Policies
Compliance
Certifications, frameworks, and regulatory compliance
PetroBench maintains security and compliance practices designed for enterprise oil and gas operators. This page provides transparency into our certifications and the frameworks that govern our security program.
Framework Alignment
PetroBench's security program is aligned with industry-standard frameworks:
| Framework | Alignment |
|---|---|
| NIST Cybersecurity Framework (CSF) | Controls mapped to NIST CSF categories |
| OWASP Top 10 | Web application security testing covers all OWASP Top 10 categories |
Security Assessments
| Assessment | Frequency |
|---|---|
| Vulnerability Scanning | Continuous automated scanning of infrastructure and dependencies |
| Static Analysis (SAST) | Every code change, integrated into CI/CD pipeline |
| Dependency Auditing | Continuous automated alerts for known vulnerabilities |
Data Handling
| Practice | Details |
|---|---|
| Data Residency | United States only (AWS US East, Virginia) |
| Data Ownership | Customers retain full ownership of their data |
| Data Portability | Export available in CSV and JSON formats |
| Data Deletion | Within 30 days of request or account termination |
| Data Classification | Well data and simulation results classified as confidential; usage analytics anonymized |
Request Documentation
To request compliance documentation, audit reports, or a Data Processing Agreement:
- Email: legal@petrobench.com
- Contact your Account Executive