, lower costs, and less time spent preparing for audits.Drata is the world's most advanced security and compliance automation platform with the mission of making compliance effortless and accessible for companies of all sizes. With Drata, thousands of companies streamline over 14 compliance frameworks—such as SOC 2, ISO 27001, GDPR, and more—through continuous, automated control monitoring and evidence collection, resulting in a strong security posture, lower costs, and less time spent preparing for audits.
Contact Information:
Attn: Drata Legal Dept
Evaluation Methods Used:
Drata was evaluated using machines running Chrome on MacOS 13 and on Windows 10. Assistive technologies used in this evaluation included JAWS, NVDA (screen reader, Windows), Voice Over(Mac OS) and screen magnification function as well as exclusive use of the keyboard to navigate and operate the site content and functionality.
Applicable Standards/Guidelines WCAG 2.1 AA
This report covers the degree of conformance for the following accessibility standard/guidelines:
Standard/Guideline | Included In Report |
---|---|
Level A (Yes) Level AA (Yes) Level AAA (No) | |
Level A (Yes) Level AA (Yes ) Level AAA (No) |
Terms
The terms used in the Conformance Level information are defined as follows:
Supports: The functionality of the product has at least one method that meets the criterion without known defects or meets with equivalent facilitation.
Partially Supports: Some functionality of the product does not meet the criterion.
Does Not Support: The majority of product functionality does not meet the criterion.
Not Applicable: The criterion is not relevant to the product.
Not Evaluated: The product has not been evaluated against the criterion. This can be used only in WCAG 2.0 Level AAA.
WCAG 2.1 Report
Note: When reporting on conformance with the WCAG 2.1 Success Criteria, they are scoped for full pages, complete processes, and accessibility-supported ways of using technology as documented in the WCAG 2.0 Conformance Requirements.
Table 1: Success Criteria, Level A
Notes:
Criteria | Conformance Level | Remarks and Explanations |
---|---|---|
1.1.1 Non-text Content (Level A) | Supports | Drata partially supports this criterion. However, we found some exceptions that have been fixed and will be in our next release. |
Not Applicable | Drata does not have pre-recorded Video or Audio therefore this criterion does not apply in the current version of the app | |
1.2.2 Captions (Prerecorded) (Level A) | Not Applicable | Drata does not have pre-recorded Video or Audio therefore this criterion does not apply in the current version of the app |
1.2.3 Audio Description or Media Alternative (Prerecorded) (Level A) | Not Applicable | Drata does not have pre-recorded Video or Audio therefore this criterion does not apply in the current version of the app |
1.3.1 Info and Relationships (Level A) | Partially Supports | Information, structure, and relationships conveyed through presentation can be programmatically determined or are available in text. Some exceptions exist in the Help & Feedback drawer.. We are working to address these issues in future releases |
1.3.2 Meaningful Sequence (Level A) | Partially Supports | Drata partially supports this criterion. Some exceptions exist on the controls page We are working to address this in future releases. |
1.3.3 Sensory Characteristics (Level A) | Partially Supports | Instructions do not rely solely on sensory characteristics. However, we found that some instructions could be more descriptive. We are working to address this in future releases. |
1.4.1 Use of Color (Level A) | Partially Supports | Drata partially supports this criterion. Some exceptions exist on the Risk Management page We are working to address this in future releases. |
1.4.2 Audio Control (Level A) | Not Applicable | Drata does not have pre-recorded Video or Audio therefore this criterion does not apply in the current version of the app |
2.1.1 Keyboard (Level A) | Partially Supports | Drata partially supports this criterion. Some exceptions exist on the following components/pages: • Tasks • Personnel • Assets • Vendors • Risk Management • Edit Report Modal • Event Tracking • Monitoring • Frameworks • Controls • Mapped requirements • Cards are not accessible to keyboard users • All the accordions are not accessible with keyboard • Download options with Bar graph are not in keyboard • Statistics cards are not keyboard accessible • Focus Order Violation in the Navbar • controls modal • Live button menu • Menu items are not keyboard accessible at smaller breakpoints We are working to address this in future releases. |
2.1.2 No Keyboard Trap (Level A) | Partially Supports | Drata partially supports this criterion. Some exceptions exist on the Frameworks page. We are working to address this in future releases. |
2.1.4 Character Key Shortcuts (Level A 2.1 only) | Supports | Drata supports this criterion |
2.2.1 Timing Adjustable (Level A) | Not Applicable | Drata does not have pre-recorded Video or Audio therefore this criterion does not apply in the current version of the app |
2.2.2 Pause, Stop, Hide (Level A) | Not Applicable | Drata does not have pre-recorded Video or Audio therefore this criterion does not apply in the current version of the app |
