1. Purpose 

The objective of this procedure is to ensure that all University of Washington mobile applications meet the UW Minimum Digital Accessibility Technical Standard, by embedding accessibility, branding, security, privacy, and maintenance expectations into the mobile app development and publishing lifecycle. This supports institutional risk mitigation, policy compliance, and inclusive access for all users. (Adapted from the Application publishing guidelines – Mobile applications at the UW)

2. Scope 

This procedure applies to:

• All UW units launching, acquiring, or significantly updating university-affiliated mobile applications.
• All university personnel involved in the creation, procurement, development, deployment, or maintenance of public-facing mobile applications.
• Mobile applications hosted on UW infrastructure or externally hosted on behalf of a UW unit, regardless of funding source, development model, or ownership structure.
• External vendors, contractors, and third parties developing or supporting mobile applications on behalf of any UW unit.

3. References 

• APS 2.3 Information Technology, Telecommunications and Networking Projects, and Acquisitions
• APS 9.0 Digital Accessibility
• Minimum Digital Accessibility Standard (Interim)  
• DOJ Final Rule on Web Accessibility under Title II (2024)
• WaTech USER-01 Digital Accessibility Policy

4. Definitions

Application Sponsor

An application sponsor means a director-level (or equivalent) representative of a UW unit that sponsors a mobile app project.

Mobile Applications (Apps)

Mobile applications mean software applications developed for a mobile device platform (e.g., iOS, Android) that is public-facing and distributed via an app store or similar channel, and affiliated with a UW unit.

Primary Developer

A primary Developer means the person or team responsible for code, distributions, app store submission and updates for the mobile application.

5. Roles and Responsibilities  

Role	Responsibilities
Application Sponsor	Ensure the app aligns with UW accessibility, branding, privacy, security, and procurement policies. Engage with UWIT ATS for accessibility review. Engage with UWIT CISO or equivalent for security review. Ensure vendor/contractor compliance when external development is used.
Primary Developer/Vendor	Manage app publishing, distribution, and developer-team membership. Incorporate accessibility and security remediation steps identified in reviews. Maintain the application over its lifecycle.
University Advancement, Marketing and Communications (UMAC), Web Strategy Team	Responsible for institutional oversight of app store accounts and auditing. Maintain the official UW App Store accounts (Apple, Google) and vendor relationships. Perform audits for compliance (accessibility, security, maintenance). Issue notices and execute removal of non-compliant or unmaintained apps as required.
Information Technology, Accessible Technology Services (UWIT ATS)	Provide accessibility consultations and reviews for mobile applications.
UWIT Chief Information Security Officer (UWIT CISO) / Security Office	Provide security review and guidance for mobile application data, coding, and deployment practices.

 

6. Procedure Steps

1. Project Initiation & Sponsor Assignment

1. 1. The unit identifies a need for a mobile app or major update.
   2. The unit assigns an Application Sponsor (director-level) and identifies a Primary Developer/Vendor.
   3. The Application Sponsor ensures awareness of this procedure and references the app publishing guidelines.

2. Requirements Definition

1. 1. Application Sponsor works with Primary Developer/Vendor to draft functional requirements, including accessibility, branding, data/privilege requirements, platform target(s).
   2. Include in the procurement or development charter: “App will comply with the UW Minimum Digital Accessibility Technical Standard.”

3. Accessibility Review Engagement

1. 1. Prior to major development/screening, Application Sponsor engages UWIT ATS for an accessibility review of the planned application.
   2. Developer/vendor prepares any requested materials (designs, UI flows) for UWIT ATS review.

4. Security & Privacy Review Engagement

1. 1. Sponsor engages UWIT CISO/Security Office for a security review of planned app and data flow, prior to app store submission.
   2. Primary Developer/Vendor incorporates secure coding practices, data protection, and privacy statements consistent with UW policy.

5. Development, Testing & Remediation

1. 1. Primary Developer/Vendor builds the app, incorporating accessibility and security recommendations.
   2. Primary Developer/Vendor performs internal testing: accessibility testing (screen reader, color contrast, keyboard navigation), security testing (vulnerabilities).
   3. If IAS (Internal Accessibility/ Security) testing identifies issues, remediate before submission.

6. Publishing & Maintenance Preparation

1. 1. Primary Developer/Vendor submits the app to the app store via the UW centralized developer account (managed by UMAC).
   2. Primary Developer/Vendor ensures branding guidelines are followed (logos, naming, etc.) and distribution is free (non-monetized).
   3. Application Sponsor and Primary Developer/Vendor commit to an update/maintenance plan (bug fixes, security patches, accessibility updates).

7. Post-Publishing Monitoring & Remediation

1. 1. The Application Sponsor and Primary Developer/Vendor are jointly responsible for ensuring that UW-affiliated mobile applications remain actively maintained and supported throughout their lifecycle. Applications that are not updated, monitored for bugs/security issues, or supported by a responsible unit are considered unmaintained and present risk to users and the University.
   2. An application may be designated “unmaintained” if any of the following are observed
      • No updates or maintenance activity for a sustained period
      • Known bugs, accessibility issues, or security findings remain unresolved
      • UMAC or UWIT cannot reach the Application Sponsor or Primary Developer/Vendor
      • The responsible unit no longer claims ownership of the application
   3. When an app is suspected to be unmaintained, the UMAC Web Strategy team will:
      • Initiate a status review
      • Contact the Application Sponsor to confirm ownership and maintenance intent
   4. If the Application Sponsor does not respond within fifteen (15) calendar days, UMAC will issue a final notice.
   5. The Application Sponsor then has thirty (30) calendar days from the date of the final notice to either:
      • Confirm intent to continue supporting and maintaining the app, and provide a timeline for remediation, or
      • Remove the app from the app store (after securing any required backups/export)
   6. If no response is received within the final 30-day window, UMAC will remove the application from the app store.

7. Exceptions

Any deviations from this procedure must be documented in writing and approved by the Application Sponsor and UWIT (or UWIT ATS/CISO as appropriate). Exception requests should specify:

• The rationale for deviation (e.g., legacy system constraints, vendor limitation)
• The exact nature of the deviation (what standard or step is being changed)
• The compensating controls or mitigations (e.g., manual accessibility workaround, limited-time exemption)
• The expiration date of the exception (must be reviewed at least annually)

Exceptions do not relieve the unit from overall responsibility for accessibility, security, and maintenance obligations. If an exception is approved, the unit must monitor and report on residual risk.

 8. Compliance and Enforcement

Compliance will be monitored by UMAC (Web Strategy team) through:

• Regular audits of mobile apps published under UW accounts (including accessibility review status, security review status, maintenance activity)
• Tracking remediation timelines for accessibility and security issues (six-month target)
• Monitoring app maintenance (update frequency, sponsor responsiveness)

Consequences of non-compliance:

• If an app is found to monetize in contradiction to UW non-profit distribution rules, UMAC will require removal of monetization features, and if uncorrected, removal from the store.
• If an application is found to be unmaintained and sponsor does not respond, UMAC will remove the app from the store.
• Units that repeatedly fail to meet these obligations may be escalated to senior leadership and have future app publishing privileges restricted.

 

9. Revision History

Version	Date	Author	Description
1.0	10/29/2025	Shoda	Initial draft