CVAA – Recordkeeping
- Information about the manufacturer’s or service provider’s efforts to consult with individuals with disabilities;
- Descriptions of the accessibility features of its products and services; and
- Information about the compatibility of its products and services with peripheral devices or specialized customer premise equipment commonly used by individuals with disabilities to achieve access.
The regulatory wording and that provided in the report and order make it unclear if record keeping is explicitly limited to these three specific types (FCC 11-151 ¶60) or if the record merely must contain these three types or records. SSB expects that the latter is far more likely as the intent of the Act and the resultant regulations cover myriad issues outside of the scope of the records defined above. A narrow reading would seem to undermine the intent of the Act and regulations which ultimately require efforts to conform to a broader set of requirements than the three outlined above. Further, the FCC notes that it expects “that entities will establish and sustain effective internal procedures for creating and maintaining records that demonstrate compliance efforts and allow for prompt response to complaints and inquiries.” This implies a scope of all activities focused on compliance with the Act – not a subset limited to specific types of records. As such, SSB has reasoned that the areas defined above do not define the full scope of records and merely define a set of things that must be included within the records. The records as a whole must demonstrate the efforts to conform to all relevant portions of the Act.
The Act only requires that products be made accessible if doing so is “achievable.” When covered entities do not make their products or services accessible, and claim as a defense that it is not achievable for them to do so, they bear the burden of proof on this defense. While entities are not technically required to keep records to this end they should note that they bear the burden of proof for justifying such claims. If a complaint was to arise, and a claim of “not achievable” was to be made, the FCC would require that an organization provide records demonstrating:
- The nature and cost of the steps needed to make equipment and services accessible in the design, development, testing, and deployment process to make a piece of equipment or software in the case of a manufacturer, or service in the case of a service provider, usable by individuals with disabilities;
- The technical and economic impact on the operation of the manufacturer or provider and on the operation of the specific equipment or service in question, including on the development and deployment of new communications technologies;
- The type of operations of the manufacturer or service provider; and,
- The extent to which the service provider or manufacturer in question offers accessible services or equipment containing varying degrees of functionality and features, and offered at differing price points. (FCC 11-151 ¶221)
While records may not be explicitly required for products where a determination of non-achievability is made, if a complaint arises, documentation is then required after the fact to show the due diligence of how the determination was made. In practice, SSB reads this as implicitly requiring organizations to maintain records about determinations of non-achievability based on the criteria defined above.
Third Party Solutions Documentation
As with the requirements for Non-Achievability Documentation manufacturers and services providers electing to provide accessibility via third-party solutions must be prepared to produce relevant documentation showing that these solutions meet the requirements of the Act.( FCC 11-151 ¶222) A reasonable interpretation of this requirement is to ensure that the covered products and services both (i) meet the accessibility, usability and compatibility requirements of the Act when used in conjunction with the third-party solution and (ii) that the manufacturer meets the direct requirements for CVAA – Third Party Solutions.
An officer of each manufacturer or service provider subject to the record keeping requirements must submit a certification of conformance annually to the FCC. The certificate must state that the manufacturer or service provider has established operating procedures that are adequate to ensure compliance with the recordkeeping rules and that records are, in fact, being kept in accordance with the rules. The certification is supported by “an affidavit or declaration under penalty of perjury, signed and dated by the authorized officer of the company with personal knowledge of the representations provided in the company’s certification.” As part of the certification, the company must identify the name and contact details of a person or people authorized to resolve complaints and alleged violations of under the relevant sections of the Act.
This certification must be filed with the Commission on or before April 1st, 2013 and updated annually thereafter for the previous calendar year . The certificate also needs to be updated when necessary to ensure that the contact information on it remains current.
While the records of conformance kept by the manufacturer are not public records upon the service of a complaint – either formal or informal – the FCC may request that the manufacturer produce the records. The manufacturer may request that some or all of these records be treated confidentially by following the current policies in place with the FCC.
SSB recommends that organizations maintain a central repository of the product records that are maintained for each product or service that is covered under the CVAA. This central repository should be maintained by a single group – generally compliance – that has the authority to require and compel products to submit the relevant paperwork.
For many organizations SSB works with, a strong, central authority that governs accessibility is a materially different governance model than that currently used for accessibility. Most organizations have a governance model that requires each product to maintain their own records for accessibility. A central accessibility office plays a coordinating and supporting role across the organization, but has no authority to compel product groups to produce documentation. Such a model has generally been developed under and aligns well with accessibility procurement laws such as Section 508. Section 508, however, has no enforcement mechanism, as it relates to manufacturers and is simply a procurement law. In the case of Section 508, the only potential risk to organizations is that a lack of accessibility will cause the products they offer to be viewed as less competitive in a bid and be scored accordingly. Given the many disparate approaches to Section 508 compliance throughout the US Federal government, however, it is decidedly not the case that a product that is inaccessible will not be able to access the public sector market. A lack of accessibility at most means that specific, key Federal accounts may be more difficult to access. Such a profile means that the risk of non-compliance under Section 508 is generally low and that governance models devoted to addressing issues are accordingly loose.
This is decidedly not the case with the CVAA. The CVAA regulations are enforced by the FCC and can cause organizations to see damages up to $100,000 a day and $1,000,000 dollars in total for each complaint. Further, covered organizations are required to file a certification with the FCC that records of the organization’s efforts to conform to the requirements “are being kept in accordance with this section.” The certification is “supported with an affidavit or declaration under penalty of perjury, signed and dated by the authorized officer of the company with personal knowledge of the representations provided in the company’s certification, verifying the truth and accuracy of the information therein.” This certification provides a clear connotation that records are being actively kept and required rather than passively produced, as products deem appropriate. By not centralizing the authority, an organization runs the material risk that a product will not develop or maintain the relevant records. In that event, should a complaint occur, the organization would find itself in the uncomfortable position of having certified to the FCC that records are being kept when, in fact, no such records exist. A basic governance model requiring that these records be filed centrally with a group under the authority of the certifying party would seem to meet the requirements of the FCC and ensure conformance to the process. Such a governance model is in line with the intent of the FCC in developing the record keeping requirements of the Act.
Given this, SSB recommends clients pursue strong conformance with the requirements and develop a central recordkeeping repository. This repository would hold all the records required for product groups and effectively meet the requirements contemplated by the FCC under 47 CFR 14.31 (a) and (b). While organizations can develop such a repository, SSB recommends organizations use AMP or a similar electronic system to gather and store the records, as this materially lessens the cost and complexity of maintaining and implementing the system while drastically increasing conformance.