VA’s compliance with accessibility requirements still lacking, watchdog says

The Veterans Affairs Department has made some progress in improving the accessibility of its websites and public-facing IT systems but still faces significant oversight concerns when it comes to ensuring that all of its services are available for disabled veterans, according to an audit released by the VA Office of Inspector General on Wednesday.

OIG’s report was conducted following years of criticism from lawmakers and veteran service organizations about the department’s lack of compliance with Section 508 of the Rehabilitation Act of 1973, which the watchdog noted “dictates that VA and other federal agencies develop, procure, maintain and use information and communications technology to ensure people with disabilities have access to all information and data comparable to that of individuals without disabilities.”

A VA report presented to Congress in September 2021 found that approximately 9% of the department’s internet sites and 6% of its intranet sites were fully compliant with Section 508 requirements. 

A group of bipartisan lawmakers — led by Sen. Bob Casey, D-Pa., chair of the Senate Committee on Aging — subsequently sent a letter to VA Secretary Denis McDonough in June 2022 expressing concern that the report “omitted important details about the department’s plans to address these long-standing problems and, in multiple cases, did not include remediation plans for key organizations within VA.”

OIG’s audit — conducted from October 2022 through September 2023 — noted that VA “is working toward addressing compliance concerns about accessibility of its information and communications technology by prioritizing websites that receive the most visits and planning to then address those with fewer views.”

The watchdog found, however, that “VA did not effectively manage website accessibility to ensure Section 508 compliance, ensure all information technology systems met accessibility requirements or that accessibility designations in the systems inventory were accurate or update relevant directives that guide compliance.”

VA’s web managers and information system owners “did not ensure compliance with Section 508 requirements,” according to the audit, and the department’s web communications offices “did not consistently enforce the requirement that web managers add and certify all internet and intranet sites in VA’s Web Registry.”

“As a result, VA’s September 2021 report to Congress did not cover all VA public and internal websites as required, including over 218,000 sites on SharePoint Online, an application used to create internal intranet websites for personnel,” the report said.

OIG also identified other VA IT systems that were not assessed for compliance with Section 508, or had been incorrectly designated when reviewed for compliance with the law. 

“The inaccurate Section 508 designations resulted from VA administrations and staff offices not ensuring inventory information was updated or validated,” the audit said, adding that “without accurate information, VA cannot adequately assess information technology system compliance with the law or achieve the stated objective of the VA policy.”

Three of VA’s directives related to “accessibility, systems management and web-based collaboration technologies” were also outdated, according to the report, and had not been updated in compliance with the department’s procedures requiring “all permanent directives and handbooks be recertified within five years of issuance.”

“Until VA addresses all compliance issues, the information access provided to individuals with disabilities may not be comparable to the access provided to those without disabilities,” the OIG said.

The watchdog made six recommendations to VA, including calling for system owners within the department to be educated on Section 508 policy requirements, for VA officials to update and republish outdated directives, and for the department’s assistant secretary for information and technology and chief information officer to “develop and implement a strategy with milestones for identifying all VA websites” and “establish a mechanism for web communication offices across VA to enforce web policy.”

OIG said VA concurred with all of its recommendations “and provided acceptable corrective action plans.”