[RESIDENCE / PRINCIPAL] - Collection Map
OSINT-043 Residential Vulnerability & Threat Assessment - collection workspace. Central topic = the residence and its principal occupant(s). Branches = the eight vulnerability domains plus target-profile and threat-environment inputs. Drop each collected value as a child node; expand it with where it was found and source grade. Paste raw tool output into the node’s Notes. → feeds deliverable OSINT-043.
00 · Collection Plan - PIRs & EEIs
The questions this collection must answer, keyed to the deliverable’s PIRs and Key Judgments. Tick each EEI as satisfied. → drives §3 Key Judgments, §4 PIRs, §15 Vulnerability Register, §16 Overall Rating, §17 Key Findings, §22 Gaps.
PIR-1 - Target profile & directed threat: does the occupant attract directed threat to the residence?
- EEI: occupant’s public role, employer, sector - controversy or grievance surface (→ §6)
- EEI: publicly visible wealth/status signals observable from or linked to the address (→ §6)
- EEI: prior threats, incidents, hostile-surveillance indicators against the occupant or household (→ §6)
- EEI: discoverable link between occupant identity and this address in open sources (→ §6, §13)
- EEI: household composition - dependants, co-occupants, staff living in (→ §6, §12)
PIR-2 - Physical security & perimeter: what are the material gaps in the perimeter?
- EEI: perimeter walls, fences, gates - type, height, material, condition (→ §8)
- EEI: pedestrian and vehicle entry points - access control at each (→ §8)
- EEI: lighting coverage - perimeter, entry points, dark zones (→ §8)
- EEI: sight lines from public space and adjacent buildings (→ §8)
- EEI: intrusion-deterrence features - anti-climb, gravel, hostile-vehicle mitigation (→ §8)
PIR-3 - Access, egress & circulation: how can the residence be approached and what are the egress options?
- EEI: vehicle approach routes - chokepoints, ambush-favourable terrain, cover (→ §10)
- EEI: covert / unsecured entry points - basement, roof, utility ducts, service entrance (→ §10)
- EEI: occupant primary, secondary, tertiary egress from property and neighbourhood (→ §10)
- EEI: OCOKA factors from both intruder and occupant perspective (→ §10)
PIR-4 - Security systems & technical: what alarm, CCTV, access-control, and IoT systems are in place?
- EEI: alarm system - coverage, type, monitoring arrangement, backup power (→ §11)
- EEI: CCTV - camera coverage, blind spots, storage, remote-access status (→ §11)
- EEI: intercom / access control - visitor-ID method, lock type, code management (→ §11)
- EEI: smart-home / IoT devices - brands, discoverability via Wi-Fi SSID or Shodan (→ §11, §13)
- EEI: safe-room communications capability (→ §11)
PIR-5 - Household personnel & insider threat: who has access and what vetting has been conducted?
- EEI: live-in and regular household staff - roles, tenure, vetting status, nationality (→ §12)
- EEI: ad-hoc service providers - cleaners, maintenance, contractors, delivery patterns (→ §12)
- EEI: key-holder and access-code register - who holds and whether tracked (→ §12)
- EEI: indicators of grievance, coercion, or compromise among staff (→ §12)
PIR-6 - Digital & information-environment exposure: what about the residence is discoverable via open source?
- EEI: occupant-to-address linkage in public records, social media, professional profiles (→ §13)
- EEI: exterior and interior photos - real-estate listings, social media, press coverage (→ §13)
- EEI: occupancy-pattern leakage - schedules, travel posts, absence periods published (→ §13)
- EEI: family / dependant digital exposure linking to the address (→ §13)
- EEI: cumulative adversary open-source profile - can address + layout + schedule be derived? (→ §13)
PIR-7 - Threat environment & contextual risk: what is the crime and threat level at this location?
- EEI: neighbourhood crime profile - burglary, home invasion, carjacking, express kidnap rates (→ §14)
- EEI: terrorism and mass-casualty threat relevant to adjacent targets (→ §14)
- EEI: civil unrest, protest, disorder affecting access/egress during the occupancy window (→ §14)
- EEI: specific local dynamics live in the period - elections, events, seasonal spikes (→ §14)
- EEI: environmental hazard exposure - flood, seismic, storm (→ §9)
PIR-8 - Occupancy & absence vulnerability: how does the risk profile differ by phase?
- EEI: occupancy schedule - full-time / part-time / seasonal / vacant interval (→ §16)
- EEI: vacancy-period security arrangements - who checks, alarm state, staff on-site (→ §12)
- EEI: absence-period leakage - social media posts revealing travel windows (→ §13)
PIR-9 - Trajectory & inflection: where is the vulnerability picture heading and what would change it?
