Our operational security policies include policies governing IT assets, access controls, internet access policies, antivirus policies, remote access policies, and other risk mitigation measures.
We have advanced alerting and monitoring systems for both security and uptime.
Engineers are on call 24/7 in case any problems are detected. Specifics to our operational measures may be provided upon request.
Any code gets inspected closely before releasing it. Our engineers inspect each new feature's logic, and information flows to ensure no security vulnerabilities are introduced. But because humans aren't perfect, we also write tests to confirm the application does not behave in an unexpected way.
We also run semiautomatic scanning tools, like Snyk, for new features to find any security problems.
We have fully functional automation systems implemented, which enable us to deploy changes to any of our applications in minutes. We typically deploy multiple times a week—so we are well placed to roll out a security fix quickly, should the need arise.
We use third-party software to make Layer better every day. Of course, it is never as simple as using a component and then forgetting about it, so at Layer, we review and monitor our third-party components for known vulnerabilities.
Each report is analyzed and acted upon based on the criticality of the vulnerability, with a response time from one day for critical vulnerabilities to eight days for medium-risk vulnerabilities (as defined by their CVSS score).
We conduct regular penetration and vulnerability testing to proactively identify and remediate any security vulnerabilities in the Layer system.
We are independently audited by the security company X41-D-Sec.
Your files can only be accessed by you and no one else. We operate according to the principle of least privilege and conduct regular checks to ensure that Layer personnel is only granted the permissions needed to perform their job functions.
We are fully GDPR-compliant. We work with a German-based, TÜV certified service heyData GmbH, ensuring GDPR compliance by conducting audits, employee training, and coaching.
According to article 17 of the GDPR (EU), our physical and electronic records data retention policies ensure that no longer needed records or ones of no value are deleted at regular intervals.
We are currently undergoing the process of becoming a SOC 1 and also SOC 2 Type 2 certified organisation.