[PRINCIPAL / TRAVELLER - TRIP TITLE] - Collection Map

OSINT-042 Pre-Travel Threat Assessment - collection workspace. Central topic = the named traveller (or party) and the defined trip itinerary. Branches = threat categories, itinerary legs, and profile/environment data points. Drop each collected value as a child node; expand it with where it was found and which leg it bites on. Paste raw tool output into the node’s Notes. → feeds deliverable OSINT-042.

00 · Collection Plan - PIRs & EEIs

The questions this collection must answer + essential elements of information (EEI) for each. Tick as satisfied. → drives §3 Key Judgments, §4 PIRs, §16 Consolidated Threat Register, §17 Overall Trip Rating, §23 Collection Gaps.

PIR-1 - Target profile & directed threat

Does the traveller’s identity, role, public profile, affiliations, or trip visibility attract directed threat? → §6 Traveller / Principal Profile & Target Profile

  • EEI: full name, role, employer/org, sector
  • EEI: public visibility level and recognisability at each destination
  • EEI: nationality and how it is perceived at each destination
  • EEI: wealth / status signalling observable from open sources
  • EEI: prior threats, incidents, or hostile attention against this principal or their family
  • EEI: discoverable digital footprint (home, family, schedule, patterns)
  • EEI: accompanying party composition (staff, family, dependants, minors)
  • EEI: grievance actors linked to employer / sector / affiliations

PIR-2 - Destination threat environment

What is the current threat level at each destination and trajectory across the window? → §8 Destination Threat Environment

  • EEI: current government travel advisory level for each destination (FCO, DFAT, US State, etc.)
  • EEI: FCDO/State Dept advisory text - specific warnings applicable to this traveller profile
  • EEI: live local dynamics during the travel window (elections, events, protests, conflict activity)
  • EEI: threat trajectory (improving / stable / deteriorating / volatile)
  • EEI: consumed Country Risk Assessment (OSINT-031) rating for each destination

PIR-3 - Crime & opportunistic threat

What is the risk from violent/acquisitive crime and targeting of visible/foreign travellers by location? → §9 Crime & Targeted-Threat Risk

  • EEI: violent crime rate and typology at each destination/leg
  • EEI: express kidnap / short-term abduction-for-robbery pattern
  • EEI: targeting of foreigners, tourists, wealthy-profile individuals
  • EEI: time-of-day and location patterns for crime incidents
  • EEI: scam / fraud / shakedown / corruption exposure for this traveller profile

PIR-4 - Terrorism, conflict & civil-disorder risk

What is the mass-casualty, conflict, and civil-disorder risk at destinations and venues? → §10 Terrorism, Conflict & Civil-Disorder Risk

  • EEI: active or recently elevated terrorism threat at each destination
  • EEI: conflict / insurgency / spillover affecting movement or egress
  • EEI: upcoming or ongoing civil unrest / protests that could block movement
  • EEI: whether any planned venue or event type is itself an attractive target

PIR-5 - Kidnap, hostage & unlawful-detention risk

What is the kidnap/hostage/wrongful-detention/arbitrary-arrest risk for this profile at these destinations? → §11 Kidnap, Hostage & Unlawful-Detention Risk

  • EEI: active kidnap-for-ransom operations at each destination
  • EEI: state-actor risk - wrongful detention, hostage diplomacy, exit-ban precedents
  • EEI: politically/ideologically motivated abduction threat linked to traveller profile
  • EEI: border-control detention or arrest-on-pretextual-charges risk

PIR-6 - Transport, movement & route risk

What is the risk on each transport mode and route segment? → §12 Transport, Movement & Route Risk

  • EEI: aviation / airline / airport safety record and landside security for each carrier/airport
  • EEI: ground transport and road-safety conditions at each destination
  • EEI: arrival / border / transfer exposure and seams between protective coverage
  • EEI: OCOKA-relevant route factors on planned movement legs (chokepoints, ambush terrain, alternates)
  • EEI: maritime / rail / other-mode risk where itinerary includes non-road/air segments

PIR-7 - Health, medical & environmental risk

What are the health, medical-system-adequacy, disease, and natural-hazard exposures? → §13 Health, Medical & Environmental Risk

