Resource Guru

Resource Guru - Project Scheduling and Leave Management

Resource Guru is a team calendar for project scheduling, capacity and leave management—the simple way to schedule people and other resources online. Powerful reports show utilisation rates, billable vs. non-billable time, overtime, holiday and other time off. Custom filters allow you to focus on resources by "Skill", "Location", "Department" etc.


  • Drag and drop scheduling means booking changes are quick
  • Powerful reports showing utilisation, billable vs. non-billable projects and leave
  • Leave management system including personal time off, sick leave etc.
  • Calendar integration with Outlook, Google, Apple and many more
  • Custom fields allow you to categorise your resources
  • Filters enable you to focus by custom properties
  • Custom availability and overtime
  • Tentative and repeat bookings for added flexibility
  • Clash management for bookings where there isn't sufficient availability
  • Booking approvals protect your most in-demand people


  • See the big picture—who's free, who's busy and who's off
  • Reports give insight into the health of your business
  • Become more profitable due to increased efficiency
  • Allocate time off in the context of other work
  • Collaborate with the whole team with granular access permissions
  • Make changes quickly with drag and drop bookings
  • See your bookings on the move with mobile friendly schedule
  • Clash management means nobody gets overbooked
  • Boost team morale when everyone knows what they're working on
  • View bookings alongside other events with calendar integrations


£2.50 to £6.65 a user a month

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 13

Service ID

5 5 9 5 0 7 7 9 2 4 3 9 9 6 5


Resource Guru Percy Stilwell
Telephone: +44 203 608 3047

Service scope

Software add-on or extension
Cloud deployment model
Public cloud
Service constraints
System requirements
Computer with a modern browser

User support

Email or online ticketing support
Email or online ticketing
Support response times
Usually within 1 hour between 9am - 5pm on week days.
User can manage status and priority of support tickets
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Yes, at extra cost
Support levels
General email support is available to all customers. Master plan customers can get phone support. Training can be arranged at an extra cost.

Online - 1st hour is free. Subsequent hours - £50 per hour (+ VAT), Half day equivalent - £200 (+ VAT).

On-site - Half day - £600 (+ VAT), Full day - £1,200 (+ VAT) -
the minimum charge for on-site training is half a day
Support available to third parties

Onboarding and offboarding

Getting started
We provide a comprehensive Help Centre at where we will also be adding video tutorials soon.
Demos and online training are also available and onsite training can be provided at extra cost.
We monitor user progress and send automated emails and in-app messages to help onboard them at every step of the way.
Service documentation
Documentation formats
End-of-contract data extraction
Users are able to export their booking data from the reports section of the app.
End-of-contract process
Contracts can be terminated online if the user has the appropriate account permissions. Once the contract is terminated, no further charges apply and there are no additional costs after the contract ends.

Using the service

Web browser interface
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
We don't have native apps yet but the software is usable on mobile devices via a mobile browser. Only some new beta features have been optimised for mobile devices.
Service interface
User support accessibility
None or don’t know
What users can and can't do using the API
Resource Guru has a REST-style API that uses serialised JSON and OAuth 2 authentication. Users can create, read, update and delete most of the data in their accounts if they have the appropriate permissions.

In order to make authorised calls to Resource Guru's API, your application must first obtain an OAuth access token. To register your app go to

Once you have authenticated, you can make changes by interacting with a comprehensive set of endpoints. Please see for details.

There is a rate limit - you can perform up to 33 requests per 10 second period on a registered application. If you exceed this limit, you'll get a 403 Rate Limit Exceeded response for subsequent requests.
API documentation
API documentation formats
API sandbox or test environment
Customisation available
Description of customisation
Resource Guru contains custom fields that allow users to categorise and filter data in customised ways. For example, users can categorise and filter by custom fields like "Skill", "Department", "Location", "Permanent/Freelance" etc.


Independence of resources
We monitor the operating system, database and application through statsd and other services. We have monitors on critical statistics such as memory usage, disk usage, network throughput, application requests per second, database queries per second. Alerts are posted to our team as soon as thresholds are met to ensure we can take appropriate action prior to any impact on our users.


