[PRINCIPAL / TRAVELLER - TRIP TITLE] - Collection Map
OSINT-042 Pre-Travel Threat Assessment - collection workspace. Central topic = the named traveller (or party) and the defined trip itinerary. Branches = threat categories, itinerary legs, and profile/environment data points. Drop each collected value as a child node; expand it with where it was found and which leg it bites on. Paste raw tool output into the node’s Notes. → feeds deliverable OSINT-042.
00 · Collection Plan - PIRs & EEIs
The questions this collection must answer + essential elements of information (EEI) for each. Tick as satisfied. → drives §3 Key Judgments, §4 PIRs, §16 Consolidated Threat Register, §17 Overall Trip Rating, §23 Collection Gaps.
PIR-1 - Target profile & directed threat
Does the traveller’s identity, role, public profile, affiliations, or trip visibility attract directed threat? → §6 Traveller / Principal Profile & Target Profile
- EEI: full name, role, employer/org, sector
- EEI: public visibility level and recognisability at each destination
- EEI: nationality and how it is perceived at each destination
- EEI: wealth / status signalling observable from open sources
- EEI: prior threats, incidents, or hostile attention against this principal or their family
- EEI: discoverable digital footprint (home, family, schedule, patterns)
- EEI: accompanying party composition (staff, family, dependants, minors)
- EEI: grievance actors linked to employer / sector / affiliations
PIR-2 - Destination threat environment
What is the current threat level at each destination and trajectory across the window? → §8 Destination Threat Environment
- EEI: current government travel advisory level for each destination (FCO, DFAT, US State, etc.)
- EEI: FCDO/State Dept advisory text - specific warnings applicable to this traveller profile
- EEI: live local dynamics during the travel window (elections, events, protests, conflict activity)
- EEI: threat trajectory (improving / stable / deteriorating / volatile)
- EEI: consumed Country Risk Assessment (OSINT-031) rating for each destination
PIR-3 - Crime & opportunistic threat
What is the risk from violent/acquisitive crime and targeting of visible/foreign travellers by location? → §9 Crime & Targeted-Threat Risk
- EEI: violent crime rate and typology at each destination/leg
- EEI: express kidnap / short-term abduction-for-robbery pattern
- EEI: targeting of foreigners, tourists, wealthy-profile individuals
- EEI: time-of-day and location patterns for crime incidents
- EEI: scam / fraud / shakedown / corruption exposure for this traveller profile
PIR-4 - Terrorism, conflict & civil-disorder risk
What is the mass-casualty, conflict, and civil-disorder risk at destinations and venues? → §10 Terrorism, Conflict & Civil-Disorder Risk
- EEI: active or recently elevated terrorism threat at each destination
- EEI: conflict / insurgency / spillover affecting movement or egress
- EEI: upcoming or ongoing civil unrest / protests that could block movement
- EEI: whether any planned venue or event type is itself an attractive target
PIR-5 - Kidnap, hostage & unlawful-detention risk
What is the kidnap/hostage/wrongful-detention/arbitrary-arrest risk for this profile at these destinations? → §11 Kidnap, Hostage & Unlawful-Detention Risk
- EEI: active kidnap-for-ransom operations at each destination
- EEI: state-actor risk - wrongful detention, hostage diplomacy, exit-ban precedents
- EEI: politically/ideologically motivated abduction threat linked to traveller profile
- EEI: border-control detention or arrest-on-pretextual-charges risk
PIR-6 - Transport, movement & route risk
What is the risk on each transport mode and route segment? → §12 Transport, Movement & Route Risk
- EEI: aviation / airline / airport safety record and landside security for each carrier/airport
- EEI: ground transport and road-safety conditions at each destination
- EEI: arrival / border / transfer exposure and seams between protective coverage
- EEI: OCOKA-relevant route factors on planned movement legs (chokepoints, ambush terrain, alternates)
- EEI: maritime / rail / other-mode risk where itinerary includes non-road/air segments
PIR-7 - Health, medical & environmental risk
What are the health, medical-system-adequacy, disease, and natural-hazard exposures? → §13 Health, Medical & Environmental Risk