  • EEI: medical-system adequacy and reachability of evacuation-grade care at each destination
  • EEI: endemic and outbreak disease; immunisation and prophylaxis requirements
  • EEI: food/water safety at planned venues and accommodation
  • EEI: natural-hazard / seasonal exposure during the travel window (storm, seismic, heat, flood)
  • EEI: traveller pre-existing conditions vs. available in-country care
  • EEI: air quality / altitude / industrial-CBRN relevance

PIR-8 - Surveillance, digital & information-environment threat

What is the risk of hostile surveillance, device compromise, and itinerary leakage? → §14 Surveillance, Digital & Information-Environment Threat

  • EEI: hostile physical / technical surveillance risk at each destination (profile-driven)
  • EEI: state monitoring / lawful-intercept / border device-search risk by destination
  • EEI: traveller’s discoverable digital footprint and itinerary leakage exposure
  • EEI: information-environment risk (hostile media, doxxing, narrative targeting)
  • EEI: OPSEC of the trip itself - booking chains, social media, vendor exposure

PIR-9 - Trajectory & early-warning indicators

Where is threat heading across the window, and what would change a leg rating or recommendation? → §19 Threat-Escalation & Early-Warning Indicators, §17 Overall Trip Rating

  • EEI: pre-departure tripwires that would change the go/no-go
  • EEI: in-trip indicators that would trigger posture change, leg cancellation, or evacuation
  • EEI: scheduled or anticipated events at destinations during the window that could escalate any category
  • EEI: current status of each top watch indicator

Collection gaps / RFIs (running)

  • [destination lacking a current OSINT-031 Country Risk Assessment] → commission OSINT-031
  • [venue or route needing advance reconnaissance] → route to Executive Trip Security Package / OSINT-049
  • [specific directed-threat question against the principal] → route to OSINT-034 K&R Risk Assessment
  • [late itinerary change received after baseline] → re-verify affected legs
  • :

01 · Principal / Protectee & Trip Detail

Who is travelling, why, the client’s duty-of-care basis, and the headline trip parameters. → feeds §2 Executive Summary & Scope, §5 Threat Framing, §6 Traveller / Principal Profile.

Principal / traveller identity

  • Full name / role:
  • Employer / organisation:
  • Sector / industry:
  • Nationality / passport(s):
  • Party size and composition:
    • Accompanying staff / security personnel:
    • Family / dependants / minors:
    • Other party members:

Purpose and visibility of travel

  • Purpose of trip:
  • Public profile of the trip (announced / unpublicised / confidential):
  • Client / requesting party:
  • Duty-of-care basis (employer / protectee / family principal / host):
  • Engagement purpose (go-no-go / protective posture / package scoping):

Trip parameters

  • Travel window (first departure → final return):
  • Destinations / legs summary:
  • Trip reference / engagement ref:
  • Baseline / as-of date:

02 · Venue & Geography - Destinations, Sites & Accommodation

Physical environment at each destination: country/city, specific venues, accommodation, airports, and transfer points. → feeds §8 Destination Threat Environment, §12 Transport, Movement & Route Risk, §15 Per-Leg Threat Profile.

Destination - [country / city - clone per destination]

→ §8 Destination Threat Environment. Clone this block per destination.

  • [Destination name - e.g. Nairobi, Kenya]
    • Country threat level (current):
    • Official advisory issuer + level:
    • Live local dynamics during window:
    • Trajectory (improving / stable / deteriorating / volatile):
    • OSINT-031 Country Risk Assessment consumed: [Y/N - ref]
    • OSINT-026 Country / Regional Study consumed: [Y/N - ref]
    • Notes / tool output: ← FCO/DFAT/State advisory, ACLED, GDelt, OSAC, local media

Accommodation - [property name - clone per property]

→ §15 Per-Leg Threat Profile (accommodation leg). Clone per property.

  • [Property name / type]
    • Address / location:
    • Room security / floor considerations:
    • Proximity to protest / target sites:
    • Advance check completed: [Y/N]
    • Notes / tool output:

Airports & transit hubs

  • [Airport code - e.g. JKIA/NBO]
    • Landside security rating:
    • Terminal / gate arrangement:
    • Transfer seam risk:
    • Notes:

Planned venues & event sites - [venue name - clone per venue]

Is this venue itself an attractive target? → §10 Terrorism, Conflict & Civil-Disorder Risk.

