06 Vendor & Third-Party Risk

Laradon retains legal liability for the accessibility of third-party tools under the doctrine of non-delegable duty.

06 Vendor Analysis

Vendor	Role	VPAT?	Risk	Action
Point A Solutions	Web developer	None	HIGH	Review MSA for breach; require a11y acceptance criteria
EveryAction (Bonterra)	Donation forms	Partial (2.0 AA for Apricot — wrong product)	VERY HIGH	Request VPAT for specific product; contract renewal condition
FreeWill	Planned giving	4 VPATs (2.1 AA+)	LOW	Fix HTTP→HTTPS link; highlight as "good faith" evidence
Elementor	Page builder	N/A	MEDIUM	Known heading/landmark issues; consider Ally plugin
ApplyToJob	Job applications	Unknown	HIGH	Request VPAT; evaluate alternative

EdTech Compound Failure Risk

Accessibility failure can compound across three layers for Laradon's students:

Website — service information, enrollment, contact
Learning tools — LMS, IEP software, AAC apps, digital curriculum (e.g., n2y / Unique Learning System)
PDFs — IEP documents, policies, reports

If a vendor cannot provide a compliant VPAT, Laradon must document an "Equally Effective Alternate Access Plan" (EEAAP).

Vendor Governance Recommendations

Current VPAT / ACR from all web/EdTech vendors
Contract language requiring remediation timelines and AT-tested regression prevention
Fallback accessible path when third-party components fail (e.g., phone donation)
Point A Solutions: Review MSA — delivery of lorem ipsum and basic WCAG violations likely constitutes breach of contract

← Economic Case

PR Strategy →