- EEI: medical-system adequacy and reachability of evacuation-grade care at each destination
- EEI: endemic and outbreak disease; immunisation and prophylaxis requirements
- EEI: food/water safety at planned venues and accommodation
- EEI: natural-hazard / seasonal exposure during the travel window (storm, seismic, heat, flood)
- EEI: traveller pre-existing conditions vs. available in-country care
- EEI: air quality / altitude / industrial-CBRN relevance
PIR-8 - Surveillance, digital & information-environment threat
What is the risk of hostile surveillance, device compromise, and itinerary leakage? → §14 Surveillance, Digital & Information-Environment Threat
- EEI: hostile physical / technical surveillance risk at each destination (profile-driven)
- EEI: state monitoring / lawful-intercept / border device-search risk by destination
- EEI: traveller’s discoverable digital footprint and itinerary leakage exposure
- EEI: information-environment risk (hostile media, doxxing, narrative targeting)
- EEI: OPSEC of the trip itself - booking chains, social media, vendor exposure
PIR-9 - Trajectory & early-warning indicators
Where is threat heading across the window, and what would change a leg rating or recommendation? → §19 Threat-Escalation & Early-Warning Indicators, §17 Overall Trip Rating
- EEI: pre-departure tripwires that would change the go/no-go
- EEI: in-trip indicators that would trigger posture change, leg cancellation, or evacuation
- EEI: scheduled or anticipated events at destinations during the window that could escalate any category
- EEI: current status of each top watch indicator
Collection gaps / RFIs (running)
- [destination lacking a current OSINT-031 Country Risk Assessment] → commission OSINT-031
- [venue or route needing advance reconnaissance] → route to Executive Trip Security Package / OSINT-049
- [specific directed-threat question against the principal] → route to OSINT-034 K&R Risk Assessment
- [late itinerary change received after baseline] → re-verify affected legs
- :
01 · Principal / Protectee & Trip Detail
Who is travelling, why, the client’s duty-of-care basis, and the headline trip parameters. → feeds §2 Executive Summary & Scope, §5 Threat Framing, §6 Traveller / Principal Profile.
Principal / traveller identity
- Full name / role:
- Employer / organisation:
- Sector / industry:
- Nationality / passport(s):
- Party size and composition:
- Accompanying staff / security personnel:
- Family / dependants / minors:
- Other party members:
Purpose and visibility of travel
- Purpose of trip:
- Public profile of the trip (announced / unpublicised / confidential):
- Client / requesting party:
- Duty-of-care basis (employer / protectee / family principal / host):
- Engagement purpose (go-no-go / protective posture / package scoping):
Trip parameters
- Travel window (first departure → final return):
- Destinations / legs summary:
- Trip reference / engagement ref:
- Baseline / as-of date:
02 · Venue & Geography - Destinations, Sites & Accommodation
Physical environment at each destination: country/city, specific venues, accommodation, airports, and transfer points. → feeds §8 Destination Threat Environment, §12 Transport, Movement & Route Risk, §15 Per-Leg Threat Profile.
Destination - [country / city - clone per destination]
→ §8 Destination Threat Environment. Clone this block per destination.
- [Destination name - e.g. Nairobi, Kenya]
- Country threat level (current):
- Official advisory issuer + level:
- Live local dynamics during window:
- Trajectory (improving / stable / deteriorating / volatile):
- OSINT-031 Country Risk Assessment consumed: [Y/N - ref]
- OSINT-026 Country / Regional Study consumed: [Y/N - ref]
- Notes / tool output: ← FCO/DFAT/State advisory, ACLED, GDelt, OSAC, local media
Accommodation - [property name - clone per property]
→ §15 Per-Leg Threat Profile (accommodation leg). Clone per property.
- [Property name / type]
- Address / location:
- Room security / floor considerations:
- Proximity to protest / target sites:
- Advance check completed: [Y/N]
- Notes / tool output:
Airports & transit hubs
- [Airport code - e.g. JKIA/NBO]
- Landside security rating:
- Terminal / gate arrangement:
- Transfer seam risk:
- Notes:
Planned venues & event sites - [venue name - clone per venue]
Is this venue itself an attractive target? → §10 Terrorism, Conflict & Civil-Disorder Risk.
