Trust Center
Compliance
Certifications, frameworks, and regulatory compliance
PetroBench maintains security and compliance practices designed for enterprise oil and gas operators. This page provides transparency into our certifications, ongoing initiatives, and the frameworks that govern our security program.
SOC 2
SOC 2 Type II certification is in progress. For updates on our timeline or to request documentation, contact legal@petrobench.com.
Framework Alignment
PetroBench's security program is aligned with industry-standard frameworks:
| Framework | Alignment |
|---|---|
| SOC 2 Trust Service Criteria | Security program built around TSC; certification in progress |
| NIST Cybersecurity Framework (CSF) | Controls mapped to NIST CSF categories |
| OWASP Top 10 | Web application security testing covers all OWASP Top 10 categories |
Security Assessments
| Assessment | Frequency |
|---|---|
| Vulnerability Scanning | Continuous automated scanning of infrastructure and dependencies |
| Static Analysis (SAST) | Every code change, integrated into CI/CD pipeline |
| Dependency Auditing | Continuous automated alerts for known vulnerabilities |
Export Controls
PetroBench processes petroleum engineering simulation data: well configurations, rod string designs, production parameters, and simulation results. This data is classified as proprietary operational data.
PetroBench does not process ITAR-controlled technical data. Customers are responsible for ensuring that data uploaded to PetroBench complies with applicable export control regulations, including EAR. If your organization has specific export control requirements, contact legal@petrobench.com to discuss.
Data Handling
| Practice | Details |
|---|---|
| Data Residency | United States only (AWS US East, Virginia) |
| Data Ownership | Customers retain full ownership of their data |
| Data Portability | Export available in CSV and JSON formats |
| Data Deletion | Within 30 days of request or account termination |
| Data Classification | Well data and simulation results classified as confidential; usage analytics anonymized |
Security Questionnaires
PetroBench supports common security questionnaire formats including SIG Lite, CAIQ, and custom formats. To submit a security questionnaire or request our pre-completed responses, contact legal@petrobench.com.
Request Documentation
To request compliance documentation, audit reports, or a Data Processing Agreement:
- Email: legal@petrobench.com
- Contact your Account Executive