ASSESSQU

The audit your regulator runs once a year. Built for every working day.

You will not lose your job to a quantum computer. You will lose it to a control regression that nobody noticed until the audit, three quarters too late. AssessQu watches the cryptographic estate every minute and treats silent regression as a P0 incident, not a checkbox.

Per-asset, not per-company. Instrumented, not interviewed. For the CISO computing readiness against DORA, NIST IR 8547 (draft), NIS2, and BSI TR-02102-1.

SIX-STEP CONTINUOUS LOOP

Discover. Score. Recommend. Evidence. Verify. Drift.

Cryptographic posture is a control, not a project. Treat it like uptime. The loop runs without pause, without quarterly engagements, without re-scoping.

01

Discover

Cryptographic estate, every asset you point it at. CycloneDX 1.6 CBOM import and export for the evidence pack.

02

Score

Per-asset X+Y vs Z timing from your own inputs. Transparent additive risk scoring with named factors.

03

Recommend

Migration targets against FIPS 203, 204, and 205. Hybrid notation written classical plus PQC.

04

Evidence

Sealed, time-anchored pack with article-level mapping. Cryptographic posture against DORA, NIST IR 8547 (draft), NIS2, BSI TR-02102-1.

05

Verify

Computed control states with no free pass on an empty denominator, re-verifiable offline.

06

Drift

Scheduled re-scans, off by default. Cryptographic drift handled as an incident.

4
Frameworks computed
DORA, NIST IR 8547 (draft), NIS2, BSI
3
NIST PQC standards
FIPS 203, 204, 205
3
Discovery inputs
live TLS, cert and key files, source
SHA-256
Sealed chain
RFC 3161 time anchor, offline verifier
HARVEST-NOW EXPOSURE TIMING

Per-asset arithmetic, not a maturity score.

Every asset gets an exposure window from your own inputs: how long the data must stay protected, plus how long the swap takes, against the threat horizon you set. The three values are yours, recorded as inputs and never presented as measurements. Key-establishment assets are flagged as harvest-now-decrypt-later exposed, because recorded traffic can be decrypted once a cryptographically relevant quantum computer exists.

Who AssessQu is for

Regulated mid-market enterprises with a CISO who has signing authority for cryptographic infrastructure. Tier-2 banks, insurers, telecoms, critical-infrastructure operators with a 2026 to 2028 compliance horizon. Security budgets that fit a productized engagement rather than a multi-year consulting programme.

DQ
GUIDED NOW ยท HOSTED SAAS IN DEVELOPMENT

Get on the hosted-platform list

Available now as a guided deployment with your team. The fully hosted SaaS follows SOC 2 and ISO 27001 work, in that order. Cryptographic posture grounded in regulator language, not vendor pitch decks.