VA App Compliance Review

This section describes the review process that ensures an App meets VA software standards. Plan and develop your App by Compliance Review guidelines to avoid rework later. Most Compliance Review Bodies are willing to conduct an informal review early in Planning or Development. The Compliance Review stage begins when you hand the code off to Verification and Validation.

About the Compliance Bodies

Every VA Mobile App must undergo the following reviews (or be granted waivers) to ensure it meets all VA software standards:

Risk Level Determines Review Level

Not all VA Apps undergo a complete review by all Compliance Review Bodies. Some Apps pose little or no risk of harm to users or the VA. The Mobile App Governance Board (MAGB) assigns a risk level category to every Request they approve for development. The V&V review confirms the App has the correct category assignment. The category determines the thoroughness of the review. VA maintains a matrix for determining the risk level for each App. If you have an MAE JIRA account you can view the matrix:

Web and Mobile Application Types and Compliance Matrix at