Accessibility, audited end-to-end. With the conformance artifact your procurement counterparty will accept.

Five anchored sub-products covering single-property audits, signed VPAT 2.5 / ACR production, AAA-bucket criterion engineering, patient-portal specialty audits, and quarterly governance retainers. Anchored on the engineer who built HELiX.

Schedule a 30-min scoping call

Single-property audit (A1)

Most accessibility audits are an axe-core dump dressed up in a PDF.

Accessibility in 2026 is no longer a compliance afterthought. ADA Title III actions against digital surfaces remain at sustained highs. Section 508 procurement gates HHS-adjacent contracts. EN 301 549 gates EU public-sector tenders. OCR investigations attach to any patient-facing surface. The buyer pressures are real and they arrive with deadlines.

The catch is that most “accessibility audits” available in the market are an axe-core dump dressed up in a PDF. The findings don’t cite component file:line. The remediation roadmap is “fix the axe-core findings.” The conformance artifact, if it ships at all, is a stale VPAT 2.0 against WCAG 2.0 — not the VPAT 2.5 against WCAG 2.2 your procurement counterparty actually requires today.

You need an audit an engineering team can act on, a conformance artifact your procurement office will accept, and a posture that doesn’t drift two weeks after the audit lands. BST is a senior engineering consultancy; accessibility is one of several practice areas, anchored on the principal who built HELiX — our open-source healthcare component library shipping at WCAG 2.2 AA. The cluster covers the buying moments; the sub-pages convert them.

A1 — Single Property Audit

A scoped WCAG 2.2 AA audit of one property — marketing site, app surface, or single-tenant portal. Findings cite SC, page, element, and (where the consumer ships on a known component library) component file:line. $10K–$25K, 1.5–3 weeks. The right fit for an ADA demand letter, a vendor RFP a11y question, or a marketing-site refresh regression.
B1 — VPAT 2.5 / ACR Production

A signed VPAT 2.5 / ACR your procurement counterparty will accept — produced from an underlying audit and delivered under principal-engineer attestation. The right fit for federal contractor procurement, healthcare RFP response, or EU public-sector tender. $15K–$28K, 2–3 weeks.
D1 — AAA-bucket Token Pipeline

AAA-bucket criterion engineering for a design system rebuild — the contrast, focus, and target-size criteria that ship at the token layer rather than the editorial layer. Per-criterion engineering, not a single conformance claim. The right fit for a design-system rebuild with an AAA-bucket commitment from day one. Anchor pricing published on the sub-page.
E1 — Governance Retainer

Ongoing posture maintenance with a quarterly re-published ACR. The right fit for organizations with two-to-six active properties under an existing accessibility commitment that needs to not drift. Annual retainer; per-quarter cadence published on the sub-page.
G1 — Patient Portal Specialty Audit

A WCAG 2.2 AA audit of a patient portal or other PHI-touching healthcare surface, run under PHI-aware doctrine — engineering controls supporting Business Associate obligations under an executed BAA. The right fit for a patient portal under OCR scrutiny or an EHR integration release. Anchor pricing published on the sub-page.

Buyer triggers

How to choose

ADA demand letter on a single property
Wave 1

Deliverable A1 — Single Property Audit

A scoped audit of the property in question, with findings calibrated to the demand letter's claim surface. Most-common wave-1 entry point.
Federal / healthcare procurement bid due
Wave 1

Deliverable B1 — VPAT 2.5 / ACR (often with A1 as the underlying audit)

Procurement counterparty wants a signed conformance artifact, not a self-attested checkbox. A1 produces the evidence; B1 produces the signed VPAT 2.5 / ACR.
Patient portal under OCR scrutiny
Wave 1

Deliverable G1 — Patient Portal Specialty Audit

PHI-aware engagement scope; BAA before any access. The audit and remediation plan calibrated to OCR enforcement themes and the portal's specific surface.
Design system rebuild with AAA-bucket commitment
Wave 2

Deliverable D1 — AAA-bucket Token Pipeline

The AAA-bucket criteria that ship at the token layer — contrast, focus appearance, target size. Per-criterion engineering against your design-system spine. Sub-page published in Wave 2.
Ongoing posture maintenance, 2–6 active properties
Wave 2

Deliverable E1 — Governance Retainer

Quarterly cadence; re-published ACR; drift-prevention against an existing audit baseline. Sub-page published in Wave 2.
Scope outside the kitted five
Bespoke

Deliverable Request a bespoke scope

Multi-property portfolios, multi-brand AAA pipelines, EHR-integration audits, and commit-gate enforcement are sold bespoke under the cluster patterns. We return a draft SOW within five business days.

