Shihan SajeedPoompong ChaiwongkhotAnqi HuangHao QinVladimir EgorovAnton KozubovAndrei GaidashVladimir ChistiakovArtur VasilievArtur GleimVadim MakarovHefei National Laboratory for Physical Sciences at the MicroscaleSaint Petersburg National Research University of Information Technologies, Mechanics and Optics University ITMONational University of Defense TechnologyChinese Academy of SciencesUniversity of TorontoUniversity of WaterlooMahidol UniversityQuantum Technology Foundation (Thailand)2022-08-042022-08-042021-12-01Scientific Reports. Vol.11, No.1 (2021)204523222-s2.0-85101992046https://repository.li.mahidol.ac.th/handle/20.500.14594/79262Although quantum communication systems are being deployed on a global scale, their realistic security certification is not yet available. Here we present a security evaluation and improvement protocol for complete quantum communication systems. The protocol subdivides a system by defining seven system implementation sub-layers based on a hierarchical order of information flow; then it categorises the known system implementation imperfections by hardness of protection and practical risk. Next, an initial analysis report lists all potential loopholes in its quantum-optical part. It is followed by interactions with the system manufacturer, testing and patching most loopholes, and re-assessing their status. Our protocol has been applied on multiple commercial quantum key distribution systems to improve their security. A detailed description of our methodology is presented with the example of a subcarrier-wave system. Our protocol is a step towards future security evaluation and security certification standards.Mahidol UniversityMultidisciplinaryArticleSCOPUS10.1038/s41598-021-84139-3