Executive leaders are encouraged to direct their organizations to start work now: ^[https://circle.cloudsecurityalliance.org/HigherLogic/System/DownloadDocumentFile.ashx?DocumentFileKey=94140d72-69f4-46bc-be58-e313a7fe7742&forceDialog=0] - to understand the risks that quantum computing advancements will pose to their IM, IT and OT systems and data; and - to plan how to manage the risks to their quantum-vulnerable systems by transitioning those systems and important data assets to introduce support for standardized quantum-resistant cryptography as early as 2025-2026. Recommended actions that can be started now include the following steps: ^[https://www.cyber.gc.ca/en/guidance/preparing-your-organization-quantum-threat-cryptography-itsap00017] 1. Educating your peers and your teams on the emerging quantum threat and the new technologies for quantum-safety including [[hybrid cryptography]] and cryptographic agility. ^[https://www.cyber.gc.ca/en/guidance/guidance-becoming-cryptographically-agile-itsap40018] 2. Evaluating the sensitivity of your organization’s information assets and determining their lifespans to identify information that may be at risk (e.g., as part of ongoing risk assessment processes). 3. Inventorying the IM, IT and OT systems in your organization that use cryptography, and then implementing new policies and procedures in your change management activities to maintain this inventory on an on-going basis. 4. Asking the vendors of your cryptographic products if they support cryptographic agility, as well as when and how they will implement standardized and validated quantum-safe cryptography. [[PQC Roadmap Questions to ask Vendors]] 5. Talking to your business partners and other third party suppliers about their current PQC posture and timelines for quantum-safety. [[Questions to assess the PQC posture of a 3rd party]] 6. Budgeting for potentially significant software and hardware updates, as the timeframe for necessary replacement approaches. 7. Updating your IM, IT, and OT life-cycle management plans to explicitly describe how and when your organisation will implement post-quantum cryptographic algorithms to protect your most important data and systems starting 2025 - 2026, or when validated cryptographic modules become available (e.g. one or two years later). [[Quantum Readiness Program]]