Shared Responsibility

Security is a shared responsibility. PetroBench secures the platform and infrastructure. Customers are responsible for how their organization uses it.

Your Responsibilities

User Access

• Manage user accounts and roles within your organization
• Remove access promptly when team members depart
• Assign roles appropriate to each user's function
• Review user access periodically

Authentication

• Enable and enforce MFA for your users
• Configure and maintain your SSO identity provider integration
• Secure API keys and rotate them when team members with access depart

Data

• Ensure the accuracy of data entered into PetroBench
• Classify data according to your internal policies
• Comply with your own data handling requirements
• Make informed decisions about data sharing and export

Usage

• Train users on security best practices within your organization
• Report suspected security issues promptly to legal@petrobench.com
• Keep browsers and devices updated

What PetroBench Handles

PetroBench is responsible for the security and availability of the platform itself:

• Infrastructure: Physical security, network protection, DDoS mitigation, WAF, server patching and hardening
• Application: Security testing, SAST, dependency scanning, annual penetration testing
• Encryption: AES-256 at rest, TLS 1.2+ in transit, logical tenant isolation at the database layer
• Availability: Uptime commitments per your plan, daily backups, zero-downtime deployments
• Incidents: Notification within 72 hours of a confirmed security incident affecting customer data

Responsibility Summary

For questions about responsibilities, contact legal@petrobench.com.