# 1009 LTD Governance, LLM Risk and Quantum-Safe Readiness Dataset

Version 1.0.0 · 11 July 2026

## Summary

This deposit-ready dataset combines three linked analytical layers for **1009 LTD**, a simulated 40-person Crypto-Asset Service Provider used as an SME research baseline:

1. a 26-document core and FinTech governance catalogue;
2. an ISO/IEC 27002-aligned LLM control-gap dataset with deployment-archetype scores; and
3. a policy-based post-quantum readiness assessment using the open Quantum-Safe Index (QSI) v1.0.0 methodology.

The dataset supports transparent review of how a general IT governance baseline performs when exposed to LLM-driven organisational change and post-quantum migration requirements.

## Files

| Path | Rows | Description |
|---|---:|---|
| `data/policy_catalog.csv` | 26 | Core and FinTech document catalogue with web and Markdown paths. |
| `data/policy_catalog.json` | 26 | JSON representation of the policy catalogue. |
| `data/llm_gap_controls.csv` | 70 | Control priority, maturity, gap and band data extracted from the interactive GAP console. |
| `data/llm_gap_controls.json` | 70 | JSON representation of the control-level GAP data. |
| `data/llm_gap_archetype_scores.csv` | 284 | One row per nominal-scope control and LLM deployment archetype (71 × 4), with a flag identifying the 70 active priority rows. |
| `data/quantum_safe_assessment.csv` | 6 | QSI dimensions, weights, scores, evidence and gaps. |
| `data/quantum_safe_assessment.json` | 1 assessment | Assessment metadata, overall result and nested dimensions. |
| `data/quantum_safe_findings.csv` | 6 | Prioritised PAREK-aligned remediation findings. |
| `data/quantum_safe_findings.json` | 6 | JSON representation of the findings. |
| `schema/data_dictionary.csv` | 16 | Field definitions and data types. |
| `manifest-sha256.txt` | generated | SHA-256 integrity checks for data and schema files. |
| `metadata.json` | — | Zenodo deposition metadata. |
| `CITATION.cff` | — | Machine-readable citation metadata. |

## Quantum-safe scoring

The reported score follows the QSI formula:

`QSI = 0.20I + 0.20Eₓ + 0.20M + 0.15Aᵍ + 0.15V + 0.10G`

The desk assessment returned **15.75**, reported as **16/100 (EXPOSED)**. The verified-inventory and verified-deployment critical gates are not met. Overall evidence confidence is 0.52 because the supplied corpus contains policies but not operational registers, configurations, test reports, contracts or deployment records.

## Scope and limitations

- The organisation and its policy corpus are simulated.
- The QSI evaluation is a policy-based desk assessment, not a technical audit or certification.
- Absence of evidence was not treated as evidence of implementation.
- No live systems were inspected and no control-owner interviews were performed.
- The LLM GAP data preserve the values encoded in the project’s interactive console, including its original naming and scales. The nominal Organizational + Technological scope contains 71 controls; the active priority instrument contains 70 rows because T34 is retained only in the Step 3 archetype baseline.
- QSI and PAREK methodology references are external; this deposit contains the 1009 LTD assessment outputs, not a copy of the source methodology.

## Reproduction

From the parent website repository, run:

```sh
node zenodo-dataset/scripts/build-dataset.mjs
```

The script extracts the policy catalogue and interactive LLM GAP data, rebuilds the QSI outputs and refreshes the SHA-256 manifest. It uses only Node.js built-in modules.

## Licensing and citation

Dataset contents are released under **CC BY 4.0**. Cite the dataset using `CITATION.cff` or the citation produced by Zenodo after deposit. Methodology sources retain their respective licences and attribution.

## Methodology references

- Quantum-Safe Index v1.0.0: <https://quantum-safe-index.vercel.app/methodology>
- PAREK lifecycle: <https://quantum-safe-index.vercel.app/parek>
- 1009 LTD LLM research framework: `../Framework/index.html` in the source repository