Service usage metrics


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
Other locations
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Users can download .csv files of their booking data from the reports section.
Data export formats
Data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Other
Other protection within supplier network
Firewalled VPC

Availability and resilience

Guaranteed availability
We will provide the Service with reasonable care and skill, and will make reasonable endeavours to ensure the Service is available at all times during normal working hours, except for scheduled maintenance which we will notify on the Website.
Approach to resilience
Resource Guru is primarily hosted on Google Cloud Platform - offering a highly secure, reliable and resilient environment. Systems automatically restart when they fail and automatically scale up when necessary. The Google security model is an end-to-end process, built on over 15 years of experience focused on keeping customers safe on Google applications like Gmail and Google Apps. With Google Cloud Platform our app and data take advantage of the same security model. Our data is backed up onto encrypted, redundant block storage across multiple availability zones in our data centre using a method that allows us to perform a point-in-time recovery to any time of the day. Google Compute Engine has completed ISO 27001, SSAE-16, SOC 1, SOC 2, and SOC 3 certifications, demonstrating their commitment to information security (many Google customers use SOC 1 as an integral part of their Sarbanes-Oxley efforts and other security and compliance initiatives).
Outage reporting
Any outages are reported on Twitter ( and via email if necessary. Our uptime is normally over 99% as you can see here

Identity and authentication

User authentication needed
User authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
Access restrictions in management interfaces and support channels
All management interfaces and support channels are password protected with individual login accounts.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
EY CertifyPoint
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
This certification applies only to our hosting provider, Google Cloud Platform
ISO 28000:2007 certification
CSA STAR certification
CSA STAR accreditation date
CSA STAR certification level
Level 1: CSA STAR Self-Assessment
What the CSA STAR doesn’t cover
This certification applies only to our hosting provider, Google Cloud Platform. Please see
PCI certification
Who accredited the PCI DSS certification
We use Recurly which is PCI-DSS Level 1 compliant
PCI DSS accreditation date
What the PCI DSS doesn’t cover
Please see
Cyber essentials
Cyber essentials plus
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance approach
Both the Joint-CEO and the CTO work closely together to identify and mitigate security risks. Furthermore, all employees are required to agree to our IT and Communications Systems Policy which promotes effective security practices.
Information security policies and processes
All employees are required to agree to our IT and Communications Systems Policy which covers:
- Equipment security and passwords
- Systems and data security
- Security related to communications
- Data protection
- Monitoring
- Social media

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
We operate a system of continuous delivery and deploy code to a staging server that mirrors our production environment. This ensures that, prior to deployment, the application functions as expected through rigorous automated and manual testing. All code is subject to automated security analysis on a frequent basis. Since every change is delivered to our staging environment, we can have confidence that the application can be safely deployed to production. We use Git source control so changes can be quickly and easily rolled back if necessary.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
- We perform regular security scans using an independent, third party vulnerability scanner.
- We use automated code analysis systems to highlight any potential security threats and vulnerabilities.
- Important threats are assigned the highest priority as soon as they are identified and work begins immediately to mitigate.
- Patches are usually deployed within 24 hours depending on the complexity.
- Passwords are stored encrypted - hashed with salt using a strong hashing algorithm.
- Data is backed up frequently, stored securely on Google’s servers and features point-in-time recovery.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Logs are monitored for patterns of usage that would indicate an attempt to gain unauthorised access to an account. Sudden abnormalities in number of unauthorised actions are monitored and raise alerts for our engineering team to respond to. We aim to respond to any compromise within 24 hours.
Incident management type
Supplier-defined controls
Incident management approach
Yes, we do have pre-defined security incident procedures. Users can report incidents via email or phone. We aim to respond to any security incidents within 24 hours. If there is any significant impact on the availability of our service, we will communicate frequently with customers via email and other channels to ensure that they are fully aware of when service will be resumed. We will also ensure that details of the cause of the incident and plans to ensure it doesn't happen again are communicated to the degree that security is not compromised.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks

Social Value

Fighting climate change

Fighting climate change

We are hosted with Google which is carbon neutral,carbon%2Dfree%20and%20sustainable%20systems.
Tackling economic inequality

Tackling economic inequality

We pay people the same amount regardless of where they are in the world, based on income levels anchored to NY, USA
Equal opportunity

Equal opportunity

As an inclusive workplace, everyone’s welcome at Resource Guru. We celebrate diversity. Our colleagues are comfortable being their authentic whole selves. We want Resource Guru to be one of the best places to work.


£2.50 to £6.65 a user a month
Discount for educational organisations
Free trial available
Description of free trial
We have a 30 day free trial with unrestricted functionality
Link to free trial

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.