Accessibility & Compliance

Production-ready digital services built for government and enterprise standards

WCAG 2.1 AA Compliance

Rocky Web Studio builds all websites to meet WCAG 2.1 Level AA standards, ensuring digital accessibility for users with disabilities. We follow the Web Content Accessibility Guidelines (WCAG) published by the World Wide Web Consortium (W3C), which are recognised as the international standard for web accessibility.

Our Accessibility Features

Color Contrast: All text meets WCAG AA contrast ratios (4.5:1 for normal text, 3:1 for large text)
Keyboard Navigation: All interactive elements are fully accessible via keyboard (Tab, Enter, Escape)
Screen Reader Support: Semantic HTML, ARIA labels, and proper heading hierarchy for assistive technologies
Focus Indicators: Visible focus states on all interactive elements (2px solid outline, 2px offset)
Alt Text: Descriptive alternative text for all images and meaningful icons
Resize & Zoom: Content remains functional and readable when zoomed to 200%
Automated Testing: Continuous accessibility testing using axe-core, WAVE, and Lighthouse

Testing Methodology

Automated Testing

We use automated accessibility testing tools throughout development:

axe-core: Integrated into our build process for continuous testing
WAVE: Browser extension testing for visual accessibility issues
Lighthouse: Automated accessibility audits with scoring (target: 90+)

Manual Testing

Every website undergoes manual accessibility testing:

Keyboard Navigation: Full site navigation using only keyboard (Tab, Enter, Escape)
Screen Readers: Testing with NVDA (Windows) and VoiceOver (macOS/iOS)
Color Contrast: Visual verification of text contrast ratios
Focus Management: Verification of focus indicators and logical tab order

Current Performance

Lighthouse Accessibility Score: 91/100

Our websites consistently achieve high accessibility scores, with ongoing improvements based on automated and manual testing results.

Known Limitations

While we strive for full WCAG 2.1 AA compliance, some third-party integrations (such as embedded maps, social media widgets, or payment processors) may have accessibility limitations beyond our direct control. We work with vendors to ensure the best possible accessibility outcomes and provide alternative access methods where necessary.

Data Privacy & Security

Rocky Web Studio is committed to protecting user data and maintaining the highest standards of privacy and security. Our practices align with Australian and international privacy legislation.

Privacy Compliance

Privacy Act 1988 (Cth): We comply with the Australian Privacy Principles (APPs) under the Privacy Act, including requirements for collection, use, disclosure, and storage of personal information.
GDPR (General Data Protection Regulation): For international clients or users, we implement GDPR-compliant data handling practices, including right to access, right to erasure, and data portability.
State Privacy Laws: We comply with relevant state privacy legislation, including Queensland's Information Privacy Act 2009 where applicable.

Data Handling Practices

Encryption in Transit: All data transmitted over the internet uses TLS 1.2+ encryption (HTTPS)
Encryption at Rest: Sensitive data stored in databases is encrypted using industry-standard methods
Data Retention: Personal data is retained only as long as necessary for business purposes or as required by law
User Rights: Users can request access to, correction of, or deletion of their personal data
Data Minimisation: We collect only the minimum data necessary for service delivery

Security Protections (OWASP Top 10)

We implement protections against the OWASP Top 10 security risks:

SQL Injection prevention (parameterised queries)
Cross-Site Scripting (XSS) protection (input sanitisation)
Cross-Site Request Forgery (CSRF) tokens
Insecure direct object references (authorisation checks)
Security misconfiguration (hardened defaults)
Sensitive data exposure (encryption, secure storage)
Missing function-level access control (RBAC)
Insecure deserialisation (input validation)
Using components with known vulnerabilities (dependency scanning)
Insufficient logging and monitoring (comprehensive audit logs)

Security Headers

Our websites implement the following security headers:

X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Security-Policy: Restrictive policy based on site requirements
Referrer-Policy: strict-origin-when-cross-origin
Permissions-Policy: Restrictive permissions for geolocation, camera, microphone

Backup & Business Continuity

Rocky Web Studio maintains robust backup and business continuity practices to ensure your website remains available and recoverable in any scenario.

Infrastructure & Hosting

Vercel CDN: Enterprise-grade hosting with 99.9% uptime SLA, global content delivery network, and automatic scaling
Daily Backups: Automated daily backups of all databases and content, retained for 30 days
Point-in-Time Recovery: Database backups support point-in-time recovery for the past 7 days
Redundancy: Multi-region deployment ensures availability even during regional outages

Uptime Monitoring

We monitor website uptime using automated monitoring services that check site availability every 60 seconds. Alerts are sent immediately if downtime is detected, triggering our incident response procedures.