- EEI: planned physical changes to the property - renovations, construction affecting perimeter (→ §18)
- EEI: upcoming events / profile changes for the occupant that shift directed-threat exposure (→ §18)
- EEI: threat-environment trajectory indicators at the location (→ §18)
Collection gaps / RFIs (running)
01 · Principal / Occupant Profile & Target Profile
Who lives here and why this occupant may attract directed threat to the residence - the profile-driven overlay that distinguishes this from generic location risk. → feeds §6 Principal / Occupant Profile & Target Profile, §3 Key Judgments (KJ-3).
Identity & role
- Full name / known names:
- Role / employer / sector:
- Public profile (visibility level): [High / Moderate / Low]
- Controversy / grievance surface:
- Nationality / perceived affiliation at location:
Wealth & status signalling (property-visible)
- Estimated property value / neighbourhood tier:
- Visible signals - vehicle, staff, aesthetics:
- Known or attributed net-worth indicators in public domain:
- Source:
- Basis:
Prior threats, incidents & hostile attention
- [incident / threat ref]
- Date / nature:
- Actor / attribution:
- Dwelling-specific? [Y/N]
- Disposition / outcome:
- Source grade:
- Notes / tool output:
Household composition & dependants
- [household member - e.g. spouse / child / live-in staff]
- Role / age category:
- Vulnerability relevance:
- Notes:
Behavioural factors relevant to residential risk
- Schedule predictability: [High / Moderate / Low]
- Gate / door posture (security discipline):
- Social-media broadcasting habits:
02 · Property & Location Profile
The descriptive spine on which every vulnerability score in §8–§14 is grounded. → feeds §7 Property & Location Profile; also anchors §8–§10 scoring context.
Property identification
- Address / location descriptor (redact as required):
- Property type: [Standalone house / Apartment / Compound / Gated community / Serviced apartment]
- Construction type / age / condition:
- Number of floors / total area / key rooms:
Location within neighbourhood
- Street position (corner / dead-end / mid-terrace / exposed):
- Adjacent land uses / abutments:
- [adjacent use - embassy / park / vacant lot / commercial / construction]
- Distance / significance:
- Vulnerability implication:
- [adjacent use - embassy / park / vacant lot / commercial / construction]
Vehicle access & parking
- Garage type: [Secure internal / external / none]
- Driveway / street-parking exposure:
- Notes:
Neighbourhood threat environment (location summary)
- Crime rate / type (summary):
- Police / security presence:
- Historical incidents at or near address:
- Consumed baseline source: [→ OSINT-031 / OSINT-026 / OSINT-032]
Satellite & street-level imagery
- [imagery ref - source / as-of date]
- Coverage: [Perimeter / Full property / Approach routes / Neighbourhood]
- Currency:
- Notes / tool output: ← Google Earth, Bing Maps, Mapillary, local cadastral portals
03 · Routes & Movement
Vehicle and pedestrian approach routes; occupant egress options; OCOKA route factors. Seed each route as a clonable block. → feeds §10 Access, Egress & Circulation (KJ-4).
Approach routes
- [route - e.g. primary vehicle approach from north via Main St]
- Cover and concealment for aggressor:
- Chokepoints / ambush-favourable terrain:
- Distance to road / public pavement from entry point:
- Observation from public space:
- Threat likelihood of exploitation (1–5):
- Notes / tool output: ← Google Maps, Waze, satellite imagery, street-level tools
Occupant egress routes
- [route - e.g. primary egress via rear gate to side street]
- Type: [Vehicle / Foot]
- Blockade vulnerability:
- Alternative if blocked:
- Condition / maintenance:
- Notes:
OCOKA summary (per route)
- Observation (who can see whom):
- Cover & concealment (for threat / for occupant):
- Obstacles (barriers, gates, traffic):
- Key terrain (high ground, buildings dominating the approach):
- Avenues of approach (ingress paths available to adversary):
04 · Threat Actors & Persons of Interest
Named or typed actors who may pose directed threat to this occupant or residence. Clone block per actor. → feeds §6 (directed threat) and §14 (threat environment); supports KJ-3.
Threat actors / persons of interest
- [actor name / type - e.g. “disgruntled former employee” / “protest group X” / “named individual”]
- Actor type: [Individual / Group / Criminal network / Extremist / State-linked]
- Basis / source:
- Proximity to residence (confirmed / assessed / unknown):
- Threat vector (surveillance / intrusion / harassment / protest / attack):
- Prior incidents / TTPs:
- Current status (Active / Dormant / Unknown):
- Attribution confidence: [Confirmed / Probable / Possible]
- Notes / tool output: ← adverse-media search, court records, social media, OSINT-004 cross-ref
05 · Threat Landscape - Incidents, History & Online Chatter
Open-source threat intelligence relevant to this property and occupant. → feeds §14 Threat-Environment & Contextual Risk, §18 Vulnerability-Escalation Indicators.
