Is a scan report considered compliance evidence?

A scan report alone is not compliance evidence. It shows what a scanner found on a given day but does not document who was responsible, what actions were taken, or whether issues were resolved. Compliance evidence requires a chain of accountability from detection through remediation.

What Is Accessibility Compliance Evidence?

Q: What is accessibility compliance evidence?

Accessibility compliance evidence is the documented proof that an organization identified accessibility issues, assigned responsibility for them, tracked remediation efforts, and maintained ongoing oversight. It includes detection records, attribution chains, remediation evidence, review decisions, and governance timelines.

Q: Why does accessibility compliance evidence matter?

When an organization faces legal scrutiny over accessibility, the question is rarely whether it ran scans. The question is whether it can demonstrate a systematic, ongoing effort to identify and remediate issues. Without documented evidence of that effort, even genuine work becomes invisible to courts and regulators.

The documentation that proves an organization took accessibility seriously — not just once, but continuously.

Accessibility compliance evidence is the documented proof that an organization identified accessibility issues, assigned responsibility for them, tracked remediation efforts, and maintained ongoing oversight. It is not a single report or a point-in-time snapshot. It is a continuous record of institutional accountability.

This evidence typically includes detection records, attribution chains showing who was responsible for each issue, timestamped remediation actions, review decisions by authorized personnel, and governance timelines demonstrating sustained effort.

What It Includes

Records of when and how accessibility issues were detected
Attribution showing who acknowledged each issue and who was assigned to fix it
Timestamped evidence of remediation actions taken
Review decisions by someone other than the person who submitted the fix
A governance timeline showing ongoing monitoring, not just one-time effort

What It Does Not Include

A scan report by itself is not compliance evidence. Neither is an accessibility statement on a website, a vendor contract, or an internal email saying "we're working on it."

These artifacts may be useful, but none of them demonstrate the chain of detection, responsibility, action, and review that constitutes real evidence. A scan report proves you ran a scan. It does not prove you acted on the results.

Why It Matters

When an organization faces legal scrutiny over web accessibility — whether through an ADA demand letter, a regulatory inquiry, or litigation — the question is rarely whether it ran scans.

The question is whether it can demonstrate a systematic, ongoing effort to identify and fix issues. Without documented evidence of that effort, even years of genuine work becomes invisible to courts and regulators.

Organizations that can produce a defensible record of their accessibility work are in a fundamentally different position than those that cannot.

Common Misconceptions

"We have scan reports, so we have evidence." Scan reports show what a tool found. They do not show what you did about it. Under legal examination, a stack of scan reports with no remediation trail can actually work against you — it may suggest you knew about issues and did nothing.

"Our developers fixed the issues, so we're covered." If there is no record of who fixed what, when, and who verified the fix, the work is undocumented. Undocumented work is, for legal purposes, work that may not have happened.

"An accessibility overlay or plugin is evidence of compliance." Overlays are not remediation. They do not fix underlying code issues and are not accepted as evidence of a good-faith accessibility effort by most courts.

What This Means in Practice

Building compliance evidence means creating a system where every accessibility issue has a documented lifecycle: detected, acknowledged, assigned, remediated, reviewed, and closed. Each step is attributed to a specific person and timestamped.

This is not about bureaucracy. It is about ensuring that when someone asks "what did you do about accessibility?", you have a precise, verifiable answer — not a narrative, but a record.

SiteRecord is built to produce this kind of evidence as a byproduct of normal accessibility work. Every action is attributed, timestamped, and immutable.