[RESIDENCE / PRINCIPAL] - Collection Map

OSINT-043 Residential Vulnerability & Threat Assessment - collection workspace. Central topic = the residence and its principal occupant(s). Branches = the eight vulnerability domains plus target-profile and threat-environment inputs. Drop each collected value as a child node; expand it with where it was found and source grade. Paste raw tool output into the node’s Notes. → feeds deliverable OSINT-043.

00 · Collection Plan - PIRs & EEIs

The questions this collection must answer, keyed to the deliverable’s PIRs and Key Judgments. Tick each EEI as satisfied. → drives §3 Key Judgments, §4 PIRs, §15 Vulnerability Register, §16 Overall Rating, §17 Key Findings, §22 Gaps.

PIR-1 - Target profile & directed threat: does the occupant attract directed threat to the residence?

  • EEI: occupant’s public role, employer, sector - controversy or grievance surface (→ §6)
  • EEI: publicly visible wealth/status signals observable from or linked to the address (→ §6)
  • EEI: prior threats, incidents, hostile-surveillance indicators against the occupant or household (→ §6)
  • EEI: discoverable link between occupant identity and this address in open sources (→ §6, §13)
  • EEI: household composition - dependants, co-occupants, staff living in (→ §6, §12)

PIR-2 - Physical security & perimeter: what are the material gaps in the perimeter?

  • EEI: perimeter walls, fences, gates - type, height, material, condition (→ §8)
  • EEI: pedestrian and vehicle entry points - access control at each (→ §8)
  • EEI: lighting coverage - perimeter, entry points, dark zones (→ §8)
  • EEI: sight lines from public space and adjacent buildings (→ §8)
  • EEI: intrusion-deterrence features - anti-climb, gravel, hostile-vehicle mitigation (→ §8)

PIR-3 - Access, egress & circulation: how can the residence be approached and what are the egress options?

  • EEI: vehicle approach routes - chokepoints, ambush-favourable terrain, cover (→ §10)
  • EEI: covert / unsecured entry points - basement, roof, utility ducts, service entrance (→ §10)
  • EEI: occupant primary, secondary, tertiary egress from property and neighbourhood (→ §10)
  • EEI: OCOKA factors from both intruder and occupant perspective (→ §10)

PIR-4 - Security systems & technical: what alarm, CCTV, access-control, and IoT systems are in place?

  • EEI: alarm system - coverage, type, monitoring arrangement, backup power (→ §11)
  • EEI: CCTV - camera coverage, blind spots, storage, remote-access status (→ §11)
  • EEI: intercom / access control - visitor-ID method, lock type, code management (→ §11)
  • EEI: smart-home / IoT devices - brands, discoverability via Wi-Fi SSID or Shodan (→ §11, §13)
  • EEI: safe-room communications capability (→ §11)

PIR-5 - Household personnel & insider threat: who has access and what vetting has been conducted?

  • EEI: live-in and regular household staff - roles, tenure, vetting status, nationality (→ §12)
  • EEI: ad-hoc service providers - cleaners, maintenance, contractors, delivery patterns (→ §12)
  • EEI: key-holder and access-code register - who holds and whether tracked (→ §12)
  • EEI: indicators of grievance, coercion, or compromise among staff (→ §12)

PIR-6 - Digital & information-environment exposure: what about the residence is discoverable via open source?

  • EEI: occupant-to-address linkage in public records, social media, professional profiles (→ §13)
  • EEI: exterior and interior photos - real-estate listings, social media, press coverage (→ §13)
  • EEI: occupancy-pattern leakage - schedules, travel posts, absence periods published (→ §13)
  • EEI: family / dependant digital exposure linking to the address (→ §13)
  • EEI: cumulative adversary open-source profile - can address + layout + schedule be derived? (→ §13)

PIR-7 - Threat environment & contextual risk: what is the crime and threat level at this location?

  • EEI: neighbourhood crime profile - burglary, home invasion, carjacking, express kidnap rates (→ §14)
  • EEI: terrorism and mass-casualty threat relevant to adjacent targets (→ §14)
  • EEI: civil unrest, protest, disorder affecting access/egress during the occupancy window (→ §14)
  • EEI: specific local dynamics live in the period - elections, events, seasonal spikes (→ §14)
  • EEI: environmental hazard exposure - flood, seismic, storm (→ §9)

PIR-8 - Occupancy & absence vulnerability: how does the risk profile differ by phase?