$10,000 – $96,000 See sub-page for engagement-specific duration

Engagement model Tiered scope

Cluster pricing varies by sub-product. A1 (single-property audit) anchors at $10K–$25K. B1 (signed VPAT 2.5 / ACR) anchors at $15K–$28K. G1 (patient portal specialty audit) anchors at the upper-mid range with PHI scope. D1 (AAA-bucket token pipeline) and E1 (governance retainer) publish ranges on their sub-pages. Bespoke scopes (multi-property, multi-brand, EHR-integration, commit-gate enforcement) return a draft SOW within five business days. All published anchors are time-and-materials with a not-to-exceed cap, per the BST Engagement Model.

Request a scoping call

Anchor pricing reflects typical engagement ranges. Actual fees are scoped per engagement under time-and-materials with a not-to-exceed cap. Pricing shown does not constitute a binding offer.

FAQ

Frequently asked questions

How long does an audit take?

Depends on the sub-product:

A1 (Single Property Audit): 1.5–3 weeks
B1 (VPAT 2.5 / ACR): 2–3 weeks
G1 (Patient Portal Audit): 4–6 weeks
D1 (AAA Token Pipeline): 4–6 weeks
E1 (Governance Retainer): quarterly cadence

Do you sign the VPAT 2.5?

Yes — under principal-engineer attestation through Clarity House LLC, against the VPAT 2.5 INT template. Procurement-credible. Note this is principal-engineer attestation, not the regulatory third-party-assessor designation; where formal third-party attestation is required, a complementary firm engagement may be needed and we can recommend partners. The signed-artifact engagement is B1.

Do you sign a BAA?

Yes for healthcare engagements. Standard before any PHI access, and a precondition of the G1 sub-product and the Healthcare AI Compliance Review.

Do you do AAA?

Yes — as AAA-bucket criterion engineering, not as a blanket "AAA conformance" claim. WCAG 2.2 AAA is a per-criterion ladder; some criteria (contrast enhanced, focus appearance, target size enhanced) ship at the component / token layer and are realistic deliverables under D1 (AAA Token Pipeline). Others (sign-language alternates, plain-language alternates) require client editorial commitment. We tell you which criteria are within reach during scoping.

Will you do the remediation work too?

Yes, on a separate SOW. The audit produces the prioritized roadmap; many clients run remediation in-house with the roadmap as their guide and bring BST back for closeout re-audit. Token-layer remediation routes to D1; component architecture issues route to component library architecture.

Are you a third-party assessor?

BST is an engineering audit firm; we sign deliverables under principal-engineer attestation through Clarity House LLC. Where federal contracting or healthcare insurance procurement requires a regulatory third-party assessor in the strict sense, we can recommend a complementary firm.

Can you handle multi-brand or multi-property scope?

Yes — both as bespoke scopes under the cluster patterns. Request a bespoke scope and we return a draft SOW within five business days. Two-to-six active properties under an existing accessibility commitment are a fit for the E1 governance retainer.

Do you support EN 301 549 (EU)?

Yes. The EN 301 549 overlay is included in B1 (VPAT 2.5 / ACR) where in scope; an EN 301 549 conformance statement product is available bespoke. Section 508 overlay ships with B1 by default.

Ready to find the right audit for your buying moment?

Five anchored sub-products. Principal-engineer attestation. The conformance artifact your procurement office will accept.

Schedule a 30-min scoping call

Talk to a principal first

Accessibility, audited end-to-end. With the conformance artifact your procurement counterparty will accept.

Most accessibility audits are an axe-core dump dressed up in a PDF.

The five anchored sub-products

A1 — Single Property Audit

B1 — VPAT 2.5 / ACR Production

D1 — AAA-bucket Token Pipeline

E1 — Governance Retainer

G1 — Patient Portal Specialty Audit

How to choose

ADA demand letter on a single property

Federal / healthcare procurement bid due

Patient portal under OCR scrutiny

Design system rebuild with AAA-bucket commitment

Ongoing posture maintenance, 2–6 active properties

Scope outside the kitted five

Pricing posture

Frequently asked questions

Often combined with

Healthcare AI Compliance Review

AI Security Review

Ready to find the right audit for your buying moment?