# Incident Response (/docs/trust/incidents)



## Policy summary [#policy-summary]

1. **Detection** — internal monitoring, customer reports.
2. **Triage** — on-call severity assessment.
3. **Containment** — stop-the-bleeding actions.
4. **Eradication** — root-cause fix.
5. **Recovery** — restore full service.
6. **Post-mortem** — shared with affected partners where warranted.

## Severity levels [#severity-levels]

| Severity | Examples                                                                 |
| -------- | ------------------------------------------------------------------------ |
| SEV-1    | Full outage, confirmed data breach.                                      |
| SEV-2    | Partial outage — e.g., CAPI relay degraded, workflow processing delayed. |
| SEV-3    | Single-layer degradation, individual-customer issue.                     |
| SEV-4    | Cosmetic, non-production.                                                |

## Notification [#notification]

* **SEV-1 / SEV-2**: we notify Org Owners / registered Security
  contacts as soon as confirmed.
* **SEV-3**: customer-facing communication on a case-by-case basis.
* **SEV-4**: no customer notification unless it escalates.

## Breach notification [#breach-notification]

If an incident involves a breach of Customer Data, we notify your
designated Security contact within the 72-hour window set by GDPR
Article 33. See [DPA](/docs/trust/dpa).

## Post-incident review [#post-incident-review]

Post-mortems are written for SEV-1 and SEV-2. Affected partners can
request a copy via [support@layers.com](mailto:support@layers.com).

## Contacts during an incident [#contacts-during-an-incident]

* `support@layers.com` — general.
* `security@layers.com` — security-classified.
* `dpo@layers.com` — data-privacy concerns.