How the Scorecard Works
Each of the eight disciplines has five criteria. Score each criterion 0‑4:
- 0 = Not in place / we do not do this
- 1 = Partial / inconsistent / ad hoc
- 2 = Implemented but basic / needs improvement
- 3 = Good / consistently applied
- 4 = Excellent / best practice / automated
Sum the five criteria for a discipline score (0‑20). Then sum all eight for a total score (0‑160).
Discipline One: Cybersecurity Architecture (Narrative Focus)
| Criterion | Score (0-4) |
| 1.1 Narrative assets (brand claims, ledgers) are inventoried and classified by sensitivity | |
| 1.2 Access controls exist for who can modify the narrative ledger | |
| 1.3 Integrity checks (e.g., version control, hash validation) are applied to the narrative ledger | |
| 1.4 Third‑party access to narrative assets (agencies, partners) is reviewed quarterly | |
| 1.5 There is a process to revoke narrative access when employees or partners leave |
Discipline One Total (max 20): _____
Discipline Two: Data Architecture (Semantic Focus)
| Criterion | Score (0-4) |
| 2.1 A knowledge graph or entity‑relationship model exists for core brand entities | |
| 2.2 Entity naming is canonical and enforced across owned channels | |
| 2.3 Structured data (schema.org, Open Graph, Twitter Cards) is implemented on key pages | |
| 2.4 There is a process to update the knowledge graph when positioning changes | |
| 2.5 External ontologies (Wikidata, DBpedia, industry taxonomies) are mapped where relevant |
Discipline Two Total (max 20): _____
Discipline Three: Prompt Engineering & AI Literacy
| Criterion | Score (0-4) |
| 3.1 Marketing and content teams have been trained on how LLMs retrieve information | |
| 3.2 At least one person can write effective prompts for retrieval auditing | |
| 3.3 The team understands entity salience and semantic density | |
| 3.4 There is a library of test prompts used for weekly retrieval audits | |
| 3.5 Results from prompt audits are used to improve content and structure |
Discipline Three Total (max 20): _____
Discipline Four: Content Strategy (Machine‑Readable First)
| Criterion | Score (0-4) |
| 4.1 Content is written with entity consistency (canonical names used throughout) | |
| 4.2 Claims are specific and verifiable (Level 2+ on verifiability hierarchy) | |
| 4.3 Each piece of content includes structured metadata (not just keywords) | |
| 4.4 Content is repurposed across platforms without losing semantic integrity | |
| 4.5 There is a quarterly content audit for drift and misalignment |
Discipline Four Total (max 20): _____
Discipline Five: Brand Architecture (Trust‑Based)
| Criterion | Score (0-4) |
| 5.1 Brand positioning is documented and aligned with the narrative ledger | |
| 5.2 Brand guidelines include entity naming rules and claim consistency standards | |
| 5.3 All brand touchpoints (website, social, print, events) are audited for consistency | |
| 5.4 There is a process to update brand guidelines when the narrative evolves | |
| 5.5 Trust density is tracked as a brand health metric |
Discipline Five Total (max 20): _____
Discipline Six: Crisis Management (Narrative Incident Response)
| Criterion | Score (0-4) |
| 6.1 A narrative incident response plan exists (playbooks for drift, hallucination, misalignment) | |
| 6.2 Roles are assigned (incident commander, comms lead, technical lead) | |
| 6.3 Tabletop exercises are run at least quarterly | |
| 6.4 There is a process to submit corrections to LLM providers and platforms | |
| 6.5 Post‑incident reviews are conducted and improvements implemented |
Discipline Six Total (max 20): _____
Discipline Seven: Capital Readiness (Verifiable Trust)
| Criterion | Score (0-4) |
| 7.1 Investor‑facing claims are verified (Level 2 or 3) | |
| 7.2 A due diligence narrative ledger exists for investors | |
| 7.3 Trust density metrics are included in investor updates | |
| 7.4 There is a process to correct investor‑facing hallucinations | |
| 7.5 Reference customers have been trained on consistent narrative |
Discipline Seven Total (max 20): _____
Discipline Eight: Community Building (Human OS)
| Criterion | Score (0-4) |
| 8.1 Employees are trained on narrative consistency and entity naming | |
| 8.2 There is a process for employee social media to align with brand narrative | |
| 8.3 Community managers understand entity extraction and drift | |
| 8.4 Feedback from communities is used to update the narrative ledger | |
| 8.5 Mission alignment is measured and tracked |
Discipline Eight Total (max 20): _____
Interpreting Your Scores
Per discipline:
- 16-20: Excellent. You have competitive advantage here.
