Government and corporate users have specific requirements around security and documentation. NV Access is pleased to work with organisations around the world. This page contains documentation and answers to questions often asked by organisations. If there is anything you think we have omitted from this page, please contact us.
Table of Contents
- Corporate support
- Customising NVDA to your specific software
- NVDA Expert Certification
- WCAG 2.0
- Specific Government initiatives and programs
- NVDA License agreement
- Open Source software
- NV Access Corporate Structure
- Internet access
- Collected information
- NVDA Log files
- Reporting potential issues
- NVDA Add-ons
- Secure Environments
- Deployment of NVDA
NV Access also has training material available to purchase. These come in a variety of formats with discounts for bulk ordering. Add at least 10 copies of any of our courses to your cart to have a bulk discount applied automatically.
Customising NVDA to your specific software
NVDA is very customisable. There are a range of “add-ons” available to enhance the experience in many programs. If you have custom software in your workplace, and would like to discuss an NVDA add-on, please contact us.
One add-on which may be useful in corporate environments is “UnicornDVC”. UnicornDVC extends NVDA for use over Microsoft RDP, Citrix and on VMware Horizon. Read the documentation on how to set up Unicorn with NVDA. It is available from Access4U.eu.
NVDA Expert Certification
NVDA Expert Certification allows your NVDA users to prove their skills. For staff who use NVDA day to day, it demonstrates they can use the tools they need for their job. NVDA Expert Certification provides industry recognised professional development. NVDA Expert Certification is a great way to promote your services. We have a list of NVDA Certified Experts. This list connects users looking for help with those, like you, who can assist them.
To find out more, and to sit the exam, please visit our NVDA Expert Certification site.
We also offer the NVDA Productivity Bundle, a suite of learning resources and support. This package ensures your employees, clients and users are all well-skilled with NVDA. The bundle includes our highly-acclaimed training modules, and telephone or online support, all in one. For added peace of mind, the NVDA Productivity Bundle comes at a discount compared to buying each on its own. The NV Access shop also lists each module and NVDA support without the bundle.
NVDA and the NV Access website meet WCAG 2.0 level AA. For more information, see the VPAT below.
The Voluntary Product Accessibility Template (VPAT) provides information about the accessibility of a product against the US Section 508 Refresh, WCAG 2.0 and the European EN301 accessibility standards. For more information on VPAT, see: https://www.itic.org/policy/accessibility/vpat NVDA complies with Section 508 and EN301, and meets WCAG 2.0, level AA.
Specific Government initiatives and programs
Various governments around the world have programs and initiatives to enable their citizens to get access to equipment, without being left out of pocket. NV Access has, for over 10 years, been the leader in enabling anyone, anywhere in the world, to access a free screen reader. Now that NV Access also provides paid support and training materials, we are keen to ensure that these are able to be included in such government programs.
NV Access is registered as an NDIS provider in Australia, meaning that Australians in the NDIS scheme, can choose to access training materials and support for NVDA as part of their NDIS plan, with no financial expense to the user. If you are involved in a government scheme and believe NVDA would fit within it for users, please contact us.
NVDA License agreement
NVDA’s license agreement is shown by the installer, prior to installation. Once NVDA is running, the license agreement is also available from the Help menu. You can also View NVDA’s license agreement online.
In short, yes, you are most welcome to download and use NVDA, for free, on as many PCs as you wish. This includes any corporate, government, education or other workplace environment. As a not-for-profit organisation, we provide NVDA freely to anyone who can use it as part of our corporate mission (See About NV Access). Many of our corporate users appreciate the peace of mind of having access to telephone or online support and training material. For these users we have created the “NVDA Productivity Bundle“. Sales of material provide the double benefit of helping your users, and supporting our mission. For any individuals and organisations who can afford a donation to NV Access, and who do not want anything in return, any amount, no matter how large or small, helps us continue this mission around the world. NV Access is a registered charity in Australia, and a receipt is provided should you require one for tax purposes.
Open Source software
NVDA is open source. This means that the source code is available for anyone to view. This is beneficial as it enables people outside the core developers to comment on bugs and offer suggestions for improvement. The final, compiled product contains only code which was either written, or directly checked and approved, by NV Access. Provided you download from https://www.nvaccess.org/ (the Official Site), you can be sure that you are downloading an official version of NVDA which is unaltered and free from malicious software.
