Government and corporate users have specific requirements around security and documentation. NV Access is pleased to work with organisations around the world. This page contains documentation and answers to questions often asked by organisations. If there is any other information you need to know which is not on this page, please contact us.
Table of Contents
- Deployment and Support
- Security
- Data Collection and Storage
- Compliance and standards
- NV Access Corporate Information
Deployment and Support
Deployment of NVDA
NVDA has several Command line options which can assist with batch deployment of NVDA. These include:
–minimal | No sounds, no interface, no start message, etc. |
–install | Installs NVDA (starting the newly installed copy) |
–install-silent | Silently installs NVDA (does not start the newly installed copy) |
–enable-start-on-logon=True|False | When installing, enable NVDA’s start on the logon screen |
Please note: We do not currently offer an MSI installer.
Corporate support
If your organization requires ongoing technical support, or custom work to increase accessibility of your in-house software, see our Consulting page. Please contact us to discuss your requirements.
NVDA is very customisable. There are a range of “add-ons” available to enhance the experience in many programs. If you have custom software in your workplace, and would like to discuss an NVDA add-on, please contact us.
Remote Desktops / Citrix
NVDA can be used in environments using platforms such as Microsoft RDP or Citrix.
In a virtualized Windows Server environment such as Azure / AWS / Vultr with the Desktop Experience snap-in installed, it may be possible to use NVDA without an add-on, as long as the audio service is enabled.
“Remote Desktop Accessibility” is an add-on available in NVDA’s add-on store (in NVDA’s tools menu). This add-on improves support in corporate environments using Microsoft Remote Desktop, Citrix or VMware Horizon. This add-on also provides additional functionality beyond simply passing audio through.
Support for your users
NV Access also has training material available to purchase. These come in a variety of formats with discounts for bulk ordering. Add at least 10 copies of any of our courses to your cart to have a bulk discount applied automatically.
Our most popular offering, created to meet the needs of corporate users particularly, is the NVDA Productivity Bundle. This is a suite of learning resources and support. This package ensures your employees, clients and users are all well-skilled with NVDA. The bundle includes our highly acclaimed training modules, and telephone or online support, all in one. For added peace of mind, the NVDA Productivity Bundle comes at a discount compared to buying each on its own. The NV Access shop also lists each module and NVDA support without the bundle.
NVDA Expert Certification
NVDA Expert Certification allows your NVDA users to prove their skills and provide NVDA expertise and support in-house. For staff who use NVDA day to day, it demonstrates they can use the tools they need for their job. NVDA Expert Certification provides industry recognised professional development. NVDA Expert Certification is a great way to promote your services. We have a list of NVDA Certified Experts. This list connects users looking for help with those, like you, who can assist them.
To find out more, and to sit the exam, please visit our NVDA Expert Certification site.
Security
NVDA Add-ons
Add-ons enhance NVDA’s capabilities by adding new features, either for specific programs or globally. These add-ons are accessible through the “Add-on Store” in NVDA’s tools menu.
Please note: Add-ons for NVDA have the capability to run any code, even with administrator privileges. While this enables add-ons to offer significant advantages, it’s crucial to remember that NV Access does not review the code of these add-ons. Consequently, users and system administrators must ensure they trust the creators of any add-ons they choose to use.
If you feel your environment would benefit from a specialised add-on, please see our Consulting page, and contact us.
If you would like to disable add-ons entirely, the –disable-addons Command line option will prevent NVDA add-ons from being used.
Secure Environments
When working in a secure environment, IT administrators may wish to have even more control over software options.
System administrators may wish to configure NVDA to restrict unauthorized system access. By default, NVDA allows the installation of custom add-ons, which can execute arbitrary code, including when NVDA is elevated to administrator privileges.
It is also possible, by default, for users to execute arbitrary code through the NVDA Python Console. This feature is generally used by add-on authors and NVDA code contributors when testing and is not usually required in corporate environments.
