Shared Responsibility

Security is a shared responsibility between PetroBench and our customers. This model ensures clarity about who is responsible for what aspects of security.

PetroBench Responsibilities

We are responsible for securing the platform and infrastructure:

Infrastructure Security

• Physical security of data centers (via AWS)
• Network security and DDoS protection
• Server and database security
• Patch management and vulnerability remediation

Platform Security

• Application security and code reviews
• Encryption of data in transit and at rest
• Secure authentication systems
• Regular security assessments and penetration testing

Operations

• 24/7 monitoring and incident response
• Automated backups and disaster recovery
• Security incident communication
• Compliance with applicable regulations

Availability

• Platform uptime and reliability
• Performance and scalability
• Scheduled maintenance with advance notice

Customer Responsibilities

You are responsible for security within your organization:

User Management

• Managing user accounts and access levels
• Removing access for departing employees promptly
• Assigning appropriate roles based on job function
• Reviewing user access periodically

Authentication

• Enabling MFA for user accounts
• Enforcing strong password policies
• Protecting SSO identity provider security
• Securing API keys and credentials

Data

• Accuracy of data entered into PetroBench
• Classification of sensitive information
• Compliance with your own data handling policies
• Decisions about data sharing and export

Usage

• Training users on security best practices
• Reporting suspected security issues
• Keeping browsers and devices updated
• Using secure networks when accessing PetroBench

Summary

Questions?

For questions about security responsibilities or to discuss your specific requirements:

• Email: legal@petrobench.com
• Contact your Account Executive