Sales Tool · Quantum Security
PQC Sales Qualification Engine
Identify the right PQC opportunity, product fit, and commercial path for any prospect in under 3 minutes.
Your answers are used only to calculate your score. No email address, company name, or IP address is collected as part of this assessment. Anonymised scores are pooled with other responses to produce sector-level benchmarks, for example average scores across financial services organisations. Any PDF report you download is generated in your browser and is not stored on any server. You can choose to download the PDF report after the tool is completed. If you choose to enter your email address, that information is stored separately and only used to send you the updates you asked for.
What this tool collects
This tool collects your assessment answers and calculates a score. All of this happens in your browser. Your answers are not sent to a server for processing.
Anonymised benchmarking
The anonymised score from your assessment may be used to build sector-level benchmarks. For example: organisations in the financial services sector score an average of 54. No personal information, company name, or IP address is attached to this data. You cannot be identified from it.
What is not collected
Your IP address is not collected or stored. Your company name is not collected unless you choose to enter it when downloading a PDF report. Your email address is not collected unless you choose to provide it to receive updates.
PDF reports
If you choose to download a PDF report, it is generated entirely within your browser using your answers. The report is not sent to or stored on any server. Once you download it, the data stays with you.
Email addresses
An email address is only stored if you voluntarily opt in to receive notifications or updates. Providing your email address is never required to use this tool or to view your results. Your email address is not shared with third parties or used for advertising.
Third parties
Your data is not sold to third parties. Your data is not shared with advertising networks. Your data is not used for any purpose other than those described here.
How this tool works
This tool takes 12 inputs about a prospect organisation and returns five outputs: an Opportunity Score (0-100), a Risk Profile identifying the dominant PQC problem type, a Best-fit Product recommendation, a Sales Priority Tier, and a Recommended Talk Track.
It is a sales qualification tool, not a technical assessment. It does not tell an organisation how to migrate their cryptography. It tells a salesperson how strong the opportunity is, what the prospect's primary problem type is, and what to say first.
Scoring runs entirely in your browser. No data is submitted to any server. Results appear on this page after step 12.
Tell us about the prospect
These optional fields appear on your results for reference. They are not scored.
Sector determines baseline regulatory exposure and which talk track to use.
No data is submitted to any server. Scoring runs entirely in your browser.
How large is the organisation (number of employees)?
Size is a proxy for migration complexity and commercial potential. Larger organisations have more cryptographic surface area and are the source of the highest-value consulting engagements.
No data is submitted to any server. Scoring runs entirely in your browser.
Does this organisation hold data that needs to stay confidential for 10 years or more?
Examples include patient records, intelligence files, intellectual property, legal documents, financial histories, and personal identity data. This is the most direct indicator of HNDL (Harvest Now, Decrypt Later) exposure — an adversary collecting encrypted traffic today to decrypt once a quantum computer exists.
No data is submitted to any server. Scoring runs entirely in your browser.
Does the organisation run its own certificate authority, code-signing pipeline, or device trust system?
A certificate authority issues digital certificates that prove identity online. Code signing proves that software has not been tampered with. Device trust systems verify that hardware is genuine. Migration timelines for PKI infrastructure are typically 5-7 years due to certificate lifetimes and operational complexity.
No data is submitted to any server. Scoring runs entirely in your browser.
Does the organisation make software products, hardware devices, or embedded systems that use cryptography?
Examples include IoT devices, medical devices, industrial control systems, vehicles, smartphones, routers, security cameras, or any software product that handles encrypted data. Product companies face a compounded migration challenge: they must update cryptography in every product they have shipped, which may have a 10-20 year operational lifetime.
No data is submitted to any server. Scoring runs entirely in your browser.
How heavily regulated is this organisation?
Regulatory pressure is one of the strongest commercial drivers in PQC sales. Heavily regulated sectors face the earliest compliance deadlines under NIST PQC standards, NIS2, and sector-specific mandates. A highly regulated prospect may not need to be convinced that PQC matters — they may already be under audit pressure and need a qualified vendor.
No data is submitted to any server. Scoring runs entirely in your browser.
Does the organisation have significant legacy IT systems (old systems that are difficult to update or replace)?
Legacy systems include mainframes, older operating systems, hardware security modules purchased before 2020, or any system where cryptographic libraries cannot be easily updated. Legacy infrastructure is the single biggest predictor of migration complexity, and high complexity creates high commercial potential for structured migration programmes.
No data is submitted to any server. Scoring runs entirely in your browser.
Does the organisation depend heavily on third-party vendors for its core systems (cloud providers, software vendors, hardware suppliers)?
High vendor dependency means the organisation cannot migrate to quantum-safe cryptography without those vendors making changes first. This changes the migration strategy fundamentally and creates a specific product need: vendor readiness scoring and supplier questionnaire frameworks.
No data is submitted to any server. Scoring runs entirely in your browser.
Does the organisation have a Chief Information Security Officer (CISO) or a dedicated security team?
A CISO signals two things: the organisation takes security seriously enough to invest in it, and there is a named decision-maker who owns this problem. A partial security function often signals a security manager looking to build board credibility — which creates appetite for tools that generate board-ready reports.
No data is submitted to any server. Scoring runs entirely in your browser.
What is driving the current conversation about quantum security?
The conversation driver is the strongest signal of commercial urgency. Compliance and procurement requirements create external deadlines. Board concern and incident response create internal urgency. General awareness is the weakest driver: the prospect knows the problem exists but has no pressure to act now.
No data is submitted to any server. Scoring runs entirely in your browser.
How aware are the organisation's board and senior executives of quantum computing risk?
Executive awareness determines where the sales conversation can go. Without board awareness, a CISO who wants to buy may not be able to get budget approved. "Actively investigating" is often the most commercially productive state: urgency is acknowledged, but no solution has been selected yet.
No data is submitted to any server. Scoring runs entirely in your browser.
Where is the organisation in its quantum security journey?
Maturity level determines which product to recommend first. An organisation with no awareness needs educational tools before anything else. An organisation that has completed a cryptographic inventory is ready for migration prioritisation tools. Maturity also signals how quickly the prospect is likely to convert.
No data is submitted to any server. Scoring runs entirely in your browser.
Your Qualification Results
Ready to progress this opportunity?
Steven works with organisations navigating PQC transition. A 30-minute conversation covers the prospect's specific exposure and what a credible engagement proposal looks like.
About this tool
The PQC Sales Qualification Engine scores a prospect across seven dimensions: Exposure, Data Longevity, Trust and Signing, Regulatory Pressure, Migration Difficulty, Buyer Maturity, and Commercial Readiness. These sub-scores combine into a single Opportunity Score (0-100) and map to a Sales Priority Tier from awareness-only through to strategic transformation lead.
Product recommendations are drawn from the QSECDEF advisory catalogue, arranged across four tiers: Education, Assessment, Prioritisation, and Governance. The tool selects a primary, secondary, and deferred recommendation based on the prospect's dominant problem type and maturity level.
Talk tracks are scripted for the five dominant PQC problem types: Confidentiality and HNDL exposure, PKI and trust chain vulnerability, vendor dependency, regulatory pressure, and migration complexity. Each track includes a recommended opening, what to avoid, and a suggested email subject line.
This tool is designed for salespeople and consultants. It is not a technical assessment tool. For a comprehensive cryptographic inventory and migration roadmap, contact Steven.