Secure Mode prevents users from modifying their NVDA configuration including installing new add-ons, and otherwise limits unauthorized system access such as through the NVDA Python Console.
In NVDA 2023.2 and later, NVDA can also be set to always start in secure mode with the ‘forceSecureMode’ system wide parameter.
In such environments, preventing NVDA from accessing the internet, disabling logging and using Secure Mode are all ways of meeting the requirements of secure environments. Secure Mode should have minimal effect on use of NVDA, once NVDA has been configured.
Installed copies of NVDA store their configuration including add-ons in %APPDATA%\nvda. To prevent NVDA users from modifying their configuration or add-ons directly, user write access to this folder must also be restricted.
Secure mode is ineffective for portable copies of NVDA. This limitation also applies to the temporary copy of NVDA which runs when launching the installer. In secure environments, a user being able to run a portable executable is the same security risk regardless of secure mode. It is expected that system administrators restrict unauthorized software from running on their systems, including portable copies of NVDA.
It is recommended not to allow portable or USB copies of NVDA in security-conscious environments. Portable copies of NVDA are useful in situations where a user needs to use a PC without NVDA installed and can be run without needing to pass a User Account Control prompt.
If you have any additional questions, please do not hesitate to contact us.
Reporting potential issues
NV Access take security very seriously. Our Security Policy outlines how to responsibly disclose any potential security issues. Responsible Disclosure is also known as Coordinated Vulnerability Disclosure.
NV Access staff work quickly to test and confirm reported potential security issues. We explore the extent of any vulnerability, and possible impacts. NV Access then takes steps to mitigate any possible threat. We expedite testing to enable wide adoption of a point release before the vulnerability itself becomes widely known. A point release is an update to NVDA’s latest stable version containing only this specific fix. This minimises the chance of any potential vulnerability being actively exploited.
For non-security issues, bugs and feature requests, we have an Issue Tracker on GitHub. Anyone can submit issues or feature requests via GitHub. Please contact us if needing help confirming an issue, or to responsibly disclose any potential security issues to us.
Data Collection and Storage
Internet access
NVDA has the ability to check for updates to itself. If this is enabled, then NVDA will, once per day, attempt to access the internet to check whether a newer version of NVDA is available. If the program cannot access the internet, there is no impact on program features or notification to the user. If check for updates remains checked, the program will attempt to check for updates 24 hours later.
NVDA has an Add-on Store. This feature is found in NVDA’s tools menu, and allows users to install and manage NVDA Add-ons. When this feature is accessed, NVDA attempts to fetch the list of add-ons from the internet.
Aside from these options, NVDA itself never tries to access the internet.
- Note 1: Third-party, commercial add-ons, such as the Code Factory Eloquence and Vocalizer voices, may require access to the internet in order to verify their license. Such functionality is not controlled by NV Access.
- Note 2: The user can attempt to check for updates from NVDA’s help menu. As with the automatic check, this routine will simply abort quietly in the background if no internet access is available.
Collected information / GDPR
NVDA does not collect any personally identifying information. For organisations in the EU, this means that under GDPR Article 3, NVDA complies with GDPR.
NVDA has two options which, when enabled, send a small amount of information to NV Access. Both of these settings are located in NVDA’s general settings (press NVDA+control+g to access these settings). Where these settings are enabled, data is sent securely via SSL using TLS v1.2, which protects the data against tampering and eavesdropping. Nothing NVDA reads or has access to while reading is ever sent anywhere.
NV Access also has in place a privacy policy to reaffirm our commitment to the security of all information entrusted to us.