  • EEI: occupancy schedule - full-time / part-time / seasonal / vacant interval (→ §16)
  • EEI: vacancy-period security arrangements - who checks, alarm state, staff on-site (→ §12)
  • EEI: absence-period leakage - social media posts revealing travel windows (→ §13)

PIR-9 - Trajectory & inflection: where is the vulnerability picture heading and what would change it?

  • EEI: planned physical changes to the property - renovations, construction affecting perimeter (→ §18)
  • EEI: upcoming events / profile changes for the occupant that shift directed-threat exposure (→ §18)
  • EEI: threat-environment trajectory indicators at the location (→ §18)

Collection gaps / RFIs (running)

01 · Principal / Occupant Profile & Target Profile

Who lives here and why this occupant may attract directed threat to the residence - the profile-driven overlay that distinguishes this from generic location risk. → feeds §6 Principal / Occupant Profile & Target Profile, §3 Key Judgments (KJ-3).

Identity & role

  • Full name / known names:
  • Role / employer / sector:
  • Public profile (visibility level): [High / Moderate / Low]
  • Controversy / grievance surface:
  • Nationality / perceived affiliation at location:

Wealth & status signalling (property-visible)

  • Estimated property value / neighbourhood tier:
  • Visible signals - vehicle, staff, aesthetics:
  • Known or attributed net-worth indicators in public domain:
    • Source:
    • Basis:

Prior threats, incidents & hostile attention

  • [incident / threat ref]
    • Date / nature:
    • Actor / attribution:
    • Dwelling-specific? [Y/N]
    • Disposition / outcome:
    • Source grade:
    • Notes / tool output:

Household composition & dependants

  • [household member - e.g. spouse / child / live-in staff]
    • Role / age category:
    • Vulnerability relevance:
    • Notes:

Behavioural factors relevant to residential risk

  • Schedule predictability: [High / Moderate / Low]
  • Gate / door posture (security discipline):
  • Social-media broadcasting habits:

02 · Property & Location Profile

The descriptive spine on which every vulnerability score in §8–§14 is grounded. → feeds §7 Property & Location Profile; also anchors §8–§10 scoring context.

Property identification

  • Address / location descriptor (redact as required):
  • Property type: [Standalone house / Apartment / Compound / Gated community / Serviced apartment]
  • Construction type / age / condition:
  • Number of floors / total area / key rooms:

Location within neighbourhood

  • Street position (corner / dead-end / mid-terrace / exposed):
  • Adjacent land uses / abutments:
    • [adjacent use - embassy / park / vacant lot / commercial / construction]
      • Distance / significance:
      • Vulnerability implication:

Vehicle access & parking

  • Garage type: [Secure internal / external / none]
  • Driveway / street-parking exposure:
  • Notes:

Neighbourhood threat environment (location summary)

  • Crime rate / type (summary):
  • Police / security presence:
  • Historical incidents at or near address:
  • Consumed baseline source: [→ OSINT-031 / OSINT-026 / OSINT-032]

Satellite & street-level imagery

  • [imagery ref - source / as-of date]
    • Coverage: [Perimeter / Full property / Approach routes / Neighbourhood]
    • Currency:
    • Notes / tool output: ← Google Earth, Bing Maps, Mapillary, local cadastral portals

03 · Routes & Movement

Vehicle and pedestrian approach routes; occupant egress options; OCOKA route factors. Seed each route as a clonable block. → feeds §10 Access, Egress & Circulation (KJ-4).

Approach routes

  • [route - e.g. primary vehicle approach from north via Main St]
    • Cover and concealment for aggressor:
    • Chokepoints / ambush-favourable terrain:
    • Distance to road / public pavement from entry point:
    • Observation from public space:
    • Threat likelihood of exploitation (1–5):
    • Notes / tool output: ← Google Maps, Waze, satellite imagery, street-level tools

Occupant egress routes

  • [route - e.g. primary egress via rear gate to side street]
    • Type: [Vehicle / Foot]
    • Blockade vulnerability:
    • Alternative if blocked:
    • Condition / maintenance:
    • Notes:

OCOKA summary (per route)

  • Observation (who can see whom):
  • Cover & concealment (for threat / for occupant):
  • Obstacles (barriers, gates, traffic):
  • Key terrain (high ground, buildings dominating the approach):
  • Avenues of approach (ingress paths available to adversary):

04 · Threat Actors & Persons of Interest

Named or typed actors who may pose directed threat to this occupant or residence. Clone block per actor. → feeds §6 (directed threat) and §14 (threat environment); supports KJ-3.

