This is an external facing version of our Information Security Policy. A more detailed version is available upon request.
1. Purpose
Layer Systems takes information security seriously and recognises the trust customers place in us when using The Layer platform.
This policy explains, at a high level, how we protect customer data and maintain the security, availability, and reliability of our systems.
2. Scope
This policy applies to:
- The Layer platform and supporting services
- All customer data processed by Layer Systems
- All employees and contractors who access Layer Systems’ systems or data
3. Our Approach to Information Security
Layer Systems operates a cloud-hosted SaaS platform and applies security controls that are appropriate to our size, technology stack, and operating model.
Our approach focuses on:
- Preventing unauthorised access to customer data
- Protecting data from loss or corruption
- Ensuring systems remain available and recoverable
Security is treated as a shared responsibility across engineering and operations, with clear ownership at senior technical level.
4. Data Protection & Handling
Customer data is processed only to deliver contracted services.
We:
- Store customer data in managed cloud infrastructure
- Restrict access to authorised personnel on a need-to-know basis
- Apply controls to protect data during normal operation, maintenance, and support activities
Data handling practices are supported by documented backup, recovery, and restore procedures, which are tested as part of routine operations.
5. Access Control
Access to Layer Systems’ environments is tightly controlled.
- All users have unique accounts
- Access is granted based on role and responsibility
- Administrative access is limited to a small number of authorised individuals
- Access is removed promptly when roles change or when a person leaves the organisation
6. Encryption & Secure Communication
- All access to The Layer platform takes place over encrypted connections
- Customer data is protected at rest using encryption provided by the underlying cloud platform
- Encryption keys are managed within the hosting environment and are not shared externally
7. Infrastructure, Availability & Recovery
The Layer platform is hosted in a cloud environment designed for resilience and recovery.
Key measures include:
- Redundant application and database components
- Regular, automated backups with defined recovery objectives
- Tested restore processes
- The ability to recover services in the event of infrastructure or site failure
These measures are documented internally as part of our disaster recovery and service continuity planning.
8. Monitoring & Incident Management
Layer Systems monitors the health and availability of its systems on an ongoing basis.
- System and service issues are investigated promptly
- Security-related events are assessed and escalated where necessary
- Customers are informed of material service or security incidents in line with contractual obligations
9. Third Parties & Contractors
Layer Systems uses a small number of trusted third parties to support platform hosting, development, and testing.
- Third parties are engaged only where appropriate
- Contractors with system access are bound by confidentiality obligations
- Overall responsibility for security remains with Layer Systems
10. Workforce Responsibilities
All employees and contractors are expected to:
- Follow secure working practices
- Protect customer and company information
- Comply with confidentiality and acceptable use requirements
Failure to follow security expectations may result in disciplinary action.
11. Review & Maintenance
This policy is reviewed periodically to ensure it remains accurate and appropriate as the platform and organisation evolve.
12. Contact
For questions relating to information security, please contact:
Layer Systems Ltd
Email: support@layersystems.com
