Executive report template
Structured format for presenting quantum readiness assessment results and recommendations to executive leadership and board members.
QRAMM executive reporting template
Executive summary
Quantum readiness assessment results
Organization: [Organization Name]
Assessment Date: [Date]
Assessment Scope: [Scope Description]
Overall QRAMM Score: [Score] / 4.0
Key findings
Current Maturity Level:
Critical Gaps Identified:
- [Gap 1]
- [Gap 2]
- [Gap 3]
Priority Recommendations:
- [Recommendation 1]
- [Recommendation 2]
- [Recommendation 3]
Detailed assessment results
Dimension scores
| Dimension | Score | Maturity Level | Priority |
|---|---|---|---|
| Cryptographic Visibility & Inventory (CVI) | ___/4.0 | _________ | _________ |
| Strategic Governance & Risk Management (SGRM) | ___/4.0 | _________ | _________ |
| Data Protection Engineering (DPE) | ___/4.0 | _________ | _________ |
| Implementation & Technical Readiness (ITR) | ___/4.0 | _________ | _________ |
Business impact & risk assessment
Quantum threat timeline
- Estimated quantum threat emergence: ___ years
- Critical data protection timeline: ___ years
- Risk window: ___ years
Business risks
High Risk Areas:
Resource requirements
Budget summary
| Category | Year 1 | Year 2 | Year 3 | Total |
|---|---|---|---|---|
| Personnel | $_____ | $_____ | $_____ | $_____ |
| Technology | $_____ | $_____ | $_____ | $_____ |
| Training | $_____ | $_____ | $_____ | $_____ |
| External Services | $_____ | $_____ | $_____ | $_____ |
| TOTAL | $_____ | $_____ | $_____ | $_____ |
Implementation roadmap
Phase 1: foundation (months 1-6)
Objectives: [Objectives]
Key Deliverables:
- [Deliverable 1]
- [Deliverable 2]
- [Deliverable 3]
Phase 2: development (months 7-18)
Objectives: [Objectives]
Phase 3: optimization (months 19+)
Objectives: [Objectives]
Report Prepared By: [Name]
Date: [Date]
Contact: [Contact Info]
Evidence collection template
Systematically collect and document evidence to support assessment responses and demonstrate maturity progression across all QRAMM dimensions.
QRAMM evidence collection template
Organization information
Organization Name: [Name]
Assessment Date: [Date]
Evidence Collected By: [Name]
Review/Approval By: [Name]
Dimension 1: Cryptographic Visibility & Inventory (CVI)
Practice 1.1: cryptographic discovery & inventory management
Evidence Type: Documentation of Cryptographic Assets
- Location: [Path/System]
- Description: [Description]
- Last Updated: [Date]
- Tool Name: [Tool]
- Scan Date: [Date]
- Coverage: [% or scope]
- System/Database: [System]
- Export Date: [Date]
- Number of Assets: [Count]
Practice 1.2: quantum risk assessment
Evidence Type: Risk Assessment Documentation
Dimension 2: Strategic Governance & Risk Management (SGRM)
Practice 2.1: leadership & governance
Dimension 3: Data Protection Engineering (DPE)
Dimension 4: Implementation & Technical Readiness (ITR)
Evidence quality checklist
For each piece of evidence collected, verify:
Evidence Collection Completed By: [Name] Date: [Date]
Reviewed By: [Name] Date: [Date]
Cryptographic asset inventory
Structured worksheet for comprehensive cryptographic asset discovery and risk assessment across all system categories.
QRAMM cryptographic asset inventory worksheet
Asset discovery overview
Organization: [Name]
Assessment Period: [Start] to [End]
Assessment Team: [Team Members]
Asset categories
Category 1: network & communication assets
| Asset ID | System/Service | Protocol | Algorithm | Key Size | Risk Level |
|---|---|---|---|---|---|
| NET-001 | |||||
| NET-002 | |||||
| NET-003 |
Common Protocols: TLS, SSH, VPN, IPSec, HTTPS, FTPS
Category 2: application & database assets
| Asset ID | Application | Encryption | Key Management | Sensitivity | Risk Level |
|---|---|---|---|---|---|
| APP-001 | |||||
| APP-002 | |||||
| APP-003 |
Category 3: PKI & certificate assets
| Asset ID | Certificate Type | Subject/CN | Algorithm | Key Size | Expiration |
|---|---|---|---|---|---|
| PKI-001 | |||||
| PKI-002 | |||||
| PKI-003 |
Risk assessment matrix
Quantum vulnerability scoring
- Critical (4): RSA-1024, DSA-1024, ECDSA-256, DES/3DES
- High (3): RSA-2048, DSA-2048, ECDSA-384
- Medium (2): RSA-3072, ECDSA-521, AES-128
- Low (1): AES-256, SHA-256, SHA-3
Data sensitivity classification
- Critical (4): National security, financial transactions, healthcare records
- High (3): Personal data, business secrets, legal documents
- Medium (2): Internal communications, operational data
- Low (1): Public information, marketing materials
Risk Score = (Quantum Vulnerability x Data Sensitivity x Business Impact) / 3
Inventory completeness checklist
Vendor assessment questionnaire
Comprehensive questionnaire to evaluate vendor quantum readiness capabilities and roadmaps across all QRAMM dimensions.
QRAMM vendor assessment questionnaire
Vendor information
Company Name: [Vendor Name]
Primary Contact: [Contact]
Assessment Date: [Date]
Reviewer: [Your Name]
Section 1: Cryptographic Visibility & Inventory
1.1 Cryptographic asset management
1. Does your organization maintain a comprehensive inventory of all cryptographic implementations?
2. What cryptographic algorithms are currently used? (Check all that apply)
3. Do you have a roadmap for transitioning to post-quantum cryptographic (PQC) algorithms?
Section 2: Strategic Governance & Risk Management
4. Is quantum security risk formally recognized at the executive level?
5. Do you have dedicated budget allocation for quantum readiness?
Section 3: Data Protection Engineering
6. Have you implemented quantum-resistant protection for sensitive data?
7. Can your systems support hybrid cryptographic approaches?
Section 4: Implementation & Technical Readiness
8. Can your systems be updated to support new algorithms without breaking changes?
9. What is your estimated timeline for completing quantum-safe migration?
Scoring
Rate each answer from 1-4 points based on maturity level:
- Option 1: 1 point (Basic)
- Option 2: 2 points (Developing)
- Option 3: 3 points (Established)
- Option 4: 4 points (Advanced)
Score Interpretation:
- 72-96 points: Advanced quantum readiness
- 48-71 points: Established quantum readiness
- 24-47 points: Developing quantum readiness
- Below 24 points: Basic quantum readiness
Assessment Completed By: [Name]
Date: [Date]
Total Score: [Score] / 96