Threat actors / persons of interest

  • [actor name / type - e.g. “disgruntled former employee” / “protest group X” / “named individual”]
    • Actor type: [Individual / Group / Criminal network / Extremist / State-linked]
    • Basis / source:
    • Proximity to residence (confirmed / assessed / unknown):
    • Threat vector (surveillance / intrusion / harassment / protest / attack):
    • Prior incidents / TTPs:
    • Current status (Active / Dormant / Unknown):
    • Attribution confidence: [Confirmed / Probable / Possible]
    • Notes / tool output: ← adverse-media search, court records, social media, OSINT-004 cross-ref

05 · Threat Landscape - Incidents, History & Online Chatter

Open-source threat intelligence relevant to this property and occupant. → feeds §14 Threat-Environment & Contextual Risk, §18 Vulnerability-Escalation Indicators.

Local incident history

  • [incident - e.g. “burglary series - residential street, Q3 2024”]
    • Date / type:
    • Distance from property:
    • Source:
    • Relevance to this residence:

Online threat signals

  • [signal - e.g. “social media post / forum mention / dark-web reference”]
    • Platform / URL:
    • Date observed:
    • Content summary:
    • Actor attribution (if any):
    • Credibility: [A–F / 1–6]
    • Notes / tool output: ← Google Alerts, social media search, dark-web monitoring feeds

Civil unrest / protest / disorder indicators

  • [event / movement]
    • Proximity to residence:
    • Anticipated dates:
    • Access-blocking risk:

Crime and security datasets

  • [dataset / source - e.g. national crime stats, city police reports, commercial risk data]
    • Coverage area:
    • Date range:
    • Findings summary:
    • Notes:

06 · Vulnerabilities & Attack Surface

The consolidated physical, structural, technical, personnel, and digital vulnerability picture. This branch mirrors the deliverable’s eight domain sections - each sub-section feeds a scored domain table. Score each sub-factor: Vulnerability Severity (1–5) / Threat Likelihood (1–5) / Impact (1–5) → Inherent (L×I) → Mitigation → Residual. → feeds §8–§13, §15 Consolidated Vulnerability Register, §16 Overall Rating (KJ-1, KJ-2).

Physical security & perimeter (→ §8)

Perimeter barriers, gates, lighting, sight lines, intrusion deterrence. Clone per sub-factor.

  • [sub-factor - e.g. “perimeter wall - front boundary”]
    • Detail / observed condition:
    • Vulnerability Severity (1–5):
    • Threat Likelihood of Exploitation (1–5):
    • Impact (1–5):
    • Inherent Risk (L×I):
    • Existing Mitigation:
    • Residual Risk:
    • Confidence: [H/M/L]
    • Source grade (A–F / 1–6):
    • Notes / tool output: ← satellite imagery, street-level tools, property-listing photos

Structural & environmental vulnerability (→ §9)

Doors, windows, glazing, safe room, utility chokepoints, environmental hazards.

  • [sub-factor - e.g. “ground-floor windows - glazing type”]
    • Detail:
    • Vulnerability Severity (1–5):
    • Threat Likelihood of Exploitation (1–5):
    • Impact (1–5):
    • Inherent Risk (L×I):
    • Existing Mitigation:
    • Residual Risk:
    • Confidence: [H/M/L]
    • Source grade:
    • Notes / tool output: ← property listings, planning-permit records, imagery, building codes

Access, egress & circulation (→ §10)

Vehicle/pedestrian approaches, covert entry points, occupant egress. Clone per point.