Automatically check for updates to NVDA
One of NVDA’s settings is “Automatically check for updates to NVDA”. If this is enabled in NVDA’s “General” settings (press NVDA+control+g to access), then NVDA will automatically check for updated versions of NVDA and inform you when an update is available. You can also manually check for updates by selecting Check for updates under Help in the NVDA menu. When manually or automatically checking for updates, it is necessary for NVDA to send some information to the update server in order to receive the correct update for your system. The following information is always sent when checking for updates:
- Current NVDA version
- Operating System version
- Whether the Operating System is 64 or 32 bit
Allow NV Access to gather NVDA usage statistics
In NVDA’s General settings (press NVDA+control+g to open), there is a setting called “Allow NV Access to gather NVDA usage statistics. If this is enabled, NV Access will use the information from update checks in order to track the number of NVDA users including particular demographics such as Operating system and country of origin. Note that although your IP address will be used to calculate your country during the update check, the IP address is never kept. Apart from the mandatory information required to check for updates, the following extra information is also currently sent:
- NVDA interface language
- Whether this copy of NVDA is portable or installed
- Name of the current speech synthesizer in use (including the name of the add-on the driver comes from)
- Name of the current Braille display in use (including the name of the add-on the driver comes from)
- The current output Braille table (if Braille is in use)
This information greatly aides NV Access to prioritize future development of NVDA.
If these settings are unchecked, or NVDA has no access to the internet, there is no impact on performance or use of the program.
NVDA Log files
NVDA keeps a log file in the local %temp% directory (the location can be changed via command line options). By default, this records minimal information about errors and warnings generated within NVDA. NVDA’s General settings category (press NVDA+control+g to access) allows the log level to be set higher or lower, or disabled entirely. NV Access recommends leaving the log level at “info”, unless collecting specific information on a problem, or wishing to disable logging entirely.
Regardless of the log level, the generated files (nvda.log for the current or most recent NVDA session, and nvda-old.log for the previous time the program ran) are never sent anywhere. The log files can be safely deleted, or logging disabled entirely without any impact on program performance.
NVDA has a number of command line options which affect how the program behaves. Refer to Command line options in the User Guide for full information on these. If –no-logging is specified, NVDA will not record a log.
Compliance and standards
WCAG 2.2
NVDA and the NV Access website meet WCAG 2.2 level AA. For more information, see the VPAT below.
VPAT
The Voluntary Product Accessibility Template (VPAT) provides information about the accessibility of a product against the US Section 508 Refresh, WCAG 2.2 and the European EN301 549 accessibility standards. For more information on VPAT, see: https://www.itic.org/policy/accessibility/vpat
NVDA complies with Section 508 and EN301 549, and meets WCAG 2.2, level AA.
The only elements of AAA not met are Sign Language for pre-recorded video, and several aspects of the NVDA Certification Exam (such as timing and re-authenticating).
Specific Government initiatives and programs
Various governments around the world have programs and initiatives to enable their citizens to get access to equipment, without being left out of pocket. NV Access has, for over 10 years, been the leader in enabling anyone, anywhere in the world, to access a free screen reader. Now that NV Access also provides paid support and training materials, we are keen to ensure that these are able to be included in such government programs.
NV Access is registered as an NDIS provider in Australia, meaning that Australians in the NDIS scheme, can choose to access training materials and support for NVDA as part of their NDIS plan, with no financial expense to the user. If you are involved in a government scheme and believe NVDA would fit within it for users, please contact us.
NVDA License agreement
NVDA’s license agreement is shown by the installer, prior to installation. Once NVDA is running, the license agreement is also available from the Help menu. You can also View NVDA’s license agreement online.
In short, yes, you are most welcome to download and use NVDA, for free, on as many PCs as you wish. This includes any corporate, government, education or other workplace environment. As a not-for-profit organisation, we provide NVDA freely to anyone who can use it as part of our corporate mission (See About NV Access). Many of our corporate users appreciate the peace of mind of having access to telephone or online support and training material. For these users we have created the “NVDA Productivity Bundle“. Sales of material provide the double benefit of helping your users, as well as supporting our mission. For any individuals and organisations who can afford a donation to NV Access, and who do not want anything in return, any amount, no matter how large or small, helps us continue this mission around the world. NV Access is a registered charity in Australia, and a receipt is provided should you require one for tax purposes.