- [Venue name]
- Address / area:
- Event / meeting type:
- Public / announced profile:
- Ingress / egress options:
- Proximity to high-risk areas:
- Notes:
03 · Routes & Movement
Leg-by-leg movement profile; the spine against which threat is located. → feeds §7 Itinerary & Movement Profile, §12 Transport, Movement & Route Risk, §15 Per-Leg Threat Profile.
Itinerary leg - [L# - clone per leg]
Clone this block per itinerary leg. → §7 Itinerary & Movement Profile, §15 Per-Leg Segment Threat Profile.
- [Leg identifier - e.g. L1 Origin Departure]
- Date / time (local):
- Segment type: [Departure / Flight / Arrival-Border / Ground-transfer / Accommodation / Movement-Venue / Departure / Return]
- From → To:
- Mode / carrier / flight number:
- Duration / distance:
- Predictability (fixed schedule / repeated / published):
- Protective coverage on this leg:
- Seam / gap in coverage:
- Notes / tool output: ← Google Maps/OSM routing, aviation safety dbs (ASN, JACDEC), road-safety data
Aviation segments
- Carrier:
- IATA safety rating / ICAO audit status:
- Incident / accident history:
- Airport landside threat:
- Notes / tool output: ← ASN, JACDEC, IATA, ICAO audit reports
Ground transport
- Route [description]
- Road conditions / quality:
- Chokepoints / ambush-favourable terrain (OCOKA):
- Alternate routes:
- Vehicle standard / driver vetting status:
- Notes / tool output: ← OSM, satellite imagery, road-safety datasets, advance recon (OSINT-049)
Maritime / rail (where applicable)
- Segment:
- Mode / operator:
- Risk factors:
- Notes:
04 · Threat Actors & Persons of Interest
Directed (non-ambient) threat against this traveller - named or described actors, grievance groups, state actors, prior incidents. → feeds §6 Traveller / Principal Profile & Target Profile, §11 Kidnap Hostage & Unlawful-Detention Risk, §10 Terrorism Conflict & Civil-Disorder Risk.
Threat actor - [actor name / group - clone per actor]
→ §6 Target Profile, §11 Kidnap/Detention. Clone per identified actor. Deep viability analysis → OSINT-034.
- [Actor name / group - e.g. Grievance actor / criminal network / state actor]
- Type: [State / Non-state criminal / Non-state ideological / Hacktivist / Unknown]
- Threat category: [Directed crime / Kidnap / Political violence / State detention / Surveillance]
- Nexus to traveller (why this actor / this traveller):
- Capability (H/M/L):
- Intent (H/M/L):
- Prior incidents involving this actor or similar profile:
- Active / dormant / assessed:
- Attribution confidence: [Confirmed / Probable / Possible]
- Notes / tool output: ← ACLED, GDELT, OSAC, sanctions / proscribed-entity lists, adverse media
Prior threats / incidents against the principal
- [Incident - date, type, location]
- Basis / source:
- Verified / alleged:
- Significance to current trip:
Persons of interest (surveillance / counter-surveillance flag)
- [Name / description]
- Basis for flagging:
- Legs affected:
05 · Threat Landscape - Destination Incident History & Online Chatter
Environmental threat backdrop and signal collection feeding §9–§14 category scores. → feeds §9 Crime & Targeted-Threat Risk, §10 Terrorism Conflict & Civil-Disorder Risk.
Crime incident data - [destination]
→ §9 Crime & Targeted-Threat Risk.
- [Incident type / source - e.g. armed robbery at hotels, express kidnap on airport road]
- Date / location:
- Victim profile:
- Trend (increasing / stable / decreasing):
- Source grade (A–F / 1–6):
- Notes / tool output: ← OSAC, Numbeo, local police reports, embassy advisories, news
Terrorism / civil-disorder incident data - [destination]
→ §10 Terrorism, Conflict & Civil-Disorder Risk.