Disaster Recovery

Recovery Time Objective (RTO):: < 4 hours; Maximum acceptable time to restore service after a disaster
Recovery Point Objective (RPO):: < 24 hours; Maximum acceptable data loss in the event of a disaster

Business Continuity

In the unlikely event that Rocky Web Studio is unable to continue operations, clients have full access to:

Source Code: Complete source code repository (GitHub/GitLab access)
Data Export: Full database export in standard formats (SQL, JSON, CSV)
Documentation: Complete technical documentation and deployment guides
Hosting Access: Direct access to hosting platform (Vercel) for seamless transition

This ensures zero vendor lock-in and complete client control over their digital assets.

Incident Response & Service Level Agreements

Rocky Web Studio provides defined service level agreements (SLAs) with clear response and resolution times based on issue severity.

Service Level Agreement response and resolution times by severity level
Severity	Definition	Response Time	Resolution Time
Critical	Site completely down, security breach, data loss	2 hours	24 hours
High	Major feature broken, significant performance degradation	4 hours	3 business days
Medium	Minor feature issue, cosmetic problem, non-critical bug	1 business day	1 week
Low	Enhancement request, documentation update, minor improvement	2 business days	Next release cycle

Monthly Audits

We conduct monthly audits to ensure ongoing compliance and performance:

Dependency Scanning: Automated scanning for known vulnerabilities in dependencies
Lighthouse Audits: Performance, accessibility, SEO, and best practices scoring
Log Review: Security and error log analysis for anomalies
Uptime Report: Monthly uptime statistics and incident summary

Quarterly Reviews

Quarterly compliance and performance reviews include:

Compliance Spot-Check: Manual review of accessibility, privacy, and security practices
Performance Trends: Analysis of performance metrics over time
Security Assessment: Review of security headers, dependencies, and configurations
Client Feedback: Review of support tickets and client satisfaction

Compliance Statements

Rocky Web Studio maintains compliance with industry standards and certifications relevant to government and enterprise procurement.

Standards & Frameworks

Accessibility

WCAG 2.1 Level AA
Automated + manual testing
Lighthouse accessibility scoring

Security

OWASP Top 10 protections
Security headers implementation
Regular dependency scanning

Privacy

Privacy Act 1988 (Cth) compliance
GDPR alignment
State privacy legislation

Infrastructure

SOC 2 (via Vercel hosting)
ISO 27001 (via vendors)
99.9% uptime SLA

Certifications

AVOB Certified: Rocky Web Studio is certified as an Australian Verified Business (AVOB), verified for government procurement processes. This certification confirms our Australian business registration, ABN verification, and eligibility for government contracts.
Vercel Compliance: Our hosting provider, Vercel, maintains SOC 2 Type II certification, ISO 27001 compliance, and GDPR compliance. All websites hosted on Vercel benefit from these enterprise-grade certifications.
Stripe PCI DSS: For e-commerce websites, payment processing is handled by Stripe, which maintains PCI DSS Level 1 compliance—the highest level of payment card industry security standards.

Government Procurement

As an AVOB Certified business, Rocky Web Studio offers advantages for government procurement:

Verified Australian business registration and ABN
Eligible for government contracts and tenders
Compliance with Australian Privacy Act and data sovereignty requirements
Regional Queensland business supporting local economy
Direct accountability and principal-level expertise

Contact & Support

We're here to help with accessibility, security, or general inquiries. Choose the appropriate contact method based on your needs.

Accessibility Issues

Report accessibility barriers or request accessibility improvements:

accessibility@rockywebstudio.com.au

Response time: 1 business day

Security Concerns

Report security vulnerabilities or data breaches (urgent):

security@rockywebstudio.com.au

Response time: Immediate (24/7 for critical issues)

General Inquiries

Email:: hello@rockywebstudio.com.au
Website:: rockywebstudio.com.au
Location:: Rockhampton, Queensland, Australia

Office Hours & Response Times

Standard Office Hours:: Monday–Friday, 9:00 AM–5:00 PM AEST
Critical Support:: 24-hour response for critical issues (site down, security breach)
Non-Critical Support:: Response within business hours, following SLA guidelines

Ready to Work Together?

Let's discuss how Rocky Web Studio can deliver production-ready digital services for your organisation.

Get in Touch