By Neno Duplan, Founder and CEO, Locus Technologies
Reading Time: 13 minutes 18 seconds
TL;DR: Most EHS software was built to manage safety incidents, audits, and compliance tasks. PFAS monitoring requires something fundamentally different: a platform designed from the ground up around analytical chemistry, laboratory data, and measurement science. Locus EIM has managed 4,603,084 validated PFAS records across more than 38,000 global sites, covering all 430 compounds in the EPA’s analytical inventory. For chemical manufacturers and oil and gas companies navigating CERCLA hazardous substance liability for PFOA and PFOS, expanding Toxics Release Inventory obligations, and TSCA Section 8(a)(7) reporting deadlines, the quality and organization of their PFAS data record is now a legal and financial asset, not just a compliance requirement. This article explains why the architecture of your environmental software determines whether that asset is defensible, and what “built for science” means in practice for a multi-site industrial PFAS monitoring program.

When an environmental professional at a chemical manufacturing company sits down to manage their PFAS monitoring program, they are not doing paperwork. They are doing science. They are working with laboratory electronic data deliverables, detection limits that sit at or below four parts per trillion, running average calculations tied to enforceable maximum contaminant levels, geospatial data connecting monitoring wells to receptors, and a chain of custody that may one day be reviewed by a federal regulator or a plaintiffs’ attorney.
That is a fundamentally different problem than tracking a safety incident or managing an audit checklist. And yet, many of the software platforms competing for your EHS budget were built to do exactly that: track incidents, manage audits, and handle compliance tasks that involve documents and workflows rather than analytical chemistry and measurement science.
I founded Locus Technologies in 1997 on a simple premise: environmental data is consequential in a way that most enterprise software has never taken seriously. Nearly three decades later, PFAS has made that premise impossible to ignore.
Environmental decisions, regulatory compliance, remediation strategies, public health assessments, and corporate liability all depend on the quality and integrity of analytical data. Yet many organizations still treat laboratory results as just another dataset to be stored rather than as the foundation upon which critical decisions are made.
What a blood test is to your health, analytical laboratory data is to your environmental program. Analytical data provides the evidence needed to diagnose problems, understand trends, assess risk, measure progress, and determine the appropriate course of action. Without trusted analytical data, environmental management becomes guesswork.
As PFAS continues to reshape environmental regulation and risk management worldwide, the ability to manage, validate, interpret, and act upon laboratory data has become more important than ever. The stakes of storing laboratory data extend far beyond the technology stack. Laboratory data powers compliance and operational decision-making, with implications for public trust.
The PFAS Data Problem Is Not What Most Companies Think It Is
Most conversations about PFAS compliance focus on the regulatory landscape, which is genuinely complex. The EPA has retained the 4 parts per trillion maximum contaminant levels for PFOA and PFOS under the Safe Drinking Water Act while extending the compliance deadline to 2031. PFOA and PFOS have been designated as hazardous substances under CERCLA, with industry groups estimating potential cleanup costs exceeding $17.4 billion at non-federal Superfund sites alone. The Toxics Release Inventory now covers more than 200 PFAS compounds, with new additions each year. TSCA Section 8(a)(7) reporting requirements are in motion, with most manufacturers now facing submission deadlines through October 2026.
For years, PFAS compliance has been framed as a regulatory challenge. In practice, the companies I speak with in chemical manufacturing and oil and gas face a different risk: their data infrastructure is not built to manage PFAS at scale.
PFAS is not one chemical. PFAS are a family of more than 12,000 compounds. The EPA’s analytical library covers 430 specific PFAS compounds that have been commercially procured to support environmental monitoring and toxicity testing. Each of those compounds has its own CAS number, its own analytical method, its own detection limit characteristics, and increasingly its own regulatory threshold depending on which jurisdiction and which rule you are operating under. Tracking this in a spreadsheet or in a generic EHS platform that was configured for incident management is a liability in the making.
Here is what actually happens when a company that has been managing PFAS data in spreadsheets or a safety-first EHS platform gets a request from a regulator or a discovery request from a plaintiff: they spend weeks pulling records from multiple systems, reconciling different naming conventions for the same compounds, trying to reconstruct whether a non-detect result was below the method detection limit or the practical quantitation limit, and hoping that what they produce looks like a coherent picture of their monitoring history. Often the outcome does not.
