What your score means
Four tiers of post-quantum readiness
Wherever you land, the path forward is the same shape: see your cryptography, give the work an owner, then plan and sequence the migration. The tiers describe how far along that path your programme is today.
0 - 25 · Starting
Starting
Quantum risk is largely a blind spot. The first move is visibility - building an inventory of the cryptography you run so you can see where quantum-vulnerable algorithms sit.
26 - 50 · Progressing
Progressing
Awareness is there and some discovery has begun. The gap is usually ownership and governance - a named owner and a mapping to a framework that turns awareness into accountable work.
51 - 75 · Advancing
Advancing
Discovery and governance are in motion. The focus shifts to migration planning and crypto-agility - a prioritised roadmap and systems that can swap algorithms without re-engineering.
76 - 100 · Leading
Leading
A coordinated programme spans discovery, governance and migration. The work now is to sustain it - re-checking for crypto drift on a schedule and tracking progress against your framework of record.
Where EQCore fits
EQCore is built around this path. CipherScout™ discovers your cryptography into a Cryptographic Bill of Materials (CBOM), CipherForge™ (early access) turns findings into a prioritised, NIST-aligned remediation plan as a starting point for scoping migration, not a finished migration and CipherWatch™ surfaces crypto drift on every scan. Post-quantum algorithm operations run through our own PQC service.