VA has a requirement for a new VA System of Record for workers’ compensation and occupational safety and health data to satisfy the Occupational Safety and Healthy (OSH) Act of 1970, Section 19(a)(3) and (5). This law requires Federal agencies to keep adequate records of all occupational accidents and illnesses for proper evaluation and necessary corrective action, and to provide access to those records and reports to the Secretary of Labor when requested.
The Federal Chief Information Officer (CIO) has confirmed that for SaaS, agencies have the option of: (1) leveraging a Preliminary-Authority to Operate (ATO) completed by the Joint Authorization Board (JAB); (2) leveraging an ATO completed by another agency, or (3) conducting their own ATO. However, if either the JAB or another agency has already gone through the Risk Management Framework (RMF) process with the cloud service provider then we encourage the agency to leverage the work already done. This is less burdensome for both the agencies and the service providers.
The VA will be using the Federal Risk and Authorization Management Program (FedRAMP) baselines as a starting point, since they are specifically tailored for cloud services.
The Contractor shall provide project management and Software Development Life Cycle (SDLC) support to include design, configuration, testing, training, communications, change management, deployment, service desk, and system sustainment for a VA Enterprise Safety and Workers’ Compensation Information Management System (S/WIMS) SaaS. This includes configuration and integration of the S/WIMS solution to achieve Initial Operating Capability (IOC), and Full Operational Capability (FOC) Phases with Pilots and incremental implementation for each phase, as well as operation and maintenance support of the S/WIMS solution beyond FOC. The Contractor shall comply with the VA OI&T Veteran-focused Integration Process (VIP) for all business requirements gathering and configuration activities.
The Contractor shall utilize an Agile Methodology to conduct implementation, configuration, and sustainment services in accordance with OI&T VIP. The Contractor shall support product backlog reviews and refinement of configuration requirements by providing level of effort for system changes. The SaaS solution shall not require any servers hosted within the VA network. Users will access the system via a web site and no software shall be downloaded onto the VA network.