The companies that are positioned well for what is coming are the ones whose PFAS data is organized the way science organizes it: by location, by sampling event, by analytical parameter, by detection limit, by validated result, by quality control flag, connected to a chain of custody, and linked to a GIS coordinate that places every measurement in its geographic context.

Locus EIM manages every step. Most EHS platforms only touch the last two.
What “Built for Science” Actually Means in Practice
Locus EIM, which stands for Environmental Information Management, has been the foundation of our platform since 1999. EIM was not built to track incidents. Locus built EIM to manage the data environmental scientists and compliance professionals actually work with: field samples, laboratory results, electronic data deliverables from certified labs, quality control data, and the regulatory calculations that flow from all of the above.
That design decision has concrete consequences for how PFAS monitoring works inside our platform versus what a company would experience configuring a generic EHS system for the same purpose.
The chemical library is already built. When a client needs to begin monitoring for PFAS under a new consent order, a state-level monitoring requirement, or a proactive site characterization program, they do not spend months building a chemical library. All 430 EPA-inventory PFAS compounds are already in the system, with the associated CAS numbers, analytical methods, and detection limit parameters. A company configuring a safety-first EHS platform for PFAS monitoring faces a different reality: they are building from scratch, which means months of scientific configuration work before a single monitoring result can be entered in a compliant format.
The data model handles the full chain from sample to report. The challenge is that a laboratory result is never just a number. A PFAS concentration reported as 4.667 parts per trillion may be accompanied by more than 100 pieces of supporting metadata that may ultimately be needed to defend that single result if it is challenged by regulators, attorneys, auditors, or in a court of law. Instrument calibration records, detection limits, surrogate recoveries, holding times, analytical methods, laboratory certifications, quality control samples, chain-of-custody records, sample preservation details, and the identity of the analyst who performed the work are all part of the evidentiary record. Managing only the final result while discarding the supporting context undermines scientific defensibility and regulatory credibility. This is where environmental data management differs fundamentally from most enterprise software categories. The data model must preserve and manage the complete chain of evidence, not simply the outcome.
A PFAS monitoring program does not begin when a result arrives from a laboratory. It begins when a sample is planned, moves through field collection and chain of custody, arrives at the laboratory as an electronic data deliverable, passes through validation and quality control review, and only then becomes a defensible result that can support compliance decisions, risk assessments, or remediation activities. Locus EIM was built to manage this entire chain. The platform’s data model follows information from sample planning through collection, transportation, laboratory analysis, quality assurance review, validation, reporting, and long-term retention. Every step is traceable, auditable, and connected to the underlying evidence.
Many platforms approach PFAS as an incident management, reporting, or workflow problem. Those systems may handle the endpoint, if they handle PFAS at all, but they do not manage the journey. The journey is where errors accumulate, where data gaps emerge, where regulatory exposure increases, and where scientific defensibility can break down.
As PFAS continues to reshape environmental regulation and risk management worldwide, the ability to manage, validate, interpret, and defend analytical laboratory data has become more important than ever. It is not merely an IT challenge. It is a scientific, regulatory, legal, and business imperative.
The calculations are built and validated. A PFAS MCL compliance calculation is not simply comparing a result to a threshold. The EPA’s framework requires running annual averages across sampling locations, correct treatment of non-detect results relative to specific method detection limits, and aggregation logic across monitoring points that reflects the actual compliance structure for a given permit or consent order. Locus has processed more than 4,603,084 validated PFAS records across more than 38,000 sites globally as of June 2026. The calculation logic embedded in our platform has been tested, challenged, and refined against the requirements of real monitoring programs under real regulatory scrutiny. A company standing up a PFAS compliance system for the first time is doing that testing on their own data, in their own regulatory context, under their own risk exposure.
The GIS layer connects measurements to geography. Every monitoring location in Locus EIM carries a coordinate. That coordinate connects the result to the physical world: the direction of groundwater flow, the distance to the nearest receptor, the relationship to other monitoring points in the network. When a regulator asks whether a PFAS detection in a monitoring well represents a migration risk, the answer requires spatial context. When a plaintiffs’ attorney asks about exposure pathways, the answer requires spatial context. Locus makes that context native to the data, not something that has to be reconstructed after the fact using a separate GIS system.

The largest real-time PFAS database managed by an EHS software platform.
What 4.6 Million PFAS Records Have Taught Us
Locus currently manages 4,603,084 validated PFAS records across more than 38,000 sites, covering all 430 compounds in the EPA’s analytical inventory. That dataset represents something that no generic EHS platform can replicate: accumulated operational experience with PFAS data at scale.