  • [Venue name]
    • Address / area:
    • Event / meeting type:
    • Public / announced profile:
    • Ingress / egress options:
    • Proximity to high-risk areas:
    • Notes:

03 · Routes & Movement

Leg-by-leg movement profile; the spine against which threat is located. → feeds §7 Itinerary & Movement Profile, §12 Transport, Movement & Route Risk, §15 Per-Leg Threat Profile.

Itinerary leg - [L# - clone per leg]

Clone this block per itinerary leg. → §7 Itinerary & Movement Profile, §15 Per-Leg Segment Threat Profile.

  • [Leg identifier - e.g. L1 Origin Departure]
    • Date / time (local):
    • Segment type: [Departure / Flight / Arrival-Border / Ground-transfer / Accommodation / Movement-Venue / Departure / Return]
    • From → To:
    • Mode / carrier / flight number:
    • Duration / distance:
    • Predictability (fixed schedule / repeated / published):
    • Protective coverage on this leg:
    • Seam / gap in coverage:
    • Notes / tool output: ← Google Maps/OSM routing, aviation safety dbs (ASN, JACDEC), road-safety data

Aviation segments

  • Carrier:
    • IATA safety rating / ICAO audit status:
    • Incident / accident history:
    • Airport landside threat:
    • Notes / tool output: ← ASN, JACDEC, IATA, ICAO audit reports

Ground transport

  • Route [description]
    • Road conditions / quality:
    • Chokepoints / ambush-favourable terrain (OCOKA):
    • Alternate routes:
    • Vehicle standard / driver vetting status:
    • Notes / tool output: ← OSM, satellite imagery, road-safety datasets, advance recon (OSINT-049)

Maritime / rail (where applicable)

  • Segment:
    • Mode / operator:
    • Risk factors:
    • Notes:

04 · Threat Actors & Persons of Interest

Directed (non-ambient) threat against this traveller - named or described actors, grievance groups, state actors, prior incidents. → feeds §6 Traveller / Principal Profile & Target Profile, §11 Kidnap Hostage & Unlawful-Detention Risk, §10 Terrorism Conflict & Civil-Disorder Risk.

Threat actor - [actor name / group - clone per actor]

→ §6 Target Profile, §11 Kidnap/Detention. Clone per identified actor. Deep viability analysis → OSINT-034.

  • [Actor name / group - e.g. Grievance actor / criminal network / state actor]
    • Type: [State / Non-state criminal / Non-state ideological / Hacktivist / Unknown]
    • Threat category: [Directed crime / Kidnap / Political violence / State detention / Surveillance]
    • Nexus to traveller (why this actor / this traveller):
    • Capability (H/M/L):
    • Intent (H/M/L):
    • Prior incidents involving this actor or similar profile:
    • Active / dormant / assessed:
    • Attribution confidence: [Confirmed / Probable / Possible]
    • Notes / tool output: ← ACLED, GDELT, OSAC, sanctions / proscribed-entity lists, adverse media

Prior threats / incidents against the principal

  • [Incident - date, type, location]
    • Basis / source:
    • Verified / alleged:
    • Significance to current trip:

Persons of interest (surveillance / counter-surveillance flag)

  • [Name / description]
    • Basis for flagging:
    • Legs affected:

05 · Threat Landscape - Destination Incident History & Online Chatter

Environmental threat backdrop and signal collection feeding §9–§14 category scores. → feeds §9 Crime & Targeted-Threat Risk, §10 Terrorism Conflict & Civil-Disorder Risk.

Crime incident data - [destination]

→ §9 Crime & Targeted-Threat Risk.

  • [Incident type / source - e.g. armed robbery at hotels, express kidnap on airport road]
    • Date / location:
    • Victim profile:
    • Trend (increasing / stable / decreasing):
    • Source grade (A–F / 1–6):
    • Notes / tool output: ← OSAC, Numbeo, local police reports, embassy advisories, news

Terrorism / civil-disorder incident data - [destination]

→ §10 Terrorism, Conflict & Civil-Disorder Risk.