2.3.1 Three Flashes or Below Threshold (Level A) | Not Applicable | Drata does not have pre-recorded Video or Audio therefore this criterion does not apply in the current version of the app |
2.4.1 Bypass Blocks (Level A) | Supports | Drata has a “skip to main content” feature implemented at the top of the tab order, therefore supports this criterion |
2.4.2 Page Titled (Level A) | Partially Supports | Drata partially supports this criterion. Some exceptions exist throughout the app. We are working to address this in future releases. |
2.4.3 Focus Order (Level A) | Partially Supports | Drata partially supports this criterion. Some exceptions exist in the Edit Report Modal and on the Event Tracking page We are working to address this in future releases. |
2.4.4 Link Purpose (In Context) (Level A) | Partially Supports | Drata partially supports this criterion. Some exceptions exist on the following components/pages: • Tasks • Policy Center • Personnel • Vendors • Risk Management • Risk Assessment • Audit Hub • Event Tracking • Live button needs an aria-label to explain its purpose to the screen reader user • Fix now button is too generic for screen reader users • Button "Learn More" on Quick Start page is too generic We are working to address this in future releases. |
2.5.1 Pointer Gestures (Level A 2.1 only) | Supports | Drata supports this criterion |
2.5.2 Pointer Cancellation (Level A 2.1 only) | Supports | Drata supports this criterion |
2.5.3 Label in Name (Level A 2.1 only) | Partially Supports | Drata partially supports this criterion. However, we found that some elements could be fixed: • Sporadic labels across the site are being identified We are working to address this in future releases. |
2.5.4 Motion Actuation (Level A 2.1 only) | Not Applicable | Drata does not have any features that depend on kinetic motion of the device (e.g. shake, raise, lower, tilt) |
3.1.1 Language of Page (Level A) | Supports | Drata supports this criterion |
3.2.1 On Focus (Level A) | Supports | Drata supports this criterion |
3.2.2 On Input (Level A) | Partially Supports | Drata partially supports this criterion. Some exceptions exist in theAudit Hub We are working to address this in future releases. |
3.3.1 Error Identification (Level A) | Partially Supports | Drata partially supports this criterion. Some exceptions exist on the Vendors and Risk Assessment pages We are working to address this in future releases |
3.3.2 Labels or Instructions (Level A) | Partially Supports | Drata partially supports this criterion. Some exceptions exist on the following components/pages: • Personnel • Assets • Vendors • Risk Management • Risk Assessment • Create Auditor • Audit Hub • Event Tracking • Monitoring page • Frameworks • On controls modal • Controls We are working to address this in future releases. |
4.1.1 Parsing (Level A) | Partially Supports | Drata partially supports this criterion. However, we found that some elements could be fixed: • Duplicate ID attribute value We are working to address this in future releases. |
4.1.2 Name, Role, Value (Level A) | Partially Supports | Drata partially supports this criterion. Some exceptions exist on the following components/pages: • Personnel • Edit Report Modal • Monitoring • Frameworks • New Custom Framework Modal • Add button under Mapped Requirements • Delete(X) button next to control owners • Event Tracking • Monitoring • Controls modal We are working to address this in future releases. |
Table 2: Success Criteria, Level AA
Notes:
Criteria | Conformance Level | Remarks and Explanations |
---|---|---|
1.2.4 Captions (Live) (Level AA) | Not Applicable | Drata does not have live Video or Audio therefore this criterion does not apply in the current version of the app |
1.2.5 Audio Description (Prerecorded) (Level AA) | Not Applicable | Drata does not have live Video or Audio therefore this criterion does not apply in the current version of the app |
1.3.4 Orientation (Level AA 2.1 only) | Does Not Support | Drata does not support the 1.3.4 Orientation success criteria. We are working to address this in future releases. |
1.3.5 Identify Input Purpose (Level AA 2.1 only) | Supports | Drata supports this criterion |
1.4.3 Contrast (Minimum) (Level AA) | Partially Supports | Drata partially supports this criterion. Some exceptions exist on the following components/pages: • Color Contrast fails for gray on white for both text and non text • Color contrast fails for submenu options • Live button menu option fails the color contrast test • Vendors • Risk Management • Color contrast fails for green check icon We are working to address this in future releases. |
1.4.4 Resize text (Level AA) | Supports | Drata supports this criterion |
1.4.5 Images of Text (Level AA) | Supports | Drata supports this criterion |
1.4.10 Reflow (Level AA 2.1 only) | Partially Supports | Drata partially supports this criterion. However, we found that some elements could be fixed: • Content is not accessible at 400% zoom We are working to address this in future releases. |
1.4.11 Non-text Contrast (Level AA 2.1 only) | Partially Supports | Drata partially supports this criterion. Some exceptions exist on the following components/pages: • Policy Center • Vendors • Monitoring We are working to address this in future releases. |
1.4.12 Text Spacing (Level AA 2.1 only) | Supports | Drata supports this criterion |
