Resource Guru

Resource Guru - Project Scheduling and Leave Management

Resource Guru is a cloud-based team project scheduling calendar and leave management system—the simple way to schedule people and other resources online. Powerful reports show utilisation rates, billable vs. non-billable time, overtime, holiday and other time off. Custom filters allow you to focus on resources by "Skill", "Location", "Department" etc.


  • Drag and drop scheduling means booking changes are quick
  • Powerful reports showing utilisation, billable vs. non-billable projects and leave
  • Leave management system including personal time off, sick leave etc.
  • Calendar integration with Outlook, Google, Apple and many more
  • Custom fields allow you to categorise your resources
  • Filters enable you to focus by "Skills", "Location", "Department" etc.
  • Custom availability and overtime
  • Individual user dashboards with granular permissions
  • Waiting list for bookings where there isn't sufficient availability
  • SSO for added security


  • See the big picture—who's free, who's busy and who's off
  • Reports give insight into the health of your business
  • Become more profitable due to increased efficiency
  • Allocate time off in the context of other work
  • Collaborate with the whole team with granular access permissions
  • Make changes quickly with drag and drop bookings
  • See your bookings on the move with mobile friendly schedule
  • Clash management means nobody gets overbooked
  • Boost team morale when everyone knows what they're working on
  • View bookings alongside other events with calendar integration


£2.39 to £6.38 per person per month

Service documents


G-Cloud 11

Service ID

7 5 0 0 8 7 7 0 0 6 6 1 9 2 1


Resource Guru

Percy Stilwell

+44 20 8133 3708

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints None
System requirements Computer with a modern browser

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Usually within 1 hour between 9am - 5pm on week days.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels General email support is available to all customers. Master plan customers can get phone support. Training can be arranged at an extra cost.

Online - 1st hour is free. Subsequent hours - £50 per hour (+ VAT), Half day equivalent - £200 (+ VAT).

On-site - Half day - £600 (+ VAT), Full day - £1,200 (+ VAT) -
the minimum charge for on-site training is half a day
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started We provide a comprehensive Help Centre at where we will also be adding video tutorials soon.
Demos and online training are also available and onsite training can be provided at extra cost.
We monitor user progress and send automated emails and in-app messages to help onboard them at every step of the way.
Service documentation Yes
Documentation formats HTML
End-of-contract data extraction Users are able to export their booking data from the reports section of the app.
End-of-contract process Contracts can be terminated online if the user has the appropriate account permissions. Once the contract is terminated, no further charges apply and there are no additional costs after the contract ends.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service We don't have native apps yet but the software is usable on mobile devices via a mobile browser. Only some new beta features have been optimised for mobile devices.
Service interface No
What users can and can't do using the API Resource Guru has a REST-style API that uses serialised JSON and OAuth 2 authentication. Users can create, read, update and delete most of the data in their accounts if they have the appropriate permissions.

In order to make authorised calls to Resource Guru's API, your application must first obtain an OAuth access token. To register your app go to

Once you have authenticated, you can make changes by interacting with a comprehensive set of endpoints. Please see for details.

There is a rate limit - you can perform up to 33 requests per 10 second period on a registered application. If you exceed this limit, you'll get a 403 Rate Limit Exceeded response for subsequent requests.
API documentation Yes
API documentation formats HTML
API sandbox or test environment No
Customisation available Yes
Description of customisation Resource Guru contains custom fields that allow users to categorise and filter data in customised ways. For example, users can categorise and filter by custom fields like "Skill", "Department", "Location", "Permanent/Freelance" etc.


Independence of resources We monitor the operating system, database and application through statsd and other services. We have monitors on critical statistics such as memory usage, disk usage, network throughput, application requests per second, database queries per second. Alerts are posted to our team as soon as thresholds are met to ensure we can take appropriate action prior to any impact on our users.