- [Incident / event - e.g. IED, mass protest, armed attack]
- Date / location:
- Group attributed / suspected:
- Target type:
- Trend:
- Notes / tool output: ← ACLED, GTD, GDELT, Jane’s, Janes/SITE, local reporting
Kidnap / detention incident data - [destination]
→ §11 Kidnap, Hostage & Unlawful-Detention Risk. Deep threat-actor analysis → OSINT-034.
- [Incident / pattern]
- Victim profile targeted:
- Location / route:
- Modus operandi:
- Notes / tool output: ← OSAC, Control Risks, ACLED, US State Dept K&R advisories
Online chatter / social-media signals
→ §14 Surveillance, Digital & Information-Environment Threat, §19 Early-Warning Indicators.
- [Signal / post / thread]
- Platform / source:
- Content summary:
- Reliability (A–F):
- Dated / located:
- Notes: ← Twitter/X search, Telegram monitoring, Reddit, local forums, Bellingcat, open OSINT
Official advisories register
- [Advisory - issuer + level + date]
- Destination(s) covered:
- Specific warnings relevant to this traveller:
- Notes / self-interest caveat: ← FCO, DFAT, US State, UN DSS, ICPO
06 · Vulnerabilities & Attack Surface - Profile, Footprint & OPSEC
The profile-driven and digital attack surface that distinguishes this traveller from the ambient threat picture. → feeds §6 Traveller / Principal Profile & Target Profile, §14 Surveillance Digital & Information-Environment Threat.
Public profile & discoverable footprint
- Discoverable home address / family information:
- Published or discoverable schedule / travel patterns:
- Social media accounts showing travel / location intent:
- Platform / URL:
- Content disclosing trip or location:
- Notes / tool output: ← manual search, Maltego, social-media monitoring
- Employer / org website disclosure of role:
- Media profile / past interviews / public announcements:
Digital device & communications exposure
- Device posture (personal / travel device / clean device):
- Communications apps used:
- Border crossing device-search risk: [Y/N - destination]
- State lawful-intercept / pervasive monitoring risk at destination:
- Notes / tool output: ← destination-specific digital-rights reports (Freedom House, EFF, Citizen Lab)
Itinerary OPSEC
- Itinerary disclosed via: [booking system / social media / employer website / vendor chain / other]
- Vendor / booking-chain exposure risk:
- Insider-leakage risk (staff / venue / counterpart):
- OPSEC classification of itinerary: [Most sensitive element - see Handling Caveat §2]
Wealth / status signalling
- Observable signals (clothing, vehicles, accommodation type, retinue):
- Social media wealth indicators:
- Prior targeting on this basis:
07 · Local Environment - Security, Medical, LE & Infrastructure
In-country support, services, and infrastructure bearing on the traveller’s safety and evacuation options. → feeds §13 Health Medical & Environmental Risk, §20 Protective Posture & Mitigation Options.
Medical facilities - [destination - clone per destination]
- [Hospital / clinic name]
- Type / standard: [International / Local / Trauma-capable]
- Address / distance from accommodation:
- Evacuation-grade care available: [Y/N]
- Medical-evacuation provider / reachability:
- Notes: ← WHO, ISOS, OSAC, embassy health advisories
Disease / health environment
- [Destination]
- Endemic diseases / current outbreaks:
- Immunisation requirements / recommendations:
- Food / water safety rating:
- Prophylaxis requirements:
- Notes: ← CDC, WHO, NATHNAC, ISOS
Natural-hazard / environmental exposure
- [Hazard type - e.g. seasonal storm, seismic zone, extreme heat]
- Destination affected:
- Window overlap:
- Severity / likelihood:
- Notes: ← GDACS, EM-DAT, national met services
Law enforcement & security services - [destination]
- Response capacity / reliability: [H/M/L]
- Response time (urban / suburban / rural):
- Corruption / alignment risk:
- Embassy / consular presence and 24hr contact:
- Notes:
Infrastructure (power / comms / transport networks)
- Power reliability:
- Comms reliability / network coverage:
- Known infrastructure vulnerabilities (bridges, border crossings, fuel):
08 · Digital & Social Signals - Open-Source Monitoring
Real-time and near-real-time open-source monitoring of conditions across the travel window. → feeds §14 Surveillance Digital & Information-Environment Threat, §19 Threat-Escalation & Early-Warning Indicators.
