‘Oil’ be on your Mind: Recordkeeping and Compliance in Oil & Gas

What do CERCLA, ISO, and SOX mean to you and your business?

With increased attention on good governance practices, oil and gas industry members are only an acronym away from experiencing a regulatory rain that rivals hell’s brimstone.

Luckily, all the pain can be avoided with good records management and reporting compliance.

The following are some examples of the requirements for records management specific to the oil and gas industry:


Environmentally speaking, members of the oil and gas industry will need to comply with the Comprehensive Environmental Response, Compensation, and Liability Act (CERCLA). Enforced by the EPA, CERCLA contains several sections that specify records management, maintenance, and reporting, as well as addressing inspection concerns.

Several sections of CERCLA express obligations for companies to maintain records and report activities in order for them to operate within the confines of environmental law. One such section outlines the reporting requirements of the Underground Injection Control (UIC) Program:

“The UIC program requires owners and operators of Class I wells to maintain records and report quarterly on the characteristics of injection fluids and, ground-water monitoring wells (if required) and various operating parameters (e.g., injection pressure flow rate, etc.) (40 CFR §146.13(c))…”

The penalties for non-compliance are high and can dramatically impact the bottom line of a business. Good records management can help you avoid the fines and help you take advantage of the incentives the EPA offers for reporting compliance. For example, general provisions outlined in Section 3 of the Safe Water Drinking Act (SWDA) state:

“…for the implementation of the SDWA including: assurance of adequate treatment chemicals, grants for State programs; records and inspection requirements; establishment of an advisory council; regulation of Federal agencies; judicial review; and citizens civil actions.”

ISO 27002

Members of the oil and gas industry don’t just operate in one country, they conduct business all over the world. Running an international business means having to conform to international standards for record keeping. One standard, set forth by the International Organization for Standardization (ISO), gives information security management recommendations for those who are responsible for initiating, implementing or maintaining information security.

The standard outlines requirements for the oil and gas industry to maintain detailed equipment maintenance records and secure and back-up business records. For instance, Step 10.5.1 details the process of examining a company’s information back-up:

“…b) accurate and complete records of the back-up copies and documented restoration procedures should be produced;…”


The Sarbanes-Oxely Act (SOX) is legislation passed by Congress that sets forth auditing, quality control, and independence standards and rules for industries’ and is meant protect shareholders from fraudulent practices.

Quite a few sections of SOX state that records must be maintained and retained to avoid civil and criminal liabilities. Specifically, Section 802 outlines the criminal penalties associated with altering documents:

“The Securities and Exchange Commission shall promulgate, within 180 days, after adequate notice and an opportunity for comment, such rules and regulations, as are reasonably necessary, relating to the retention of relevant records such as workpapers, documents that form the basis of an audit or review, memoranda, correspondence, communications, other documents, and records (including electronic records) which are created, sent, or received in connection with an audit or review and contain conclusions, opinions, analyses, or financial data relating to such an audit or review, which is conducted by any accountant who conducts an audit of an issuer of securities to which section 10A(a) of the Securities Exchange Act of 1934 (15 U.S.C. 78j–1(a)) applies.)”

Implementing a good records management solution not only helps your business comply with the standards set forth by SOX, it also helps protect you in cases of fraud.

Records Success

A successfully managed records solution implements the regulations surrounding your industry, thereby mitigating regulatory fines, and increasing competitiveness.

At FileFacets, we help you satisfy internal information management policies while also complying with external regulatory requirements. Increase efficiency and decrease the risk or impact of litigation, all through advanced records information management.