Our experience matters in ways that are specific and practical. We have seen how non-detect results need to be handled when the method detection limit changes between sampling events. We have seen the data quality issues that arise when a laboratory switches analytical methods mid-program. We have seen the reconciliation challenges when a monitoring program expands to cover new compounds that were not in the original sampling scope. We have built solutions to these problems in the platform because our clients have encountered them in the field, and what we learn from one monitoring program ultimately strengthens the tools available to all of our clients.
That is a consequence of our multitenant architecture. All of our clients operate on the same platform, with the same underlying data model and calculation engines. When we improve the handling of non-detect results in compliance averaging calculations, every client benefits immediately. A per-customer installation – which is how most of our competitors operate- fails to deliver the shared benefits of a multitenant architecture.
For a chemical manufacturer beginning a serious PFAS data management effort, this accumulated experience is worth measuring in terms of avoided mistakes and compressed timelines. You do not need to discover that your EDD loader cannot handle the reporting format your laboratory uses. You do not need to find out during a regulatory inspection that your running average calculation was treating non-detects incorrectly. You do not need to spend six months building a chemical library that Locus has maintained and refined since before PFAS became a household word.
The CERCLA Designation Changes the Data Calculus
The designation of PFOA and PFOS as hazardous substances under CERCLA has shifted the stakes for PFAS data management in a way that many companies are still absorbing. CERCLA imposes broad, retroactive, and strict liability. CERCLA does not require proof of negligence, but does require proof of a release of a hazardous substance and a connection to cleanup costs.
In that legal environment, the quality and completeness of your historical PFAS monitoring data is a legal asset or a legal liability, depending on its condition.
Industry groups estimated three years ago that assessment and cleanup costs for PFOA and PFOS at non-federal Superfund sites alone could total more than $17.4 billion, or roughly $900 million annually over 30 years. That estimate pre-dates the full scope of state-level monitoring requirements, private litigation, and the expanding TSCA reporting obligations that have developed since. The companies that are managing this liability well are the ones who can produce a complete, defensible, spatially organized record of their PFAS monitoring history on demand.
Locus is the only EHS platform whose PFAS data management capability was built from the analytical data up, not from the incident management down. Records seem mundane until a regulator or plaintiff asks to see them.
The Integration Problem That Safety-First Platforms Cannot Solve
A PFAS detection event does not stop being a compliance challenge when the monitoring window closes. A single detection can affect multiple regulatory programs. A detection in a surface water discharge feeds into Clean Water Act discharge monitoring reports. Contaminated material requiring disposal becomes part of hazardous waste tracking. Energy-intensive treatment strategies can affect GHG reporting. Spill notification requirements can trigger incident management workflows.
Managing these connections across siloed systems requires manual reconciliation, introduces data gaps, and creates the kind of inconsistency that regulators and auditors notice. Locus manages all of these programs in a single platform on a shared data layer. A PFAS exceedance can trigger the right compliance workflows across media and regulatory programs automatically, because the underlying data model was designed to support exactly this kind of cross-program connection.
No safety-incident platform that added an environmental module can offer this. The connections were not in the original design and adding them later means building integrations between systems that were never meant to speak to each other.
A Practical Path Forward for Chemical Manufacturers and Oil and Gas Companies
If you are a chemical manufacturer or oil and gas company that is managing PFAS obligations with spreadsheets, a repurposed safety platform, or a patchwork of disconnected tools, the question is how much risk exposure you are accumulating while you decide whether to upgrade your system.
Here is what a move to Locus Technologies looks like in practical terms.
- You begin with your existing data. Locus EIM can ingest historical PFAS results from virtually any format: laboratory EDDs, spreadsheet exports, legacy database tables. The data model accommodates the full range of analytical parameters in the EPA inventory. Your historical monitoring record, whatever its current condition, can be organized into a defensible, query-able, spatially referenced dataset.
- You do not spend months configuring a chemical library. The compounds are in the system. The methods are in the system. The regulatory thresholds, where established, are in the system and maintained as the regulatory landscape evolves.
- You get a calculation engine that has been tested against the requirements of real monitoring programs at real regulated facilities. The running averages, the detection limit logic, the aggregation across monitoring locations: this is not something you configure. It is something you get.
- You get a GIS layer that places every result in its geographic context, connecting monitoring data to the spatial analysis that regulators and risk assessors actually use.
