Accessible design systems, audited end-to-end. With the conformance artifact your procurement counterparty will accept.
Design-systems and accessibility engineering is the work BST leads with. Single-property audits, signed VPAT 2.5 / ACR production, component-library architecture with an AAA-bucket floor, patient-portal specialty audits, and quarterly governance retainers. Anchored on HELiX — the open-source component library where the method is public.
Most accessibility audits are an axe-core dump dressed up in a PDF.
Accessibility in 2026 is no longer a compliance afterthought. ADA Title III actions against digital surfaces remain at sustained highs. Section 508 procurement gates HHS-adjacent contracts. EN 301 549 gates EU public-sector tenders. OCR investigations attach to any patient-facing surface. The buyer pressures are real and they arrive with deadlines.
The catch is that most “accessibility audits” available in the market are an axe-core dump dressed up in a PDF. The findings don’t cite component file:line. The remediation roadmap is “fix the axe-core findings.” The conformance artifact, if it ships at all, is a stale VPAT 2.0 against WCAG 2.0 — not the VPAT 2.5 against WCAG 2.2 your procurement counterparty actually requires today.
You need an audit an engineering team can act on, a conformance artifact your procurement office will accept, and a posture that doesn’t drift two weeks after the audit lands. Design-systems and accessibility engineering is the practice BST leads with — the work is anchored on HELiX, our open-source component library shipping at WCAG 2.2 AA with an AAA-bucket floor, so the method is public and the receipts are readable. Accessibility here is not a checklist bolted onto a finished product; it is engineered at the token and component layer, where it holds. The cluster covers the buying moments; the sub-pages convert them.
The five anchored sub-products
-
A1 — Single Property Audit
A scoped WCAG 2.2 AA audit of one property — marketing site, app surface, or single-tenant portal. Findings cite SC, page, element, and (where the consumer ships on a known component library) component file:line. $10K–$25K, 1.5–3 weeks. The right fit for an ADA demand letter, a vendor RFP a11y question, or a marketing-site refresh regression.
-
B1 — VPAT 2.5 / ACR Production
A signed VPAT 2.5 / ACR your procurement counterparty will accept — produced from an underlying audit and delivered under principal-engineer attestation. The right fit for federal contractor procurement, healthcare RFP response, or EU public-sector tender. $15K–$28K, 2–3 weeks.
-
Component Library Architecture — the design-systems flagship
Token pipeline, framework adapters, component contract, and an AAA-bucket conformance floor engineered into a component library from the architecture layer up — the contrast, focus, and target-size criteria that ship at the token layer rather than the editorial layer. Per-criterion engineering, not a single conformance claim. The right fit for a design-system build or rearchitecture with an AAA-bucket commitment from day one. Anchor pricing published on the sub-page.
-
E1 — Governance Retainer
Ongoing posture maintenance with a quarterly re-published ACR. The right fit for organizations with two-to-six active properties under an existing accessibility commitment that needs to not drift. Annual retainer; per-quarter cadence published on the sub-page.
-
G1 — Patient Portal Specialty Audit
A WCAG 2.2 AA audit of a patient portal or other PHI-touching healthcare surface, run under PHI-aware doctrine — engineering controls supporting Business Associate obligations under an executed BAA. The right fit for a patient portal under OCR scrutiny or an EHR integration release. Anchor pricing published on the sub-page.
How to choose
-
ADA demand letter on a single property
Wave 1Deliverable A1 — Single Property Audit
A scoped audit of the property in question, with findings calibrated to the demand letter's claim surface. Most-common wave-1 entry point.
-
Federal / healthcare procurement bid due
Wave 1Deliverable B1 — VPAT 2.5 / ACR (often with A1 as the underlying audit)
Procurement counterparty wants a signed conformance artifact, not a self-attested checkbox. A1 produces the evidence; B1 produces the signed VPAT 2.5 / ACR.
-
Patient portal under OCR scrutiny
Wave 1Deliverable G1 — Patient Portal Specialty Audit
PHI-aware engagement scope; BAA before any access. The audit and remediation plan calibrated to OCR enforcement themes and the portal's specific surface.
-
Design system build or rearchitecture with AAA-bucket commitment
FlagshipDeliverable Component Library Architecture
Token pipeline, framework adapters, component contract, and the AAA-bucket criteria that ship at the token layer — contrast, focus appearance, target size. Per-criterion engineering against your design-system spine, anchored on the HELiX reference implementation.
-
Ongoing posture maintenance, 2–6 active properties
Wave 2Deliverable E1 — Governance Retainer
Quarterly cadence; re-published ACR; drift-prevention against an existing audit baseline. Sub-page published in Wave 2.
-
Scope outside the kitted five
BespokeDeliverable Request a bespoke scope
Multi-property portfolios, multi-brand AAA pipelines, EHR-integration audits, and commit-gate enforcement are sold bespoke under the cluster patterns. We return a draft SOW within five business days.
Pricing posture
Engagement model Tiered scope
Cluster pricing varies by sub-product. The single-property audit anchors at $10K–$25K. The signed VPAT 2.5 / ACR anchors at $15K–$28K. The patient-portal specialty audit anchors at the upper-mid range with PHI scope. Component Library Architecture (the design-systems flagship, with the AAA-bucket floor) and the governance retainer publish ranges on their sub-pages. Bespoke scopes (multi-property, multi-brand, EHR-integration, commit-gate enforcement) return a draft SOW within five business days. All published anchors are time-and-materials with a not-to-exceed cap, per the BST Engagement Model.
Anchor pricing reflects typical engagement ranges. Actual fees are scoped per engagement under time-and-materials with a not-to-exceed cap. Pricing shown does not constitute a binding offer.
Frequently asked questions
How long does an audit take?
- Single Property Audit: 1.5–3 weeks
- VPAT 2.5 / ACR: 2–3 weeks
- Patient Portal Audit: 4–6 weeks
- Component Library Architecture: 6–10 weeks
- Governance Retainer: quarterly cadence
Do you sign the VPAT 2.5?
Do you sign a BAA?
Do you do AAA?
Will you do the remediation work too?
Are you a third-party assessor?
Can you handle multi-brand or multi-property scope?
Do you support EN 301 549 (EU)?
Often combined with
-
Healthcare AI Compliance Review
When the surface is a patient portal or other PHI-touching healthcare AI experience. WCAG audit here, HIPAA / BAA / SaMD lens there. Common attach.
-
AI Security Review
When the same release window needs an accessibility signature and an AI security audit. Two audits, one engagement.
Start with the audit that fits your buying moment.
Five anchored sub-products. Principal-engineer attestation. The conformance artifact your procurement office will accept.