  • [Incident / event - e.g. IED, mass protest, armed attack]
    • Date / location:
    • Group attributed / suspected:
    • Target type:
    • Trend:
    • Notes / tool output: ← ACLED, GTD, GDELT, Jane’s, Janes/SITE, local reporting

Kidnap / detention incident data - [destination]

→ §11 Kidnap, Hostage & Unlawful-Detention Risk. Deep threat-actor analysis → OSINT-034.

  • [Incident / pattern]
    • Victim profile targeted:
    • Location / route:
    • Modus operandi:
    • Notes / tool output: ← OSAC, Control Risks, ACLED, US State Dept K&R advisories

Online chatter / social-media signals

→ §14 Surveillance, Digital & Information-Environment Threat, §19 Early-Warning Indicators.

  • [Signal / post / thread]
    • Platform / source:
    • Content summary:
    • Reliability (A–F):
    • Dated / located:
    • Notes: ← Twitter/X search, Telegram monitoring, Reddit, local forums, Bellingcat, open OSINT

Official advisories register

  • [Advisory - issuer + level + date]
    • Destination(s) covered:
    • Specific warnings relevant to this traveller:
    • Notes / self-interest caveat: ← FCO, DFAT, US State, UN DSS, ICPO

06 · Vulnerabilities & Attack Surface - Profile, Footprint & OPSEC

The profile-driven and digital attack surface that distinguishes this traveller from the ambient threat picture. → feeds §6 Traveller / Principal Profile & Target Profile, §14 Surveillance Digital & Information-Environment Threat.

Public profile & discoverable footprint

  • Discoverable home address / family information:
  • Published or discoverable schedule / travel patterns:
  • Social media accounts showing travel / location intent:
    • Platform / URL:
    • Content disclosing trip or location:
    • Notes / tool output: ← manual search, Maltego, social-media monitoring
  • Employer / org website disclosure of role:
  • Media profile / past interviews / public announcements:

Digital device & communications exposure

  • Device posture (personal / travel device / clean device):
  • Communications apps used:
  • Border crossing device-search risk: [Y/N - destination]
  • State lawful-intercept / pervasive monitoring risk at destination:
  • Notes / tool output: ← destination-specific digital-rights reports (Freedom House, EFF, Citizen Lab)

Itinerary OPSEC

  • Itinerary disclosed via: [booking system / social media / employer website / vendor chain / other]
  • Vendor / booking-chain exposure risk:
  • Insider-leakage risk (staff / venue / counterpart):
  • OPSEC classification of itinerary: [Most sensitive element - see Handling Caveat §2]

Wealth / status signalling

  • Observable signals (clothing, vehicles, accommodation type, retinue):
  • Social media wealth indicators:
  • Prior targeting on this basis:

07 · Local Environment - Security, Medical, LE & Infrastructure

In-country support, services, and infrastructure bearing on the traveller’s safety and evacuation options. → feeds §13 Health Medical & Environmental Risk, §20 Protective Posture & Mitigation Options.

Medical facilities - [destination - clone per destination]

  • [Hospital / clinic name]
    • Type / standard: [International / Local / Trauma-capable]
    • Address / distance from accommodation:
    • Evacuation-grade care available: [Y/N]
    • Medical-evacuation provider / reachability:
    • Notes: ← WHO, ISOS, OSAC, embassy health advisories

Disease / health environment

  • [Destination]
    • Endemic diseases / current outbreaks:
    • Immunisation requirements / recommendations:
    • Food / water safety rating:
    • Prophylaxis requirements:
    • Notes: ← CDC, WHO, NATHNAC, ISOS

Natural-hazard / environmental exposure

  • [Hazard type - e.g. seasonal storm, seismic zone, extreme heat]
    • Destination affected:
    • Window overlap:
    • Severity / likelihood:
    • Notes: ← GDACS, EM-DAT, national met services

Law enforcement & security services - [destination]

  • Response capacity / reliability: [H/M/L]
  • Response time (urban / suburban / rural):
  • Corruption / alignment risk:
  • Embassy / consular presence and 24hr contact:
  • Notes:

Infrastructure (power / comms / transport networks)

  • Power reliability:
  • Comms reliability / network coverage:
  • Known infrastructure vulnerabilities (bridges, border crossings, fuel):

08 · Digital & Social Signals - Open-Source Monitoring

Real-time and near-real-time open-source monitoring of conditions across the travel window. → feeds §14 Surveillance Digital & Information-Environment Threat, §19 Threat-Escalation & Early-Warning Indicators.