- 11-15: Good. Maintain and look for incremental improvements.
- 6-10: Needs work. Prioritize remediation.
- 0-5: Critical vulnerability. Address immediately.
Total score:
- 128-160: Stage Four or Five (Verified / Verified+)
- 96-127: Stage Three (Structured)
- 64-95: Stage Two (Aware)
- 32-63: Stage One (Ad Hoc)
- 0-31: Pre‑Stage One (unaware of narrative security)
Tools to Support the Scorecard (Beyond Spreadsheets)
You can use the scorecard manually in a spreadsheet. But tools help automate some assessments.
For criteria 1.1‑1.5 (cybersecurity):
- Lucidchart or Miro for access mapping
- 1Password or Okta for access review logs
For criteria 2.1‑2.5 (data architecture):
- Neo4j (free tier for small graphs) to visualize your knowledge graph
- Schema App for structured data validation
- Open Graph Debugger (Facebook) and Card Validator (Twitter) for social markup
For criteria 3.1‑3.5 (prompt engineering):
- OpenAI Playground or Claude Console for prompt testing
- PromptHub or Langfuse for prompt library management
For criteria 4.1‑4.5 (content strategy):
- Clearscope or MarketMuse for semantic density analysis (beyond keywords)
- Frase.io for content optimization with entity extraction
For criteria 5.1‑5.5 (brand architecture):
- Brand24 or Mention for cross‑platform consistency monitoring
- Airtable to track brand touchpoint inventory
For criteria 6.1‑6.5 (crisis management):
- Jira or Asana for incident tracking and playbook management
- PagerDuty or Opsgenie for incident alerting (if you automate)
For criteria 7.1‑7.5 (capital readiness):
- DocSend (with tracking) for investor document distribution
- Visible.vc or Carta for investor updates with trust metrics
For criteria 8.1‑8.5 (community building):
- Slack or Discord with bots that flag inconsistent entity usage
- Loom for scalable training on narrative consistency
Running Your Scorecard Session
Who should be in the room:
- CMO or head of marketing
- CISO or security lead (even if fractional)
- Head of data or analytics
- Head of people or culture (for Discipline Eight)
- A facilitator (could be you)
Agenda (2 hours):
- 0:00‑0:15: Explain the scorecard and scoring rules
- 0:15‑1:15: Score each discipline (5‑7 minutes per discipline). Discuss each criterion. Aim for consensus.
- 1:15‑1:30: Calculate totals. Identify top three strengths and bottom three weaknesses.
- 1:30‑1:45: Prioritize. Which low‑scoring disciplines have the highest business impact?
- 1:45‑2:00: Assign owners and next steps for the top three remediation items.
Ground rules:
- No defensiveness. Low scores are not failures. They are opportunities.
- Be specific. “We sometimes do this” is a 1. “We do this consistently every week” is a 4.
- Record the scores. You will run this again in six months.
Case Study: Scorecard‑Driven Improvement
A mid‑size enterprise ran the scorecard and scored:
- Discipline 1 (Cybersecurity): 9 (needs work)
- Discipline 2 (Data): 6 (needs work)
- Discipline 3 (Prompt Engineering): 4 (critical)
- Discipline 4 (Content): 11 (good)
- Discipline 5 (Brand): 12 (good)
- Discipline 6 (Crisis): 3 (critical)
- Discipline 7 (Capital): 8 (needs work)
- Discipline 8 (Community): 10 (needs work)
Total: 63 (Stage One / Ad Hoc)
They prioritized three disciplines for the next quarter:
- Discipline 3 (Prompt Engineering) – because they had no retrieval auditing at all
- Discipline 6 (Crisis) – because they had experienced two narrative incidents with no response plan
- Discipline 2 (Data) – because entity inconsistency was driving poor retrieval
After six months of focused work, they re‑scored:
- Discipline 3: from 4 to 12
- Discipline 6: from 3 to 14
- Discipline 2: from 6 to 13
- Total: from 63 to 102 (Stage Three / Structured)
Business impact: retrieval rates for priority queries doubled. Sales cycles shortened by 25%.
The scorecard gave them a roadmap. Without it, they would have continued guessing.
Your Scorecard This Week
Download the scorecard template (I have a free version on my site). Gather your team. Run the session.
Be honest. The scores will be uncomfortable. That discomfort is the beginning of improvement.
Then pick three low scores. Fix them in the next 90 days. Re‑score.
The scorecard is not a one‑time exercise. It is your narrative security dashboard. Run it quarterly.
What gets measured gets managed. What gets managed improves.
