Free Tool · Quantum Security
Cryptographic Asset Prioritisation Matrix
Select the cryptographic asset categories your organisation uses. Answer three questions per asset. Receive a ranked migration sequence with phase timeline and per-asset recommendations.
- Runs entirely in your browser: nothing is stored or transmitted
- Dynamic wizard: one step per selected asset, three questions each
- Scoring: asset lifetime (30%), replacement lead time (35%), data sensitivity (35%)
- Output: ranked priority matrix, phase timeline, and downloadable PDF report
Your answers are used only to determine your outcome. No email address, company name, or IP address is collected as part of this assessment. Any PDF report you download is generated in your browser and is not stored on any server. If you choose to enter your email address in the newsletter form, that information is stored separately and only used to send you the updates you asked for.
What this tool collects
This tool collects your assessment answers and evaluates them against the outcome rules. All of this happens in your browser. Your answers are not sent to a server for processing.
What is not collected
Your IP address is not collected or stored. Your company name is not collected unless you choose to enter it when downloading a PDF report. Your email address is not collected unless you choose to provide it to receive updates.
PDF reports
If you choose to download a PDF report, it is generated entirely within your browser using your answers. The report is not sent to or stored on any server. Once you download it, the data stays with you.
Third parties
Your data is not sold to third parties. Your data is not shared with advertising networks. Your data is not used for any purpose other than those described here.
How this tool works
The Cryptographic Asset Prioritisation Matrix is a prioritisation sequencer. It does not calculate risk or assess compliance. Its output is a ranked migration sequence: given the asset categories you have declared, here is the order in which you should address them, and why.
Step 1 asks which cryptographic asset categories your organisation uses. Each subsequent step covers one selected asset with three questions: how long keys typically remain active, how long replacement would take, and how sensitive the data is. The number of steps scales with your selection.
Each asset receives a weighted priority score: asset lifetime (30%), replacement lead time (35%), data sensitivity (35%). Replacement lead time and data sensitivity receive equal weight because one determines when you must start; the other determines the consequence of delay. Assets are ranked highest-first and grouped into four priority bands. A phase timeline shows the recommended migration sequence across three phases.
The data sensitivity question uses scores 1, 2, 4, and 5. There is no score of 3. The gap is deliberate: the distinction between moderate and high sensitivity is qualitatively significant in the PQC threat context.
Which types of cryptographic assets does your organisation use?
Select every category that applies. You will be asked three quick questions about each one. If you are not sure whether a category applies, include it — you can remove it later.
Nothing is transmitted from your browser.
Need help sequencing your PQC migration programme?
Steven advises boards and security teams on post-quantum cryptography readiness. From initial asset inventory through to migration programme governance.
Contact Steven