Social-media monitoring - [destination keyword / account]
Clone per monitoring target.
- [Search term / account / hashtag]
- Platform:
- Cadence checked:
- Last checked (date):
- Relevant findings:
- Notes / tool output: ← TweetDeck/X, Telegram, local-language sources, Mention.com
News & open-source feeds - [destination]
- [Feed / outlet]
- Coverage area:
- Reliability grade (A–F):
- Relevant findings:
- Notes:
Dark-web / closed-forum monitoring (if warranted by profile)
- [Forum / platform / market]
- Monitoring rationale:
- Relevant findings:
- Notes:
Named-person / entity monitoring
- [Principal name / org name]
- Search conducted (platform / tool):
- Findings:
- Notes / tool output: ← Google Alerts, Mention, social search, adverse-media databases
09 · Indicators & Warnings
Observable tripwires mapped to legs and threat categories; split pre-departure vs. in-trip. → feeds §19 Threat-Escalation & Early-Warning Indicators, §17 Overall Trip Rating & Recommendation.
Pre-departure tripwire - [indicator - clone per indicator]
A pre-departure indicator whose activation would change the go/no-go. → §19 Threat-Escalation & Early-Warning Indicators.
- [Indicator - e.g. advisory uplift at destination, attack at planned venue type, direct threat received]
- Threat / leg it bears on (§):
- Change signalled (e.g. leg residual 9→16):
- Severity: [Critical / High / Medium / Low]
- Current status: [Not present / Emerging / Present]
- Disposition: [Watch / Notify client / Re-rate / Defer leg / Cancel trip]
- Notes:
In-trip tripwire - [indicator - clone per indicator]
An in-trip indicator that would trigger a posture change, leg cancellation, or activation of the Emergency & Evacuation Plan.
- [Indicator - e.g. attack near accommodation, unplanned protest blocking route, threat communicated in-country]
- Threat / leg (§):
- Change signalled:
- Severity: [Critical / High / Medium / Low]
- Current status:
- Disposition: [Watch / Notify client / Alter leg / Curtail trip / Activate evac plan / Route to Real-Time Travel Monitoring]
- Notes:
Key Assumptions (to check against KAC §22)
- Itinerary as provided is complete, current, and will hold
- Protective measures credited in residual scores will be in place for the trip
- Traveller will comply with agreed posture and not freelance high-risk movements
- No major exogenous shock (attack, coup, disaster, border closure) intervenes at a destination
99 · Collection Admin
Working register - not a deliverable section, but the audit trail behind it. Feeds §25 Annex A Sources & Methodology, §26 Annex B Appendices.
Source register
Every material datum traceable to a graded source. Admiralty two-axis: Reliability A–F + Credibility 1–6.
- [S-1 - source name / title]
- Type: [Official advisory / Open-source dataset / Media / Academic / HUMINT / Commercial intelligence / Vendor]
- Reliability (A–F):
- Credibility (1–6):
- Date accessed:
- Coverage scope:
- Self-interest / reliability caveat:
- URL / reference:
- [S-2 - source]
- Type:
- Reliability (A–F):
- Credibility (1–6):
- Date accessed:
Evidence archive
- [screenshot / capture ref + hash + URL + timestamp]:
Open gaps / verification pending
- [item submitted, not yet returned - leg / PIR / category]
- [advisory not current - destination - check date needed]
- [advance reconnaissance not yet completed - venue / route]
Quality & analytic standards check
- Likelihood and analytic confidence kept separate throughout (ICD 203 - never combined in one sentence)
- All scored threats carry inherent score, mitigation credited, and residual score
- Reporting distinguished from analytic judgment in §§ 1–20
- Uncertainty drivers named; alternatives tested (ACH §21 complete)
- Scores not adjusted to clear or defer the trip for reasons other than the assessed threat
- All collection open-source and lawful - no surveillance, tracking, or interception of the principal
- Official advisories and state-controlled sources treated as potentially self-interested and corroborated
- Itinerary handled as the most sensitive element (Handling Caveat §2 applied)