Executive report template

Structured format for presenting quantum readiness assessment results and recommendations to executive leadership and board members.

executive-report-template.md

QRAMM executive reporting template

Purpose: This template provides a structured format for presenting quantum readiness assessment results and recommendations to executive leadership.

Executive summary

Quantum readiness assessment results

Organization: [Organization Name]

Assessment Date: [Date]

Assessment Scope: [Scope Description]

Overall QRAMM Score: [Score] / 4.0

Key findings

Current Maturity Level:

Basic
Developing
Established
Advanced

Critical Gaps Identified:

  1. [Gap 1]
  2. [Gap 2]
  3. [Gap 3]

Priority Recommendations:

  1. [Recommendation 1]
  2. [Recommendation 2]
  3. [Recommendation 3]

Detailed assessment results

Dimension scores

Dimension Score Maturity Level Priority
Cryptographic Visibility & Inventory (CVI) ___/4.0 _________ _________
Strategic Governance & Risk Management (SGRM) ___/4.0 _________ _________
Data Protection Engineering (DPE) ___/4.0 _________ _________
Implementation & Technical Readiness (ITR) ___/4.0 _________ _________

Business impact & risk assessment

Quantum threat timeline

  • Estimated quantum threat emergence: ___ years
  • Critical data protection timeline: ___ years
  • Risk window: ___ years

Business risks

High Risk Areas:

Customer data protection
Financial transactions
Intellectual property
Regulatory compliance
Competitive advantage
Operational continuity

Resource requirements

Budget summary

Category Year 1 Year 2 Year 3 Total
Personnel $_____ $_____ $_____ $_____
Technology $_____ $_____ $_____ $_____
Training $_____ $_____ $_____ $_____
External Services $_____ $_____ $_____ $_____
TOTAL $_____ $_____ $_____ $_____

Implementation roadmap

Phase 1: foundation (months 1-6)

Objectives: [Objectives]

Key Deliverables:

  • [Deliverable 1]
  • [Deliverable 2]
  • [Deliverable 3]

Phase 2: development (months 7-18)

Objectives: [Objectives]

Phase 3: optimization (months 19+)

Objectives: [Objectives]


Report Prepared By: [Name]

Date: [Date]

Contact: [Contact Info]

Evidence collection template

Systematically collect and document evidence to support assessment responses and demonstrate maturity progression across all QRAMM dimensions.

evidence-collection-template.md

QRAMM evidence collection template

Purpose: This template helps organizations systematically collect and document evidence to support their quantum readiness assessment responses and demonstrate maturity progression.

Organization information

Organization Name: [Name]

Assessment Date: [Date]

Evidence Collected By: [Name]

Review/Approval By: [Name]


Dimension 1: Cryptographic Visibility & Inventory (CVI)

Practice 1.1: cryptographic discovery & inventory management

Evidence Type: Documentation of Cryptographic Assets

Inventory Documentation
  • Location: [Path/System]
  • Description: [Description]
  • Last Updated: [Date]
Scanning Tool Reports
  • Tool Name: [Tool]
  • Scan Date: [Date]
  • Coverage: [% or scope]
Asset Management Records
  • System/Database: [System]
  • Export Date: [Date]
  • Number of Assets: [Count]

Practice 1.2: quantum risk assessment

Evidence Type: Risk Assessment Documentation

Risk Assessment Reports
Vulnerability Analysis

Dimension 2: Strategic Governance & Risk Management (SGRM)

Practice 2.1: leadership & governance

Board/Executive Meeting Minutes
Governance Structure Documentation
Quantum Readiness Roadmap
Budget Allocation Records

Dimension 3: Data Protection Engineering (DPE)

Data Classification Policy
Long-Term Data Inventory
Cryptographic Standards Document
Key Management Procedures

Dimension 4: Implementation & Technical Readiness (ITR)

Technology Evaluation Reports
Architecture Diagrams
Migration Plans
Performance Benchmarks

Evidence quality checklist

For each piece of evidence collected, verify:

Currency: Is the evidence recent and relevant?
Completeness: Does it fully support the assessment response?
Authenticity: Is it from an authoritative source?
Accessibility: Can it be retrieved for audit/review?
Consistency: Does it align with other evidence?

Evidence Collection Completed By: [Name] Date: [Date]

Reviewed By: [Name] Date: [Date]

Cryptographic asset inventory

Structured worksheet for comprehensive cryptographic asset discovery and risk assessment across all system categories.

asset-inventory-template.md

QRAMM cryptographic asset inventory worksheet

Purpose: This worksheet provides a structured template for conducting comprehensive cryptographic asset discovery and risk assessment across your organization.