You can also verify this by checking the digital signature in the “Digital signature” tab of the file properties.
NVDA source code review and approval process includes:
- Revision/Version control in GIT
- Substantial testing is undertaken before code updates are released and incorporated into official source code
- Release packages are digitally signed for verification
- NVDA contributors agree to adhere to the NVDA development guide, and the code review by NV Access verifies that the code adheres to this guide
While anyone could potentially download the NVDA source code and edit it, only NV Access can upload files to the Official Site. There is no more inherent risk with downloading NVDA from the Official Site than there is downloading a closed source program from its official site.
We work closely with partners including Microsoft, Google and Adobe, and they work with us in the knowledge of NVDA being open source. Microsoft uses Open Source software themselves, including various components built into Windows itself. Microsoft also have a page on Open Source Security which starts of with a section on the benefits of open source. Similarly, Google Open Source is a Google initiative “Bringing all the value of open source to Google and all the resources of Google to open source”.
The US Government runs Code.gov, a website documenting US government open source initiatives. US Government policy specifies that “Agencies must open source at least 20% of all new custom code created after August 2016.”. Similarly, The UK Government policy states: “Releasing government code under Open Source licenses increases transparency, collaboration and encourages good practices. The UK government made a commitment to making code open source by default at the Open Government Partnership Summit in Paris 2016.” The Australian government also has a policy to “Make all new source code open by default”.
NV Access Corporate Structure
NV Access, the organisation behind the NVDA screen reader, is a registered charity in Australia. NV Access is overseen by a board of directors whose job is to ensure the continuity of NVDA and our Statement of Purpose. Read more on our About NV Access page
If “Automatically check for updates to NVDA” is enabled in NVDA’s settings (press NVDA+control+g to access), it will, once per day, attempt to access the internet to check whether a newer version of NVDA is available. If the program cannot access the internet, there is no impact on program features or notification to the user. If check for updates remains checked, the program will attempt to check for updates 24 hours later. If “check for updates” is not checked, NVDA itself never tries to access the internet.
- Note 1: Third-party, commercial add-ons, such as the Code Factory Eloquence and Vocalizer voices, may require access to the internet in order to verify their license. Such functionality is not controlled by NV Access.
- Note 2: The user can attempt to check for updates from NVDA’s help menu. As with the automatic check, this routine will simply abort quietly in the background if no internet access is available.
NVDA does not collect any personally identifying information. For organisations in the EU, this means that under GDPR Article 3, NVDA complies with GDPR.
NVDA has two options which, when enabled, send a small amount of information to NV Access. Both of these settings are located in NVDA’s general settings (press NVDA+control+g to access these settings). Where these settings are enabled, data is sent securely via SSL using TLS v1.2, which protects the data against tampering and eavesdropping. Nothing NVDA reads or has access to while reading is ever sent anywhere.
Automatically check for updates to NVDAIf this is enabled, NVDA will automatically check for updated versions of NVDA and inform you when an update is available. You can also manually check for updates by selecting Check for updates under Help in the NVDA menu. When manually or automatically checking for updates, it is necessary for NVDA to send some information to the update server in order to receive the correct update for your system. The following information is always sent when checking for updates:
- Current NVDA version
- Operating System version
- Whether the Operating System is 64 or 32 bit
Allow the NVDA project to gather NVDA usage statisticsIf this is enabled, NV Access will use the information from update checks in order to track the number of NVDA users including particular demographics such as Operating system and country of origin. Note that although your IP address will be used to calculate your country during the update check, the IP address is never kept. Apart from the mandatory information required to check for updates, the following extra information is also currently sent:
- NVDA interface language
- Whether this copy of NVDA is portable or installed
- Name of the current speech synthesizer in use (including the name of the add-on the driver comes from)
- Name of the current Braille display in use (including the name of the add-on the driver comes from)
- The current output Braille table (if Braille is in use)
This information greatly aides NV Access to prioritize future development of NVDA.
If these settings are unchecked, or NVDA has no access to the internet, there is no impact on performance or use of the program.
