Web Content Accessibility Standard

 

Overview

The University of Alaska is committed to providing IT Services that are accessible to the widest possible audience, including individuals with disabilities. All digitally delivered content will comply with Section 504 of the Rehabilitation Act of 1973 (29 USC 794 and its implementing regulations at 34 CFR Part 104) and with Title II of the Americans with Disabilities Act of 1990 (42 USC 12131 and following, and implementing regulations at 28 CFR Part 35). Specifically, the Americans with Disabilities Act Title II Regulations Subpart H—Web and Mobile Accessibility requires compliance with Web Content Accessibility Guidelines (WCAG) 2.1, Level AA standards. 

To this end, UA will adhere to the following standards:

  • All new and revised digitally delivered content will meet WCAG 2.1, Level AA standards
  • Existing digitally delivered content will be assessed and brought into compliance on a prioritized schedule as resources allow
  • All procurement of digital content and technologies will require compliance with WCAG 2.1, Level AA standards
  • Applications failing to meet WCAG 2.1 requirements must be avoided or restricted to use-cases where compliance can be fully maintained

Scope

Information Security and Assurance (ISA) Standards are mandatory and apply to the UA System and all users of UA computing resources.  This standard supplements and supports Board of Regents Policy & Regulation R02.07. These standards are reviewed and approved by the CIO Management Team (CMT), a system-wide governance group consisting of each university CIO, the System CITO, and the System CISO.  Business units maintaining their own security standards should utilize this standard as a baseline and may add additional requirements or detail as appropriate for their business needs, however, may not weaken any individual element of this standard without an approved Information Security Controls Exception.

This standard is periodically reviewed and updated to respond to emerging threats, changes in legal and regulatory requirements, and technological advances.


This security standard applies to all UA digitally delivered content.

This standard is periodically reviewed and updated to respond to emerging threats, changes in legal and regulatory requirements, and technological advances.

Standard

Summary of the Regulations for Higher Education

The new rule provides a clear, enforceable technical standard (WCAG 2.1 Level AA) for digital accessibility, moving beyond previous "accommodation on request" standards toward a proactive approach. Compliance is required for all digital content used in university programs, services, and activities, including:

  • Public-facing websites and mobile apps: All informational, administrative, and departmental websites, including student portals, registration systems, and official university-branded mobile applications.
  • Academic course content: All materials hosted within Learning Management Systems (LMS) such as Canvas or Blackboard. This includes syllabi, lecture notes, quizzes, and any digital resources required for participation in a course.
  • Electronic documents: All conventional electronic file formats used for university business or instruction, including PDFs, Word documents, spreadsheets, and presentation slides.
  • Multimedia content: All materials that integrate two or more distinct content forms (e.g,  a combination of auditory and visual information) including time-based media (podcasts, narrated slides), synchronized media (video with audio), and interactive or immersive media (360-degree video, AR/VR simulations).
  • Social Media content: All informational or promotional content posted by official university accounts on third-party platforms (e.g., Facebook, Instagram, LinkedIn, X).
  • Third-party vendor platforms: Software and services procured through contractual or licensing arrangements (e.g., parking apps, library databases, and HR portals).

Key Exceptions

  • Archived content: Content stored for reference, research, or record-keeping that is not currently used and has not been changed since archiving may be exempt.
  • Pre-existing social media posts: Posts made before the April 24, 2026, deadline do not need to be remediated, but all posts after this date must be compliant.
  • Individualized, password-protected documents: Files (PDFs, etc.) about a specific person or account that are secured (e.g., an individual's financial aid statement) are exempt.

For all exceptions, an accessible format must still be provided upon request.

The table below outlines the categories of information impacted and the general actions needed to make them compliant with the WCAG 2.1 Level AA standard required by the DOJ final rule.

Impacted Information
WCAG 2.1 AA Compliance Requirements

Websites and Mobile Apps

Ensure full functionality via keyboard navigation, proper heading structures, and consistent navigation and identification of elements.

Images and Non-Text Content

Provide descriptive alternative text (alt text) so screen readers can convey visual information or mark content as decorative when appropriate.

Documents (PDFs, Word, etc.)

Ensure documents are properly tagged, readable, and structured for accessibility software. This includes appropriate reading order, alt text for images, appropriately formatted lists, and sufficient color contrast.

Multimedia (Video and Audio)

Provide accurate synchronized captions for videos (prerecorded and live), transcripts for audio-only content, and Audio Description for videos (prerecorded).

Color and Visual Design

Maintain sufficient color contrast ratios (at least 4.5:1 for standard text) for readability, and do not use color alone to convey information.

Forms and Interactive Elements

Ensure all form fields have clear labels and can be completed using a keyboard or assistive technology without time limits that prevent completion. Ensure that color is not used as the only means of conveying information.

Text Readability

Provide a mechanism for text to be resized up to 200% without loss of content or functionality, and ensure text is not justified (aligned to both margins).

 

Responsibilities

The UA System Office establishes this standard, the University President is responsible for system level compliance, and each University Chancellor is responsible for campus compliance.

All university departments and units are responsible for ensuring their digitally delivered content complies with WCAG 2.1, Level AA standards.

The Office of Information Technology (OIT) will provide support and resources to assist in the compliance process.

 

Violations and Exceptions

In an effort to perform its requirements under Board of Regents Policy & Regulation R02.07.060 to secure University Information Resources, systems and services which fail to abide by approved information security controls may be subject to the implementation of compensating controls to effectively manage risk, up to and including disconnection from the UA network or blocking of traffic to/from untrusted networks.

UA employees, students, and other affiliates who attempt to circumvent an approved information security control may be subject to sanctions or administrative action depending on their role and the nature of the violation, which:

  • may result in a reduction or loss of access privileges, or the imposition of other restrictions or conditions on access privileges;
  • may subject employees to disciplinary action, up to and including termination; 
  • may subject students to disciplinary action including expulsion according to the Student Code of Conduct procedures; and 
  • may also subject violators to criminal prosecution. 

Requesting an Exception

The process for requesting exceptions to this or other IT Security Standard are outlined in the Information Security Controls Standard.

 

Implementation

OIT Information Security and Assurance is responsible for the implementation, maintenance and interpretation of this IT Standard.

Related Standards

Accounting and Administrative Manual Section 400: Information Technology

Workstation Security Standard 

Minimum Security Standard for Desktop Systems

Mobile Device Security

Remote Access Security Requirements

Standards for System Logging

Information Security Controls and Exceptions Standard

References

This standard is intended to align with Section 504 of the Rehabilitation Act of 1973 (29 USC 794 and its implementing regulations at 34 CFR Part 104) and with Title II of the Americans with Disabilities Act of 1990 (42 USC 12131 and following, and implementing regulations at 28 CFR Part 35).

This standard is supported by University of Alaska Board of Regents Policy and Regulation Chapter 02.07.

Lifecycle and Contacts

Standard Owner: OIT Information Security and Assurance

Standard Contact: Chief Information Security Officer

Phone: 907-474-5347

Email: ua-ciso@alaska.edu

Approved: February 2026

Effective: April 2026

Next Review: April 2027