Open-Source software
NVDA is open-source. This means that the source code is available for anyone to view. This is beneficial as it enables people outside the core developers to comment on bugs and offer suggestions for improvement. The final, compiled product contains only code which was either written, or directly checked and approved, by NV Access. Provided you download from https://www.nvaccess.org/ (the Official Site), you can be sure that you are downloading an official version of NVDA which is unaltered and free from malicious software.
You can also verify this by checking the digital signature in the “Digital signature” tab of the file properties.
If you would like to verify the checksum of the file you have downloaded, we provide the SHA256 sum of each release on its release announcement page.
NVDA source code review and approval process includes:
- Revision/Version control in GIT
- Substantial testing is undertaken before code updates are released and incorporated into official source code
- Release packages are digitally signed for verification
- NVDA contributors agree to adhere to the NVDA development guide, and the code review by NV Access verifies that the code adheres to this guide
While anyone could potentially download the NVDA source code and edit it, only NV Access can upload files to the Official Site. There is no more inherent risk with downloading NVDA from the Official Site than there is downloading a closed source program from its official site.
We work closely with partners including Microsoft, Google and Adobe, and they work with us in the knowledge of NVDA being open-source. Microsoft uses Open-Source software themselves, including various components built into Windows itself. Microsoft also have a page on Open-Source Security which starts off with a section on the benefits of open-source. Similarly, Google Open-Source is a Google initiative “Bringing all the value of open-source to Google and all the resources of Google to open-source”.
The US Government runs Code.gov, a website documenting US government open-source initiatives. US Government policy specifies that “Agencies must open-source at least 20% of all new custom code created after August 2016.”. Similarly, The UK Government policy states: “Releasing government code under Open-Source licenses increases transparency, collaboration and encourages good practices. The UK government made a commitment to making code open-source by default at the Open Government Partnership Summit in Paris 2016.” The Australian government also has a policy to “Make all new source code open by default”.
Privacy Policy
NV Access Ltd is committed to protecting your privacy. We have a publicly available Privacy Policy at https://www.nvaccess.org/privacy/ which outlines our commitment. This privacy policy outlines our collection of personal information, use and disclosure of personal information, information about what happens when you contact us via our website and email, and our access to personal information.
NV Access Corporate Information
NV Access Corporate Structure
NV Access, the organisation behind the NVDA screen reader, is a registered charity in Australia. NV Access is overseen by a board of directors whose job is to ensure the continuity of NVDA and our Statement of Purpose. Read more on our About NV Access page
NV Access Security Protocols
NV Access has Organisational IT Risk Management Policies and Procedures in place. These policies set out who can access the server, we have change management procedures around source code management controls in GIT, there is a review process in place for changes made. Only NV Access staff can approve changes to NVDA source code, and it requires more than one person and a review to make changes.
All server infrastructure is regularly backed up, both onsite and to a remote backup facility. So, there are a number of redundancies built in.
The following processes and systems are in place to prevent unauthorised access:
- Network Security and Intrusion Detection; all systems require certificate based access
- Systems are regularly monitored and audited for security issues and patched appropriately
- All Staff run antivirus software on all computers and complete regular software updates
- Staff do not store any personally identifiable information on their computers
- Additionally, staff utilise password management encryption, and, where available, two-factor authentication for third party services
Finally, just to reiterate, the NVDA License agreement places no restrictions on using NVDA in a commercial environment, nor on the number of PCs it may be installed on. In order to make NVDA freely available to those on the lowest incomes, we do rely on contributions from those more able to contribute. We do therefore encourage corporate and government users to please consider purchasing the NVDA productivity bundle for your users from the NV Access shop. The NVDA Productivity Bundle contains all of our comprehensive training modules, as well as NVDA telephone or online support. As a registered charity, you can also make a financial contribution. Such contributions are tax deductable, at least in Australia.
If you have any questions, please do not hesitate to contact us.