  • [sub-factor - e.g. “rear service entrance - unsecured”]
    • Detail:
    • Vulnerability Severity (1–5):
    • Threat Likelihood of Exploitation (1–5):
    • Impact (1–5):
    • Inherent Risk (L×I):
    • Existing Mitigation:
    • Residual Risk:
    • Confidence: [H/M/L]
    • Source grade:
    • Notes / tool output:

Security systems & technical measures (→ §11)

Alarm, CCTV, intercom, comms, safe-room, smart-home / IoT.

  • [sub-factor - e.g. “CCTV - rear garden blind spot”]
    • Detail:
    • Vulnerability Severity (1–5):
    • Threat Likelihood of Exploitation (1–5):
    • Impact (1–5):
    • Inherent Risk (L×I):
    • Existing Mitigation:
    • Residual Risk:
    • Confidence: [H/M/L]
    • Source grade:
    • Notes / tool output: ← Shodan (IoT), Wi-Fi SSID scan, vendor spec lookup, property listings

Household personnel & insider threat (→ §12)

Staff, service providers, guests, key-holder register, coercion indicators.

  • [access role - e.g. “housekeeper - live-in”]
    • Role / tenure / nationality:
    • Vetting status:
    • Key / code holder: [Y/N]
    • Coercion / grievance indicators:
    • Vulnerability Severity (1–5):
    • Threat Likelihood of Exploitation (1–5):
    • Impact (1–5):
    • Inherent Risk (L×I):
    • Residual Risk:
    • Confidence: [H/M/L]
    • Source grade:
    • Notes / tool output: ← public records, social media, adverse-media search

Digital & information-environment exposure (→ §13)

Occupant-address linkage, property imagery, schedule leakage, IoT discoverability, family digital exposure, cumulative adversary profile.

  • [sub-factor - e.g. “property exterior photos - real-estate listing”]
    • Platform / URL:
    • Content detail:
    • Enabling information (layout / security panel / room details):
    • Vulnerability Severity (1–5):
    • Threat Likelihood of Exploitation (1–5):
    • Impact (1–5):
    • Inherent Risk (L×I):
    • Residual Risk:
    • Confidence: [H/M/L]
    • Source grade:
    • Notes / tool output: ← Zillow / Rightmove / Idealista / Google, Shodan, social-media search

07 · Local Environment - Security, Medical & Infrastructure

The supporting environment that conditions both threat and response: police, emergency services, hospitals, power/water/comms reliability, and infrastructure resilience. → feeds §14 Threat-Environment & Contextual Risk, §23 Recommendations.

Law-enforcement response

  • Nearest police station / response time estimate:
    • Source:
    • Notes:
  • Police-response effectiveness assessment: [H/M/L]
  • Private security services available in area:

Emergency medical

  • Nearest hospital / trauma centre:
    • Distance / estimated response:
  • Ambulance response time (local data):
  • Medical-facility quality assessment:

Infrastructure resilience

  • Power grid reliability / outage history:
  • Water supply reliability:
  • Comms / mobile coverage (providers, dead zones):
  • Backup-power requirements assessment:

Adjacent high-profile targets

  • [target - e.g. embassy / government building / hotel / transport hub]
    • Distance from residence:
    • Indirect risk created:
    • Historical incidents at target:

08 · Digital & Social Signals

Selectors, accounts, and social-media content directly relevant to the residence’s exposure - the residential-context digital intelligence feed. Complements (does not replace) OSINT-044. → feeds §13 Digital & Information-Environment Exposure, §6 Principal Profile (KJ-3).

Address-linked selectors (public records & databases)

Clone per record type. → property-record searches, voter rolls, electoral registers, planning portals.

  • [record type - e.g. “property title register”]
    • Jurisdiction / registry:
    • Found address link: [Y/N / Redacted]
    • Date of record:
    • Source:
    • Notes / tool output: ← land registry, OpenCorporates (registered address), Companies House

Social-media accounts - residential exposure only

Clone per platform. Flag posts that reveal address, layout, schedule, or absence.