Service usage metrics No


Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Staff screening not performed
Government security clearance None

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency Never
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Data importing and exporting

Data importing and exporting
Data export approach Users can download .csv files of their booking data from the reports section.
Data export formats CSV
Data import formats CSV

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Other
Other protection within supplier network Firewalled VPC

Availability and resilience

Availability and resilience
Guaranteed availability We will provide the Service with reasonable care and skill, and will make reasonable endeavours to ensure the Service is available at all times during normal working hours, except for scheduled maintenance which we will notify on the Website.
Approach to resilience Resource Guru is primarily hosted on Google Cloud Platform - offering a highly secure, reliable and resilient environment. Systems automatically restart when they fail and automatically scale up when necessary. The Google security model is an end-to-end process, built on over 15 years of experience focused on keeping customers safe on Google applications like Gmail and Google Apps. With Google Cloud Platform our app and data take advantage of the same security model. Our data is backed up onto encrypted, redundant block storage across multiple availability zones in our data centre using a method that allows us to perform a point-in-time recovery to any time of the day. Google Compute Engine has completed ISO 27001, SSAE-16, SOC 1, SOC 2, and SOC 3 certifications, demonstrating their commitment to information security (many Google customers use SOC 1 as an integral part of their Sarbanes-Oxley efforts and other security and compliance initiatives).
Outage reporting Any outages are reported on Twitter ( and via email if necessary. Our uptime is normally over 99% as you can see here

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
Access restrictions in management interfaces and support channels All management interfaces and support channels are password protected with individual login accounts.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for Between 1 month and 6 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 EY CertifyPoint
ISO/IEC 27001 accreditation date 15/04/2013
What the ISO/IEC 27001 doesn’t cover This certification applies only to our hosting provider, Google Cloud Platform
ISO 28000:2007 certification No
CSA STAR certification Yes
CSA STAR accreditation date Unknown
CSA STAR certification level Level 1: CSA STAR Self-Assessment
What the CSA STAR doesn’t cover This certification applies only to our hosting provider, Google Cloud Platform. Please see
PCI certification Yes
Who accredited the PCI DSS certification We use Recurly which is PCI-DSS Level 1 compliant
PCI DSS accreditation date Unknown
What the PCI DSS doesn’t cover Please see
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach Both the Joint-CEO and the CTO work closely together to identify and mitigate security risks. Furthermore, all employees are required to agree to our IT and Communications Systems Policy which promotes effective security practices.
Information security policies and processes All employees are required to agree to our IT and Communications Systems Policy which covers:
- Equipment security and passwords
- Systems and data security
- Security related to communications
- Data protection
- Monitoring
- Social media

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach We operate a system of continuous delivery and deploy code to a staging server that mirrors our production environment. This ensures that, prior to deployment, the application functions as expected through rigorous automated and manual testing. All code is subject to automated security analysis on a frequent basis. Since every change is delivered to our staging environment, we can have confidence that the application can be safely deployed to production. We use Git source control so changes can be quickly and easily rolled back if necessary.
Vulnerability management type Supplier-defined controls
Vulnerability management approach - We perform regular security scans using an independent, third party vulnerability scanner.
- We use automated code analysis systems to highlight any potential security threats and vulnerabilities.
- Important threats are assigned the highest priority as soon as they are identified and work begins immediately to mitigate.
- Patches are usually deployed within 24 hours depending on the complexity.
- Passwords are stored encrypted - hashed with salt using a strong hashing algorithm.
- Data is backed up frequently, stored securely on Google’s servers and features point-in-time recovery.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Logs are monitored for patterns of usage that would indicate an attempt to gain unauthorised access to an account. Sudden abnormalities in number of unauthorised actions are monitored and raise alerts for our engineering team to respond to. We aim to respond to any compromise within 24 hours.
Incident management type Supplier-defined controls
Incident management approach Yes, we do have pre-defined security incident procedures. Users can report incidents via email or phone. We aim to respond to any security incidents within 24 hours. If there is any significant impact on the availability of our service, we will communicate frequently with customers via email and other channels to ensure that they are fully aware of when service will be resumed. We will also ensure that details of the cause of the incident and plans to ensure it doesn't happen again are communicated to the degree that security is not compromised.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Public sector networks

Public sector networks
Connection to public sector networks No


Price £2.39 to £6.38 per person per month
Discount for educational organisations Yes
Free trial available Yes
Description of free trial We have a 30 day free trial with unrestricted functionality
Link to free trial

Service documents

Return to top ↑