Signature · Institutional → Quantum Core Institute

Quantum Readiness Score

A self-assessment against QCI-QS1. Score your organization across the five Q-Risk pillars and get a number a board can act on — held honest by the same ceiling gates a QCI assessor applies, so the score reflects evidence, not optimism.

Standard: QCI-QS1 v2.2 · Q-Risk Score (0–100) · QRAF governance · QASI inventory

Score each pillar on the 0–5 maturity scale

28 / 100

Behind

Plans may exist on paper. Execution is weak or absent.

020406080100

Score-ceiling gates

A low first score is normal. Most organizations that take QCI-QS1 seriously land their baseline in the Behind band. A 28 with a credible plan to reach 55 beats a self-flattering 70 with no evidence behind it.

Validate this with a QCI Assessment →

This is a self-score, not an audited one. Under QCI-QS1, any pillar above Level 1 needs a retrievable evidence artifact — a ticket #, document path, or export. Level 5 requires externally validated evidence; self-attestation doesn't qualify. When in doubt, score down.

BTC Tools · Quantum Core InstituteSelf-assessment against QCI-QS1 v2.2. Not a certified Q-Risk Score.

FAQ

What does it actually mean for an organization to be quantum-ready?

Quantum readiness is not a binary state. It's a maturity continuum across several independent dimensions, and most organizations are at very different stages on each.

The five dimensions the score assesses:

Cryptographic inventory: Do you know which systems, keys, and data stores use cryptography that quantum computers will eventually break (RSA, ECC, Diffie-Hellman)? Most organizations have never done this audit. Without an inventory, migration is impossible.

Algorithm migration: Have you moved or begun moving to NIST post-quantum standards? CRYSTALS-Kyber for key encapsulation, CRYSTALS-Dilithium and FALCON for digital signatures were standardized in 2024. These are the target.

Key management infrastructure: Can your HSMs, PKI, and certificate lifecycle tools handle post-quantum algorithms? Many cannot yet — hardware and software upgrades are required, not just configuration changes.

Supply chain and vendor assessment: Your quantum readiness is bounded by your least-ready critical vendor. If your cloud provider, payment processor, or financial infrastructure runs on classical cryptography with no PQC roadmap, your perimeter exposure remains even if your internal systems are migrated.

Governance and timeline: Does your CISO or CTO have a documented quantum risk policy? Is there a board-level understanding of the timeline and budget implications? Organizations that treat this as purely a technical problem will be caught without budget when hardware migration timelines compress.

Why the score matters now:

NIST finalized PQC standards in 2024. CISA has issued guidance recommending migration roadmaps begin immediately for critical infrastructure. For organizations holding Bitcoin or operating in financial services, quantum readiness is becoming a regulatory and fiduciary question, not just a technical one.

Methodology

Self-assessment across five Q-Risk pillars producing a 0–100 composite, with ceiling gates that cap the score when evidence is absent.

Pillar Weights: w = {Gov 20, Visibility 20, Data 20, Migration 25, 3rd-Party 15}
Per-Pillar Maturity: level_i ∈ [0, 5]
Raw Composite: Score_raw = Σᵢ (level_i ÷ 5) · w_i
Ceiling Gates: QASI < threshold → cap 60; vendors un-attested → cap 70; agility unproven → cap 80
Final Score: Score_final = min(Score_raw, ceiling)
Bands: Exposed 0–19 · Behind 20–39 · Mobilizing 40–59 · Advancing 60–79 · Defensible 80–100

Paper plans without evidence cannot lift the ceiling. Most organizations baseline in Behind — a credible plan to reach Advancing is the realistic first objective.

Get the signal, not the noise

Weekly Bitcoin cycle alerts — MVRV, Pi Cycle, and power-law position in one email.