Asset discovery overview

Organization: [Name]

Assessment Period: [Start] to [End]

Assessment Team: [Team Members]


Asset categories

Category 1: network & communication assets

Asset ID System/Service Protocol Algorithm Key Size Risk Level
NET-001
NET-002
NET-003

Common Protocols: TLS, SSH, VPN, IPSec, HTTPS, FTPS

Category 2: application & database assets

Asset ID Application Encryption Key Management Sensitivity Risk Level
APP-001
APP-002
APP-003

Category 3: PKI & certificate assets

Asset ID Certificate Type Subject/CN Algorithm Key Size Expiration
PKI-001
PKI-002
PKI-003

Risk assessment matrix

Quantum vulnerability scoring

  • Critical (4): RSA-1024, DSA-1024, ECDSA-256, DES/3DES
  • High (3): RSA-2048, DSA-2048, ECDSA-384
  • Medium (2): RSA-3072, ECDSA-521, AES-128
  • Low (1): AES-256, SHA-256, SHA-3

Data sensitivity classification

  • Critical (4): National security, financial transactions, healthcare records
  • High (3): Personal data, business secrets, legal documents
  • Medium (2): Internal communications, operational data
  • Low (1): Public information, marketing materials

Risk Score = (Quantum Vulnerability x Data Sensitivity x Business Impact) / 3


Inventory completeness checklist

All network endpoints scanned
All applications assessed
All databases catalogued
All certificates inventoried
All HSMs/KMS systems documented
All IoT devices identified
All cloud services evaluated

Vendor assessment questionnaire

Comprehensive questionnaire to evaluate vendor quantum readiness capabilities and roadmaps across all QRAMM dimensions.

vendor-questionnaire-template.md

QRAMM vendor assessment questionnaire

Purpose: This comprehensive questionnaire template helps organizations evaluate vendor quantum readiness capabilities and roadmaps across all QRAMM dimensions.

Vendor information

Company Name: [Vendor Name]

Primary Contact: [Contact]

Assessment Date: [Date]

Reviewer: [Your Name]


Section 1: Cryptographic Visibility & Inventory

1.1 Cryptographic asset management

1. Does your organization maintain a comprehensive inventory of all cryptographic implementations?

No formal inventory exists
Basic inventory for critical systems only
Comprehensive inventory with regular updates
Automated inventory with real-time monitoring

2. What cryptographic algorithms are currently used? (Check all that apply)

RSA (key sizes: ____)
ECDSA/ECDH (curves: ____)
AES (key sizes: ____)
SHA family (versions: ____)

3. Do you have a roadmap for transitioning to post-quantum cryptographic (PQC) algorithms?

No roadmap exists
Roadmap in development
Roadmap established with timeline
PQC implementation already in progress

Section 2: Strategic Governance & Risk Management

4. Is quantum security risk formally recognized at the executive level?

Not recognized at executive level
Informal awareness exists
Formal recognition with basic governance
Comprehensive governance with dedicated leadership

5. Do you have dedicated budget allocation for quantum readiness?

No dedicated budget
Ad-hoc funding as needed
Annual budget allocation
Multi-year investment program

Section 3: Data Protection Engineering

6. Have you implemented quantum-resistant protection for sensitive data?

No quantum-resistant protections
Limited implementation for critical data
Systematic implementation across sensitive data
Comprehensive quantum-resistant protection

7. Can your systems support hybrid cryptographic approaches?

No hybrid support
Limited hybrid capability
Comprehensive hybrid support in development
Full hybrid support implemented

Section 4: Implementation & Technical Readiness

8. Can your systems be updated to support new algorithms without breaking changes?

Requires significant breaking changes
Some breaking changes required
Minimal breaking changes
Seamless algorithm updates supported

9. What is your estimated timeline for completing quantum-safe migration?

No timeline established
5+ years
3-5 years
1-3 years

Scoring

Rate each answer from 1-4 points based on maturity level:

  • Option 1: 1 point (Basic)
  • Option 2: 2 points (Developing)
  • Option 3: 3 points (Established)
  • Option 4: 4 points (Advanced)

Score Interpretation:

  • 72-96 points: Advanced quantum readiness
  • 48-71 points: Established quantum readiness
  • 24-47 points: Developing quantum readiness
  • Below 24 points: Basic quantum readiness

Assessment Completed By: [Name]

Date: [Date]

Total Score: [Score] / 96