Your data is protected by the same infrastructure trusted by the U.S. Department of Defense.
VSTracking was built by victim advocates who understand the sensitivity of the information you handle every day. We take the security of your data as seriously as you take the safety of the people you serve.
Infrastructure & Encryption
Government-Grade Cloud Infrastructure
All VSTracking client data is hosted exclusively on Amazon Web Services GovCloud (US), an isolated cloud region designed to host sensitive government data and regulated workloads. AWS GovCloud meets the strictest U.S. government security and compliance requirements, including FedRAMP High baseline authorization. No client data is ever stored or processed outside of the GovCloud environment.
All data is encrypted in transit and at rest using FIPS 140-2 and FIPS 140-3 validated cryptographic modules — the same encryption standard required by the FBI’s Criminal Justice Information Services (CJIS) Security Policy and used by federal law enforcement agencies nationwide.
Security Pillars
Encryption
FIPS 140-2/140-3 Encryption
All data is encrypted at rest and in transit using federally validated cryptographic standards. Your client information is protected whether it’s being stored in our database or traveling between your browser and our servers.
Access Controls
Role-Based Access Controls
VSTracking includes six built-in access roles — from full administrative control to read-only and reports-only — so your agency can assign each user the appropriate level of access. Advocate-limited roles ensure that staff members see only the cases they are assigned to. Every access event is logged in a comprehensive audit trail, and multi-factor authentication is available for administrative access.
Personnel Security
Background-Checked Personnel
Every Advocate Advantage employee with access to client data undergoes a national fingerprint-based background check and completes annual CJIS Security Awareness Training and certification through CJISOnline.com — the same training required of law enforcement personnel.
Data Isolation
100% U.S.-Based Data Residency
Your data never leaves U.S. soil. All VSTracking client data is stored and processed exclusively within AWS GovCloud’s U.S. regions, operated by screened U.S. persons. We are a 100% USA-based company with no offshore operations or data processing.
CJIS Security Policy Alignment
Aligned with the FBI CJIS Security Policy
Many of our clients are law enforcement-based victim advocates and criminal justice agencies that must comply with the FBI’s Criminal Justice Information Services (CJIS) Security Policy. VSTracking’s security practices are aligned with the CJIS Security Policy’s requirements, including:
- FIPS-validated encryption for data in transit and at rest
- National fingerprint-based background checks for all personnel with data access
- Annual CJIS Security Awareness Training and certification
- Built-in access roles with advocate-level data isolation and audit logging
- All client data hosted on AWS GovCloud, a FedRAMP High authorized infrastructure
- Incident response and security event monitoring
We are available to sign the CJIS Security Addendum with any law enforcement agency that requires it as part of their vendor compliance process.
Third-Party Data Isolation
Your Data Stays in Our System. Period.
VSTracking does not route your data through third-party automation platforms, consumer integration services, or external analytics tools. All client data remains within our AWS GovCloud environment at all times.
Some case management platforms advertise integrations with third-party automation tools that route data through commercial servers lacking government-grade security controls. When victim data flows through services that have not signed a CJIS Security Addendum, do not maintain FIPS-validated encryption, and are not operated by background-checked personnel, the convenience of automation comes at the cost of the confidentiality protections your agency is required to maintain.
VAWA, VOCA, and FVPSA all require grantees to make reasonable efforts to prevent the inadvertent disclosure of victim personally identifying information — especially when using any third-party database or system managed by an outside company. VSTracking is designed to keep your data within a single, secure, government-grade environment so you never have to question whether a third-party service is putting your compliance at risk. This includes Al and analytics features that process your data through external machine learning providers.
For Grant Administrators
Confidence for Grant Administrators & Funders
If you’re evaluating VSTracking as part of a VOCA or VAWA-funded program, here’s what you need to know:
- All VSTracking client data is hosted on AWS GovCloud with FIPS 140-2/140-3 encryption
- All personnel with access to client data are background-checked and CJIS-trained
- Built-in VOCA reporting is included out of the box, and the software’s custom tags, fields, and report filters make it easy to pull the data needed for VAWA and other grant requirements
- Data never leaves U.S. borders
- We can provide a security practices summary document upon request for your grant compliance files