NV Access has Organisational IT Risk Management Policies and Procedures in place. These policies set out who can access the server, we have change management procedures around source code management controls in GIT, there is a review process in place for changes made. Only NV Access staff can approve changes to NVDA source code, and it requires more than one person and a review to make changes.
All server infrastructure is regularly backed up, both onsite and to a remote backup facility. So there are a number of redundancies built in.
The following processes and systems are in place to prevent unauthorised access:
- Network Security and Intrusion Detection, All systems require certificate based access
- Systems are regularly monitored and audited for security issues and patched appropriately
- All Staff run antivirus software on all computers and complete regular software updates
- Staff do not store any personally identifiable information on their computers
- Additionally staff utilise password management encryption, and, where available, two-factor authentication for third party services
NVDA Log files
NVDA keeps a log file in the local %temp% directory (the location can be changed via command line options). By default, this records minimal information about errors and warnings generated within NVDA. NVDA’s General settings category (press NVDA+control+g to access) allows the log level to be set higher or lower, or disabled entirely. NV Access generally recommend leaving the log level at “info”, unless collecting specific information on a problem, or wishing to disable logging entirely.
Regardless of the log level, the generated files (nvda.log for the current or most recent NVDA session, and nvda-old.log for the previous time the program ran) are never sent anywhere. The log files can be safely deleted, or logging disabled entirely without any impact on program performance.
NVDA has a number of command line options which affect how the program behaves. Refer to Command line options in the User Guide for full information on these. If –no-logging is specified, NVDA will not record a log.
Reporting potential issues
NV Access take security very seriously. Our Security Policy outlines how to responsibly disclose any potential security issues. Responsible Disclosure is also known as Coordinated Vulnerability Disclosure.
NV Access staff work quickly to test and confirm reported potential security issues. We explore the extent of any vulnerability, and possible impacts. NV Access then take steps to mitigate any possible threat. We expedite testing to enable wide adoption of a point release before the vulnerability itself becomes widely known. A point release is an update to NVDA’s latest stable version containing only this specific fix. This minimises the chance of any potential vulnerability being actively exploited.
For non-security issues, bugs and feature requests, we have an Issue Tracker on GitHub. Anyone can submit issues or feature requests via GitHub. We encourage anyone to Responsibly Disclose any potential security issues to us.
Add-ons are a way of providing additional functionality to NVDA. Add-ons can provide functionality in specific programs, including customised databases and other programs. Add-ons can also add additional functionality across the board. Add-ons can be browsed from the “Add-on Store” which is available in NVDA’s tools menu. If you feel your environment would benefit from a specialised add-on, please see our Consulting page, and contact us.
If you would like to disable add-ons entirely, the –disable-addons Command line option will prevent NVDA add-ons from being used.
When working in a secure environment, IT administrators may wish to have even more control over software options. NVDA has a –secure command line option which disables the python console, as well as access to open the log viewer, and add-on manager.
In such environments, preventing NVDA from accessing the internet, disabling logging and using the –secure command line option are all ways of meeting the requirements of secure environments and should have minimal effect on use of NVDA.
If you have any additional questions, please do not hesitate to contact us.
Deployment of NVDA
NVDA has a number of Command line options which can assist with batch deployment of NVDA. These include:
|–minimal||No sounds, no interface, no start message, etc.|
|–install||Installs NVDA (starting the newly installed copy)|
|–install-silent||Silently installs NVDA (does not start the newly installed copy)|
|–enable-start-on-logon=True|False||When installing, enable NVDA’s start on the logon screen|
Finally, just to reiterate, the NVDA License agreement places no restrictions on using NVDA in a commercial environment, nor on the number of PCs it may be installed on. In order to make NVDA freely available to those on the lowest incomes, we do rely on contributions from those more able to contribute. We do therefore encourage corporate and government users to please consider purchasing the NVDA productivity bundle for your users from the NV Access shop. The NVDA Productivity Bundle contains all of our comprehensive training modules, as well as NVDA telephone or online support. As a registered charity, you can also make a financial contribution. Such contributions are tax deductable, at least in Australia.
If you have any questions, please do not hesitate to contact us.