Security
Infrastructure, network security, and platform reliability
PetroBench runs on cloud infrastructure built for security, performance, and reliability.
Cloud Hosting
PetroBench is hosted on Amazon Web Services (AWS), which maintains SOC 2 Type II certification for its infrastructure. See Compliance for details on our security practices.
| Aspect | Details |
|---|---|
| Provider | Amazon Web Services (AWS), SOC 2 Type II certified |
| Region | US East (Virginia) |
| Data Residency | All customer data stored in US-based data centers |
| Availability Zones | Multi-AZ deployment for redundancy |
| Edge Security | Cloudflare, SOC 2 Type II certified |
All data is currently hosted in the US. Contact sales@petrobench.com if you have specific data residency requirements.
Network Security
Multiple layers of network security protect the platform:
- DDoS Protection: Cloudflare provides always-on DDoS mitigation and edge security
- Web Application Firewall: Protection against OWASP Top 10 vulnerabilities including SQL injection, XSS, and CSRF
- TLS Encryption: All connections secured with TLS 1.2 or higher
- HTTPS Enforced: HTTP connections are automatically redirected to HTTPS
- IP Reputation Filtering: Malicious traffic blocked at the edge before reaching application servers
Platform Availability
| Metric | Target |
|---|---|
| Uptime SLA | 99.5% monthly uptime |
| Planned Maintenance | Scheduled with 48 hours advance notice, performed during low-traffic windows |
| Status Page | Real-time status at status.petrobench.com |
status.petrobench.com
View current system status, incident history, and subscribe to updates
Security Assessments
| Assessment | Frequency | Details |
|---|---|---|
| Vulnerability Scanning | Continuous | Automated scanning of infrastructure and dependencies |
| Code Reviews | Every change | Security-focused review required for all pull requests |
| Dependency Auditing | Continuous | Automated alerts for known vulnerabilities in dependencies |
Employee Security
- Background Checks: All employees undergo criminal and employment history verification before onboarding. Subcontractors with production access are subject to the same checks.
- Security Training: Mandatory security awareness training at onboarding and annually thereafter
- Access Controls: Least-privilege access to production systems. Quarterly access reviews conducted by engineering management with documented revocation of unused access.
- Confidentiality: All employees sign confidentiality and acceptable use agreements
- Offboarding: Access revoked immediately upon departure
Vulnerability Disclosure
If you discover a security vulnerability in PetroBench, please report it responsibly:
- Email: security@petrobench.com
- Response: We acknowledge reports within 1 business day
- Disclosure window: We request reasonable time to remediate before public disclosure
- Scope: All PetroBench production systems and APIs
We do not pursue legal action against researchers who follow responsible disclosure practices.
Business Continuity
| Area | Details |
|---|---|
| Backups | Daily automated backups with point-in-time recovery |
| Backup Retention | 30 days |
| Backup Encryption | AES-256, same standard as primary data |
- Incident Response: Defined procedures for security and availability incidents (see Incident Response)
- Notification: Affected customers notified within 72 hours of confirmed security incidents
Request Detailed Documentation
For detailed architecture diagrams or infrastructure documentation:
- Email: legal@petrobench.com
- Contact your Account Executive