When you reduce work to what a digital asset cannot reach conformance without, only three services remain: a (manual) WCAG 2.1/2.2 AA audit, remediation, and validation. Everything else supports these three. Nothing replaces them.
This post focuses in on these non-negotiables. If you want the broader set of services that round out a full accessibility program, the complete list is here.
| Service | What It Establishes | What Breaks If You Skip It |
|---|---|---|
| WCAG Audit | A documented record of every issue against WCAG 2.1 AA. | Remediation becomes guesswork with no record of what was wrong. |
| Remediation | The actual fixes that bring the site toward conformance. | The site stays inaccessible no matter how thorough the audit was. |
| Validation | Proof that each fix resolved the issue it targeted. | No evidence the work succeeded, and new issues can go undetected. |

Why Only Three
The reason these three are essential and the others are supplementary comes down to a simple test: can a website reach and prove WCAG conformance without it?
User evaluation strengthens the result and is the right call for transaction-heavy sites, but a site can conform without it. Documentation and an accessibility statement support your legal posture, but they describe the work rather than perform it. Monitoring keeps conformance from decaying over time, but it comes after the site is already conformant.
Audit, remediation, and validation are different. Remove any one and the website cannot actually become compliant. They are the spine. The rest is connective tissue.
The Dependency Chain: Why Order Matters
These three are not a checklist you can complete in any sequence. Each one depends on the output of the one before it.
The audit produces the issue list. Remediation consumes that list and produces fixes. Validation consumes those fixes and produces proof. Reverse or skip a step and the chain breaks. You cannot remediate issues you have not identified, and you cannot validate fixes that were never made. This is why “we ran a scan and fixed what it found” leaves most sites inaccessible. The scan never produced a complete list to begin with, so remediation worked from a fraction of the real problem.
Service 1: The Audit Establishes the Baseline
A qualified auditor evaluates the website against every applicable WCAG 2.1 AA success criterion and documents each issue: what it is, where it appears, why it fails, and how to fix it.
This is human evaluation work, not a scan. Automated checkers surface only about a quarter of accessibility issues, and they cannot judge whether alt text actually describes an image, whether keyboard focus order makes sense, or whether a screen reader announces a component correctly. The audit report becomes the single source of truth that developers, content teams, and leadership all work from. Without it, every later step is built on assumption.
Service 2: Remediation Does the Work
Remediation is where the issues get fixed. Code-level items like missing form labels, insufficient contrast, focus order problems, and ARIA misuse. Content-level items like missing alt text, vague link text, and uncaptioned video.
The work can be completed by your internal developers using the audit report as the guide, or by an outside accessibility team. Either path works when the fixes are made carefully and the report is followed closely. The variable that matters most here is prioritization. Issues affecting the most users or the most critical workflows get addressed first, which is why a good audit report includes severity ratings rather than a flat list.
Service 3: Validation Closes the Loop
Validation is the step companies skip most, and it is the one that separates a site that is actually compliant from one that only looks compliant on paper. The original auditor reviews each fix and confirms it meets the success criterion it was meant to address.
This matters because remediation is fallible. A developer can fix one issue and introduce another. A change that looks correct in the code can still fail with a screen reader. A contrast adjustment can land just short of the threshold. Validation catches these before they reach a user or a demand letter, and it produces the documented evidence that supports your conformance claim.
The Three Failure Modes
The clearest way to understand why all three are essential is to look at what happens when each one is missing.
Skip the audit. The team fixes whatever a scan flagged or whatever someone noticed. The most common outcome is a site that passes automated checks and still fails for real users, because the majority of issues were never identified. There is also no record to defend if the site’s compliance is ever questioned.
Skip remediation done from the audit. The audit exists, but developers fix issues from memory or intuition instead of working through the report. Issues get missed, severity gets ignored, and the report becomes a document nobody followed. The audit was an expense that produced no change.
Skip validation. This is the most common and the most dangerous, because the site feels done. The fixes were made, but no one confirmed they worked. Some did, some did not, and some created new problems. The organization believes it is compliant and has no evidence either way. That gap is exactly what surfaces in a lawsuit.
Where Buyers Waste Money
Two patterns account for most wasted spend on accessibility.
The first is buying a scan or an overlay and treating it as the whole job. It is neither an audit nor remediation nor validation. It addresses a sliver of the audit step and leaves the dependency chain unstarted.
The second is paying for an audit and then never remediating or validating against it. An audit by itself is a snapshot of problems, not a path to conformance. The money spent identifying issues only pays off when the issues get fixed and the fixes get confirmed.
The efficient spend is the full chain, scoped to the size of the site. Audit, then remediation guided by it, then validation against it.
Frequently Asked Questions
Why three services and not the full list of accessibility services?
Three is the minimum that can take a site to provable conformance. Other services like user evaluation, documentation, and monitoring add value and strengthen the result, but a site can reach WCAG 2.1 AA without them. It cannot reach conformance without an audit, remediation, and validation.
Can I do these three out of order?
No. Each depends on the output of the previous one. The audit produces the issue list remediation works from, and validation confirms the fixes remediation made. The sequence is the point.
Is validation really necessary if my developers are experienced?
Yes. Experience reduces errors but does not eliminate them, and a fix that looks correct in code can still fail with assistive technology. Validation is what turns “we think it is fixed” into documented proof, which is what your accessibility statement and any legal response rely on.
What does the full chain cost?
Cost scales with the size and complexity of the site. The audit is typically the first investment, and remediation and validation follow from what the audit identifies. A small marketing site costs far less across all three than a large ecommerce site or web application.
Audit, remediation, and validation are the three services that move a website from inaccessible to ADA compliant. Add to them when it makes sense, but never subtract from them.
For a quote on any of the three, contact Accessible.org.