1.4.13 Content on Hover or Focus (Level AA 2.1 only) | Partially Supports | Drata partially supports this criterion. However, we found that some elements could be fixed: • Hover on some elements does not receive focus We are working to address this in future releases. |
2.4.5 Multiple Ways (Level AA) | Does Not Support | Drata does not support the 1.3.4 Orientation success criteria. We are working to address this in future releases. |
2.4.6 Headings and Labels (Level AA) | Partially Supports | Drata partially supports this criterion. While most headings and labels are descriptive, some areas of the platform have been identified where the headings and labels could be improved for better clarity and understanding. We are working on improving the descriptiveness of these headings and labels in future releases. |
2.4.7 Focus Visible (Level AA) | Partially Supports | Drata partially supports this criterion. Some exceptions exist on the following components/pages: • Vendors • Auditor’s Profile Modal • Vendors • Monitoring • Event Tracking We are working to address this in future releases. |
3.1.2 Language of Parts (Level AA) | Supports | Drata supports this criterion |
3.2.3 Consistent Navigation (Level AA) | Supports | Drata supports this criterion |
3.2.4 Consistent Identification (Level AA) | Partially Supports | The application has some issues with duplicate ID attribute values. This can be improved by ensuring that all ID attributes are unique across the application. |
3.3.3 Error Suggestion (Level AA) | Partially Supports | Drata partially supports this criterion. While most errors provide suggestions for correction, there are some areas where this could be improved. We are working on improving the error suggestions in future releases. |
Partially Supports | Drata partially supports this criterion. Some exceptions exist in Event Tracking We are working to address this in future releases. | |
4.1.3 Status Messages (Level AA 2.1 only) | Partially Supports | Drata partially supports this criterion. Some exceptions exist on the following components/pages: • Risk Assessment • Audit Hub • Monitoring • Frameworks • New Custom Framework Modal • Controls • Search results • Loading spinner should announced to the screen reader user • Event Tracking • For any control, when no result found then the status message is not announced by the screen reader We are working to address this in future releases. |
Table 3: Success Criteria, Level AAA
Notes:
Criteria | Conformance Level | Remarks and Explanations |
---|---|---|
1.2.6 Sign Language (Prerecorded) (Level AAA) | Not Evaluated | |
1.2.7 Extended Audio Description (Prerecorded) (Level AAA) | Not Evaluated | |
1.2.8 Media Alternative (Prerecorded) (Level AAA) | Not Evaluated | |
1.2.9 Audio-only (Live) (Level AAA) | Not Evaluated | |
1.3.6 Identify Purpose (Level AAA 2.1 only) | Not Evaluated | |
1.4.6 Contrast (Enhanced) (Level AAA) | Not Evaluated | |
1.4.7 Low or No Background Audio (Level AAA) | Not Evaluated | |
1.4.8 Visual Presentation (Level AAA) | Not Evaluated | |
1.4.9 Images of Text (No Exception) (Level AAA) | Not Evaluated | |
2.1.3 Keyboard (No Exception) (Level AAA) | Not Evaluated | |
2.2.3 No Timing (Level AAA) | Not Evaluated | |
2.2.4 Interruptions (Level AAA) | Not Evaluated | |
2.2.5 Re-authenticating (Level AAA) | Not Evaluated | |
2.2.6 Timeouts (Level AAA 2.1 only) | Not Evaluated | |
2.3.2 Three Flashes (Level AAA) | Not Evaluated | |
2.3.3 Animation from Interactions (Level AAA 2.1 only) | Not Evaluated | |
2.4.8 Location (Level AAA) | Not Evaluated | |
2.4.9 Link Purpose (Link Only) (Level AAA) | Not Evaluated | |
2.4.10 Section Headings (Level AAA) | Not Evaluated | |
2.5.5 Target Size (Level AAA 2.1 only) | Not Evaluated | |
2.5.6 Concurrent Input Mechanisms (Level AAA 2.1 only) | Not Evaluated | |
3.1.3 Unusual Words (Level AAA) | Not Evaluated | |
3.1.4 Abbreviations (Level AAA) | Not Evaluated | |
3.1.5 Reading Level (Level AAA) | Not Evaluated | |
3.1.6 Pronunciation (Level AAA) | Not Evaluated | |
3.2.5 Change on Request (Level AAA) | Not Evaluated | |
3.3.5 Help (Level AAA) | Not Evaluated | |
3.3.6 Error Prevention (All) (Level AAA) | Not Evaluated |
Legal Disclaimer
Drata Inc. All rights reserved.
The names of actual companies and products mentioned herein may be the trademarks of their respective owners. The information contained in this document represents the current view of Drata on the issues discussed as of the date of publication. Drata regularly updates its websites with new information about the accessibility of products as that information becomes available.
Customization of the product voids this conformance statement from Drata. Customers may make independent conformance statements if they have conducted due diligence to meet all relevant requirements for their customization.
Please consult with Assistive Technology (AT) vendors for compatibility specifications of specific AT products. This document is for informational purposes only.
Drata does not warrant that this document is error free, nor does it provide any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. Drata specifically disclaims any liability with respect to this document and no contractual obligations are formed either directly or indirectly by this document. Drata further makes no representation concerning the ability of assistive technologies or other products to interoperate with Drata’s Services.