Application resilience at Juro

Juro is a trusted partner for thousands of users.

Juro is where your business’ most critical contract work takes place, so resilience and availability is crucial.

A resilient platform has the capability to recover and maintain availability when stressed by load, attacks, and failure of any component.

The Juro platform has been designed and built with resilience in mind, so you can close contracts 10x faster with the knowledge that you’re using a robust collaboration tool with market-leading levels of availability.

On this page we'll dive into our application resilience in more detail. You can view Juro’s current service status and historic uptime by visiting our status page.

Resilient cloud infrastructure

Customer data is stored in a secure production account in Amazon Web Services (AWS) and Mongo Atlas, using a combination of MongoDB database and AWS S3 object storage.

Juro leverages AWS availability zones, which are isolated locations within our selected region to operate infrastructure. This prevents failures in one zone from impacting others. AWS handles patching, updates and maintenance without downtime.

Juro stores its source code in Git repositories hosted by GitHub. We back up those repositories to our AWS account daily. If GitHub were to suffer a catastrophic loss of data, we could restore our source code from the backups in AWS.

These solid foundations contribute to Juro’s best-in-class service availability.

Data replication and backups

To protect the integrity and availability of customer data, Juro performs automatic, complete backups of customer data every two hours. Backups are encrypted in the same way as live production data.

As part of its business continuity and disaster recovery planning, Juro sets targets for recovery using two common cloud application methods:

1. Recovery Point Objective (RPO): This is the point in time from which data can be restored. In other words, this defines how much data would be lost and would need to be recreated
2. Recovery Time Objective (RTO): This is the point in time at which availability can be restored, complete with data from the point in time set by the RPO

Juro’s RPO is two hours, as is Juro's RTO - so if Juro suffered a catastrophic failure, we aim to restore all data up to a maximum of two hours before the failure, within two hours after the failure.

Given the importance of contracts to businesses, we also recommend that customers perform their own backups of data in Juro.

The platform makes this super easy to do - you can download drafts and published copies of documents at any time from Juro.

Alternatively, you could set up an integration with your file storage system (like Google Drive) to store documents as soon as they're signed.

High availability architecture

Juro’s architecture is designed with high availability at its core.

The Juro platform uses microservices architecture. This involves designing the software as a series of small, modular components called services.

Each service focuses on completing one specific task or functionality and is independently developed, tested and deployed.

Each service can then be scaled up or down automatically to meet demand. And if one service fails, the platform overall still works as other services remain functional. This greatly improves the resilience of the Juro platform.

Juro also uses load balancing to distribute traffic across these services. If one service fails, traffic is routed to healthy services. This also improves availability.

Event logging and monitoring

A key part of Juro’s information security programme is to implement monitoring and logging processes that enable Juro to detect incidents and identify their causes quickly and efficiently to mitigate their impact.

Juro uses a series of tools to log events in relation to its services, and to monitor for anomalies:

• Event logging: we use Grafana Loki and CloudWatch for event logging. We keep these records for one year, allowing us to look back if there is an incident and identify events that might have contributed to it
• Security anomaly detection: we use Sentry, AWS WAF and Falco to detect security anomalies
• Infrastructure access: we log all access to our infrastructure accounts using AWS CloudTrails
• Backups: we monitor our automated backup processes using Cloud Atlas and PagerDuty. Backup failures trigger an incident by alerting Juro’s engineering and security teams

Policies and procedures

Alongside systems, tools and processes, Juro maintains policies and procedures for its personnel designed to ensure application resilience.

We maintain the following:

• A backup policy
• A business continuity plan
• An incident response plan
• A personal data breach response plan
• A disaster recovery plan

These policies are reviewed at least annually, and are assessed as part of our annual SOC 2 Type II attestation process.

Regular testing

Resilience testing is a key part of both our regular reviews of security measures, and also our normal software development lifecycle.

Alongside our annual renewal process for our SOC 2 Type II attestation, we also test our business continuity and disaster recovery plans at least annually.

We conduct regular training for our personnel on how to identify and respond to incidents. We conduct both tabletop and live disruption tests at least annually to test the resilience of the Juro platform.

Uptime service levels

Customers on our enterprise plans also benefit from an uptime service level commitment. If you are interested in upgrading to an enterprise plan, please contact your salesperson or account manager.

And if you're not yet a customer, get in touch - fill in the form below.