Software-as-a-Service (SaaS) products represent a key opportunity for the Office of Information and Technology (OIT) to support the Department of Veterans Affairs' (VA) information technology (IT) modernization efforts. Adoption of SaaS products provides many potential benefits to VA, including rapid deployment of emergent technologies and enhanced system integrations to expedite services to Veterans.
VA has begun adoption of SaaS solutions and is developing a process to assist all stakeholders in identifying and meeting VA requirements. Leveraging SaaS solutions to address business and functional needs represents a drastic shift in VA’s traditional procurement process. In the past, VA would purchase licenses to software which would then be installed and managed on VA owned infrastructure. This required VA to implement all security controls to protect the system and data. The adoption of SaaS at VA is shifting our focus from these traditional development activities to a collaborative effort where maintenance, security, and compliance responsibilities are shared between VA and our business partners.
If you would like to work with VA to make your SaaS product available to Veterans, providers, clinicians, and other users, please email us at VASaaS@va.gov
SaaS products are applications that are hosted outside of VA’s environment and managed by a third-party software vendor. SaaS products are accessed over the Internet and licensing is subscription based. A single vendor will commonly provide the same service to multiple government and non-government clients using shared infrastructure which the vendor manages.
VA is required to follow the Federal Risk and Authorization Management Program (FedRAMP) as a framework for managing risk associated with the use of cloud services. Our process to securely connect to and use vendor SaaS solutions includes confirming the vendor’s ability to meet the security requirements, continuous monitoring obligations, and security function verifications in accordance with FedRAMP.
VA is a willing partner for SaaS vendors seeking initial FedRAMP authorization via ‘sponsorship.’ In most cases, VA will work with the vendor collaboratively to help understand and navigate the FedRAMP process, identify all requirements, and sufficiently document the SaaS solution to enable holistic security testing by an agreed upon third party.
VA’s Open API Pledge intends to streamline our information systems to enhance and promote sharing of information. VA will allow access to Fast Healthcare Interoperability Resources (FHIR) via a standards acceleration collaborative intended to be made freely available for use. API access will be provided to developers of Veteran-designated mobile and web-based applications, clinician-designated applications, and choice care act partners. VA recognizes that this initiative is critical to enhance interoperability of solutions designed to service our Nation’s Veterans.
Through our VA Lighthouse initiative, we want to empower our partners to build innovative solutions for Veterans. We designed a framework to deliver a modern API development experience and rolled out our first set of standards-based APIs.