Trust Center
Security
Infrastructure, network security, and platform reliability
PetroBench runs on cloud infrastructure built for security, performance, and reliability.
Cloud Hosting
PetroBench is hosted on Amazon Web Services (AWS), backed by their data center security and compliance certifications (SOC 2, ISO 27001, FedRAMP).
| Aspect | Details |
|---|---|
| Provider | Amazon Web Services (AWS) |
| Region | US East (Virginia) |
| Data Residency | All customer data stored in US-based data centers |
| Availability Zones | Multi-AZ deployment for redundancy |
Regional data center options may be available for enterprise customers with specific data residency requirements. Contact sales@petrobench.com for details.
Network Security
Multiple layers of network security protect the platform:
- DDoS Protection: Cloudflare provides always-on DDoS mitigation and edge security
- Web Application Firewall: Protection against OWASP Top 10 vulnerabilities including SQL injection, XSS, and CSRF
- TLS Encryption: All connections secured with TLS 1.2 or higher
- HTTPS Enforced: HTTP connections are automatically redirected to HTTPS
- IP Reputation Filtering: Malicious traffic blocked at the edge before reaching application servers
Platform Availability
| Metric | Target |
|---|---|
| Uptime SLA | 99.5% monthly uptime |
| Planned Maintenance | Scheduled with 48 hours advance notice, performed during low-traffic windows |
| Status Page | Real-time status at status.petrobench.com |
status.petrobench.com
View current system status, incident history, and subscribe to updates
Security Assessments
| Assessment | Frequency | Details |
|---|---|---|
| Penetration Testing | Annual | Third-party firm conducts full-scope pentest |
| Vulnerability Scanning | Weekly | Automated scanning of infrastructure and dependencies |
| Code Reviews | Every change | Security-focused review required for all pull requests |
| Dependency Auditing | Continuous | Automated alerts for known vulnerabilities in dependencies |
Penetration test summaries are available for enterprise customers under NDA. Contact legal@petrobench.com.
Employee Security
- Background Checks: All employees undergo background verification before onboarding
- Security Training: Mandatory security awareness training at onboarding and annually thereafter
- Access Controls: Least-privilege access to production systems with quarterly access reviews
- Confidentiality: All employees sign confidentiality and acceptable use agreements
- Offboarding: Access revoked immediately upon departure
Business Continuity
| Area | Details |
|---|---|
| Backups | Daily automated backups with point-in-time recovery |
| Backup Retention | 30 days |
| RPO (Recovery Point Objective) | 24 hours |
| RTO (Recovery Time Objective) | 4 hours |
| Backup Encryption | AES-256, same standard as primary data |
| DR Testing | Backup restoration tested quarterly |
- Incident Response: Defined procedures for security and availability incidents (see Incident Response)
- Notification: Affected customers notified within 72 hours of confirmed security incidents
Request Detailed Documentation
For detailed architecture diagrams, SOC 2 reports, or infrastructure documentation:
- Email: legal@petrobench.com
- Contact your Account Executive