Skip to main content
Cyber Made Simple
Get started
Accessibility

Accessibility statement

What we commit to, what we test against, and how to tell us when we miss the mark.

Cyber Made Simple is built and maintained by CMS InfoSec Ltd. We want everyone — regardless of device, assistive technology, language or ability — to be able to read our briefings, run our self-service tools and manage their account independently.

Standards we target

We aim to meet Web Content Accessibility Guidelines (WCAG) 2.2 level AA. This is the standard referenced by the UK Public Sector Bodies Accessibility Regulations 2018 and is the bar most reputable cyber security and government sites work to.

We also follow GOV.UK service manual guidance on plain English, sentence-case headings and predictable layout.

What we do today

  • Every public page exposes a “Skip to main content” link as the first focusable element so keyboard and screen-reader users can bypass the navigation.
  • All interactive controls have visible focus rings that are not removed by our design system.
  • Body text targets a minimum 4.5:1 contrast ratio against its background; large text targets 3:1. Brand colours that fail those ratios are restricted to decorative use.
  • Forms label every input and use aria-describedby to associate errors with the field they belong to.
  • We respect prefers-reduced-motion and disable the home-page threat ticker and other non-essential animation when a visitor has it set.
  • Images, icons and decorative SVGs that do not convey meaning are marked with aria-hidden="true" or an empty alt attribute so screen readers do not announce them.
  • We run automated axe-core scans against a curated list of public and admin routes and gate our continuous-integration pipeline on the result. Any “serious” or “critical” finding fails the build.

Known limitations

We are honest about what is not yet polished. As of April 2026, the following areas are flagged as work-in-progress:

  • Some long-form briefings embed third-party diagrams (e.g. NCSC advisories) where we cannot rewrite the underlying alt text. Where this happens we provide a plain-English caption beneath the embed.
  • The block editor used by administrators is keyboard-navigable but has not yet been audited end-to-end with screen readers — it is an internal authoring surface and is not intended for general public use.
  • A small number of legacy interactive plugins still rely on client-only JavaScript. We are progressively migrating each one to a server-rendered baseline so it remains usable when scripts fail to load.

Assistive technology we test with

  • NVDA on Firefox (Windows)
  • VoiceOver on Safari (macOS & iOS)
  • TalkBack on Chrome (Android)
  • Keyboard-only navigation across all major browsers
  • 200% browser zoom and text-only zoom up to 400%

How to report an accessibility barrier

If you find something that is hard to use, please tell us. We treat accessibility issues as bugs, not feature requests, and aim to acknowledge reports within two working days.

Enforcement

The UK regulator for digital accessibility complaints is the Equality and Human Rights Commission. If you contact us about an accessibility issue and you are not happy with our response, you can escalate to them.

This statement was last reviewed in April 2026. We review it at least quarterly and after every major release of the site.