Social-media monitoring - [destination keyword / account]

Clone per monitoring target.

  • [Search term / account / hashtag]
    • Platform:
    • Cadence checked:
    • Last checked (date):
    • Relevant findings:
    • Notes / tool output: ← TweetDeck/X, Telegram, local-language sources, Mention.com

News & open-source feeds - [destination]

  • [Feed / outlet]
    • Coverage area:
    • Reliability grade (A–F):
    • Relevant findings:
    • Notes:

Dark-web / closed-forum monitoring (if warranted by profile)

  • [Forum / platform / market]
    • Monitoring rationale:
    • Relevant findings:
    • Notes:

Named-person / entity monitoring

  • [Principal name / org name]
    • Search conducted (platform / tool):
    • Findings:
    • Notes / tool output: ← Google Alerts, Mention, social search, adverse-media databases

09 · Indicators & Warnings

Observable tripwires mapped to legs and threat categories; split pre-departure vs. in-trip. → feeds §19 Threat-Escalation & Early-Warning Indicators, §17 Overall Trip Rating & Recommendation.

Pre-departure tripwire - [indicator - clone per indicator]

A pre-departure indicator whose activation would change the go/no-go. → §19 Threat-Escalation & Early-Warning Indicators.

  • [Indicator - e.g. advisory uplift at destination, attack at planned venue type, direct threat received]
    • Threat / leg it bears on (§):
    • Change signalled (e.g. leg residual 9→16):
    • Severity: [Critical / High / Medium / Low]
    • Current status: [Not present / Emerging / Present]
    • Disposition: [Watch / Notify client / Re-rate / Defer leg / Cancel trip]
    • Notes:

In-trip tripwire - [indicator - clone per indicator]

An in-trip indicator that would trigger a posture change, leg cancellation, or activation of the Emergency & Evacuation Plan.

  • [Indicator - e.g. attack near accommodation, unplanned protest blocking route, threat communicated in-country]
    • Threat / leg (§):
    • Change signalled:
    • Severity: [Critical / High / Medium / Low]
    • Current status:
    • Disposition: [Watch / Notify client / Alter leg / Curtail trip / Activate evac plan / Route to Real-Time Travel Monitoring]
    • Notes:

Key Assumptions (to check against KAC §22)

  • Itinerary as provided is complete, current, and will hold
  • Protective measures credited in residual scores will be in place for the trip
  • Traveller will comply with agreed posture and not freelance high-risk movements
  • No major exogenous shock (attack, coup, disaster, border closure) intervenes at a destination

99 · Collection Admin

Working register - not a deliverable section, but the audit trail behind it. Feeds §25 Annex A Sources & Methodology, §26 Annex B Appendices.

Source register

Every material datum traceable to a graded source. Admiralty two-axis: Reliability A–F + Credibility 1–6.

  • [S-1 - source name / title]
    • Type: [Official advisory / Open-source dataset / Media / Academic / HUMINT / Commercial intelligence / Vendor]
    • Reliability (A–F):
    • Credibility (1–6):
    • Date accessed:
    • Coverage scope:
    • Self-interest / reliability caveat:
    • URL / reference:
  • [S-2 - source]
    • Type:
    • Reliability (A–F):
    • Credibility (1–6):
    • Date accessed:

Evidence archive

  • [screenshot / capture ref + hash + URL + timestamp]:

Open gaps / verification pending

  • [item submitted, not yet returned - leg / PIR / category]
  • [advisory not current - destination - check date needed]
  • [advance reconnaissance not yet completed - venue / route]

Quality & analytic standards check

  • Likelihood and analytic confidence kept separate throughout (ICD 203 - never combined in one sentence)
  • All scored threats carry inherent score, mitigation credited, and residual score
  • Reporting distinguished from analytic judgment in §§ 1–20
  • Uncertainty drivers named; alternatives tested (ACH §21 complete)
  • Scores not adjusted to clear or defer the trip for reasons other than the assessed threat
  • All collection open-source and lawful - no surveillance, tracking, or interception of the principal
  • Official advisories and state-controlled sources treated as potentially self-interested and corroborated
  • Itinerary handled as the most sensitive element (Handling Caveat §2 applied)