- And you get a platform that connects your PFAS monitoring to the rest of your environmental and compliance program, so that a PFAS result does not live in isolation from the other data that defines your regulatory posture and your liability profile.
Neno Duplan is the founder and CEO of Locus Technologies, which he established on April 11, 1997, in San Francisco, California. Locus manages more than 523 million environmental records across 1.6 million sites globally, including 4,603,084 validated PFAS records across more than 38,000 sites, covering all 430 compounds in the EPA analytical inventory. To learn more about Locus EIM and PFAS data management, visit locustec.com or schedule a demonstration.
Frequently Asked Questions
What is the difference between EHS software and environmental information management software for PFAS compliance?
Most EHS software platforms were designed around safety incidents, audits, and compliance task management. They track what happened, who was notified, and what corrective actions were taken. Environmental information management software, by contrast, is built around analytical data: laboratory results, field measurements, chain-of-custody documentation, detection limit calculations, and regulatory averaging. PFAS compliance requires the latter. You cannot manage a PFAS monitoring program effectively in a system designed to track safety incidents, because the data model, the calculation logic, and the laboratory data handling were never built for that purpose. Locus EIM has been built around analytical environmental data since 1999, which is why it handles PFAS monitoring natively rather than as a bolted-on module.
How does Locus handle the 430 PFAS compounds in the EPA inventory?
All 430 compounds in the EPA’s analytical PFAS library are pre-configured in Locus EIM, with the associated CAS numbers, analytical methods, and detection limit parameters. When a client needs to expand their monitoring to cover additional compounds, whether driven by a new consent order, a state monitoring requirement, or an updated analytical method, those compounds are already in the system. Locus has managed more than 4,603,084 validated PFAS records across more than 38,000 global sites. The chemical library reflects that accumulated experience.
What does CERCLA’s designation of PFOA and PFOS as hazardous substances mean for how companies should manage their PFAS data?
CERCLA imposes strict, retroactive liability for the release of hazardous substances. It does not require proof of negligence, only a connection between a release and cleanup costs. In that legal environment, the completeness and defensibility of your historical PFAS monitoring data functions as either a legal asset or a legal liability. A well-organized, spatially referenced, time-series monitoring dataset that documents the extent and behavior of PFAS at your sites gives you something to work with in regulatory negotiations and litigation defense. Fragmented, incomplete, or poorly documented monitoring data gives regulators and plaintiffs something to work with instead. Industry estimates placed the potential cleanup costs for PFOA and PFOS at non-federal Superfund sites alone at more than $17.4 billion. The quality of your data record is directly relevant to how that cost exposure is ultimately allocated.
Can Locus EIM handle PFAS data from multiple sites across different regulatory jurisdictions?
Yes, and this is one of the specific capabilities that distinguishes Locus Technologies from platforms that were not designed for multi-site environmental data management. Locus EIM is built to manage monitoring programs across many sites simultaneously, with each site carrying its own regulatory context, its own monitoring network, and its own compliance calculation requirements. A chemical manufacturer with facilities in multiple states, each subject to different state-level PFAS requirements alongside federal MCLs, can manage the entire portfolio in a single system. The GIS layer connects every monitoring location to its geographic and regulatory context, and the reporting engine can produce regulatory deliverables tailored to the specific requirements of each jurisdiction.
How long does it take to get a PFAS monitoring program operational in Locus EIM?
The answer depends on the scope of the existing data that needs to be migrated and the complexity of the monitoring program. But the answer is substantially shorter than it would be for a company standing up PFAS tracking from scratch in a generic EHS platform, for one straightforward reason: the scientific foundation is already built in Locus. The chemical library, the calculation logic, the laboratory data intake process, the GIS framework: none of these need to be constructed from scratch. Companies that have come to Locus from spreadsheet-based PFAS management or from safety-first EHS platforms consistently report that the time-to-operability for a compliant, defensible PFAS monitoring program is measured in weeks, not months.
Locus is the only self-funded water, air, soil, biological, energy, and waste EHS software company that is still owned and managed by its founder. The brightest minds in environmental science, embodied carbon, CO2 emissions, refrigerants, and PFAS hang their hats at Locus, and they’ve helped us to become a market leader in EHS software. Every client-facing employee at Locus has an advanced degree in science or professional EHS experience, and they incubate new ideas every day – such as how machine learning, AI, blockchain, and the Internet of Things will up the ante for EHS software, ESG, and sustainability.


