Incident Response
How Layers handles production incidents.
Policy summary
- Detection — internal monitoring, customer reports.
- Triage — on-call severity assessment.
- Containment — stop-the-bleeding actions.
- Eradication — root-cause fix.
- Recovery — restore full service.
- Post-mortem — shared with affected partners where warranted.
Severity levels
| Severity | Examples |
|---|---|
| SEV-1 | Full outage, confirmed data breach. |
| SEV-2 | Partial outage — e.g., CAPI relay degraded, workflow processing delayed. |
| SEV-3 | Single-layer degradation, individual-customer issue. |
| SEV-4 | Cosmetic, non-production. |
Notification
- SEV-1 / SEV-2: we notify Org Owners / registered Security contacts as soon as confirmed.
- SEV-3: customer-facing communication on a case-by-case basis.
- SEV-4: no customer notification unless it escalates.
Breach notification
If an incident involves a breach of Customer Data, we notify your designated Security contact within the 72-hour window set by GDPR Article 33. See DPA.
Post-incident review
Post-mortems are written for SEV-1 and SEV-2. Affected partners can request a copy via support@layers.com.
Contacts during an incident
support@layers.com— general.security@layers.com— security-classified.dpo@layers.com— data-privacy concerns.