  • [platform - Instagram / Facebook / X / LinkedIn / TikTok / other]
    • Handle / URL:
    • Address-revealing content: [Y/N - describe]
    • Schedule / absence posts: [Y/N - describe]
    • Interior / exterior imagery: [Y/N - describe]
    • Attribution confidence: [Confirmed / Probable / Possible]
    • Notes / tool output: ← manual review, social-media OSINT tools

Property-listing imagery (current / archived)

  • [listing platform - e.g. Rightmove, Zillow, Idealista, Google Maps Street View]
    • URL:
    • Content (exterior / interior / floor plan):
    • Date / currency:
    • Security-relevant detail visible (panel, camera, fence type):
    • Notes: ← Wayback Machine / cached listings for historical imagery

IoT / smart-home discoverability

  • [device / service - e.g. “smart doorbell brand X - visible on listing photo”]
    • Discoverable method: [SSID / Shodan / photo / listing]
    • Model / firmware exposure:
    • Vulnerability reference:
    • Notes / tool output: ← Shodan, Wi-Fi SSID search tools, vendor CVE lists

Occupancy-pattern leakage (open-source schedule intelligence)

  • [signal - e.g. “school-run pattern from Instagram story timestamps”]
    • Platform / URL:
    • Pattern derived:
    • Absence window exposed:
    • Notes:

09 · Indicators & Warnings

Observable tripwires that would change a domain score, raise the overall rating, or trigger the recommendation to change from ACCEPT/MITIGATE to DEFER/DO-NOT-OCCUPY. Phase: Pre-occupancy / In-occupancy / Absence-period. Clone per indicator. → feeds §18 Vulnerability-Escalation & Early-Warning Indicators.

Pre-occupancy tripwires

  • [indicator - e.g. “direct threat communication referencing the address”]
    • Domain / vulnerability affected:
    • Change signalled: [e.g. recommendation → DO NOT OCCUPY]
    • Severity: [Critical / High / Medium / Low]
    • Current status: [Not present / Emerging / Present]
    • Disposition: [Watch / Notify client / Re-rate / Upgrade measure / Defer / Do-not-occupy]
    • Notes:

In-occupancy tripwires

  • [indicator - e.g. “surveillance indicators observed near perimeter”]
    • Domain / vulnerability affected:
    • Change signalled:
    • Severity: [Critical / High / Medium / Low]
    • Current status: [Not present / Emerging / Present]
    • Disposition: [Watch / Notify client / Re-rate / Upgrade measure / Curtail / Evacuate / Route to sibling]
    • Notes:

Absence-period tripwires

  • [indicator - e.g. “social-media post confirming principal abroad for 2 weeks”]
    • Domain / vulnerability affected:
    • Change signalled:
    • Severity: [Critical / High / Medium / Low]
    • Disposition:
    • Notes: ← coordinate with OSINT-042 Pre-Travel Threat Assessment for absence-period picture

99 · Collection Admin

Working audit trail - not a deliverable section but the backbone of §24 Annex A.

Source register

Every material datum traceable to a graded source. Admiralty two-axis: Reliability A–F / Credibility 1–6.

  • [S-1 - source name / type]
    • Type: [Primary / Secondary / Tertiary]
    • Reliability (A–F):
    • Credibility (1–6):
    • Date accessed:
    • Coverage domain(s):
    • Limitations / self-interest caveat:

Evidence archive

  • [screenshot / capture ref - hash + URL + timestamp]:

Open gaps / verification pending

  • Property physical state vs. disclosed specifications - unverified pending site survey → route to Residential Security Survey
  • Security-system operational status - assessed from available info only; technical validation required
  • Staff vetting status - not confirmed; route to OSINT-044 or standalone background-vetting product
  • Satellite imagery currency - verify imagery as-of date vs. any recent construction or modifications
  • [item submitted, not yet returned]

Consumed baseline products (record reference and as-of date)

  • OSINT-031 Country Risk Assessment consumed: [ref / date]
  • OSINT-026 Country / Regional Study consumed: [ref / date]
  • OSINT-032 Operational / Country-Entry Risk consumed: [ref / date]
  • OSINT-042 Pre-Travel Threat Assessment (absence periods) consumed: [ref / date]

Escalation register (items routed to sibling / downstream products)

  • Residential Security Survey - physical hardening specification (route from §19)
  • OSINT-044 Family & Household Digital Exposure Assessment - deep household-member digital profiling
  • OSINT-042 Pre-Travel Threat Assessment - absence-period threat picture
  • OSINT-034 K&R Risk Assessment - if kidnap / extortion directed-threat indicators emerge
  • OSINT-045 Continuous Residential Threat Monitoring - downstream product if engagement continues