Local incident history
- [incident - e.g. “burglary series - residential street, Q3 2024”]
- Date / type:
- Distance from property:
- Source:
- Relevance to this residence:
Online threat signals
- [signal - e.g. “social media post / forum mention / dark-web reference”]
- Platform / URL:
- Date observed:
- Content summary:
- Actor attribution (if any):
- Credibility: [A–F / 1–6]
- Notes / tool output: ← Google Alerts, social media search, dark-web monitoring feeds
Civil unrest / protest / disorder indicators
- [event / movement]
- Proximity to residence:
- Anticipated dates:
- Access-blocking risk:
Crime and security datasets
- [dataset / source - e.g. national crime stats, city police reports, commercial risk data]
- Coverage area:
- Date range:
- Findings summary:
- Notes:
06 · Vulnerabilities & Attack Surface
The consolidated physical, structural, technical, personnel, and digital vulnerability picture. This branch mirrors the deliverable’s eight domain sections - each sub-section feeds a scored domain table. Score each sub-factor: Vulnerability Severity (1–5) / Threat Likelihood (1–5) / Impact (1–5) → Inherent (L×I) → Mitigation → Residual. → feeds §8–§13, §15 Consolidated Vulnerability Register, §16 Overall Rating (KJ-1, KJ-2).
Physical security & perimeter (→ §8)
Perimeter barriers, gates, lighting, sight lines, intrusion deterrence. Clone per sub-factor.
- [sub-factor - e.g. “perimeter wall - front boundary”]
- Detail / observed condition:
- Vulnerability Severity (1–5):
- Threat Likelihood of Exploitation (1–5):
- Impact (1–5):
- Inherent Risk (L×I):
- Existing Mitigation:
- Residual Risk:
- Confidence: [H/M/L]
- Source grade (A–F / 1–6):
- Notes / tool output: ← satellite imagery, street-level tools, property-listing photos
Structural & environmental vulnerability (→ §9)
Doors, windows, glazing, safe room, utility chokepoints, environmental hazards.
- [sub-factor - e.g. “ground-floor windows - glazing type”]
- Detail:
- Vulnerability Severity (1–5):
- Threat Likelihood of Exploitation (1–5):
- Impact (1–5):
- Inherent Risk (L×I):
- Existing Mitigation:
- Residual Risk:
- Confidence: [H/M/L]
- Source grade:
- Notes / tool output: ← property listings, planning-permit records, imagery, building codes
Access, egress & circulation (→ §10)
Vehicle/pedestrian approaches, covert entry points, occupant egress. Clone per point.
- [sub-factor - e.g. “rear service entrance - unsecured”]
- Detail:
- Vulnerability Severity (1–5):
- Threat Likelihood of Exploitation (1–5):
- Impact (1–5):
- Inherent Risk (L×I):
- Existing Mitigation:
- Residual Risk:
- Confidence: [H/M/L]
- Source grade:
- Notes / tool output:
Security systems & technical measures (→ §11)
Alarm, CCTV, intercom, comms, safe-room, smart-home / IoT.
- [sub-factor - e.g. “CCTV - rear garden blind spot”]
- Detail:
- Vulnerability Severity (1–5):
- Threat Likelihood of Exploitation (1–5):
- Impact (1–5):
- Inherent Risk (L×I):
- Existing Mitigation:
- Residual Risk:
- Confidence: [H/M/L]
- Source grade:
- Notes / tool output: ← Shodan (IoT), Wi-Fi SSID scan, vendor spec lookup, property listings
Household personnel & insider threat (→ §12)
Staff, service providers, guests, key-holder register, coercion indicators.
- [access role - e.g. “housekeeper - live-in”]
- Role / tenure / nationality:
- Vetting status:
- Key / code holder: [Y/N]
- Coercion / grievance indicators:
- Vulnerability Severity (1–5):
- Threat Likelihood of Exploitation (1–5):
- Impact (1–5):
- Inherent Risk (L×I):
- Residual Risk:
- Confidence: [H/M/L]
- Source grade:
- Notes / tool output: ← public records, social media, adverse-media search
Digital & information-environment exposure (→ §13)
Occupant-address linkage, property imagery, schedule leakage, IoT discoverability, family digital exposure, cumulative adversary profile.
- [sub-factor - e.g. “property exterior photos - real-estate listing”]
- Platform / URL:
- Content detail:
- Enabling information (layout / security panel / room details):
- Vulnerability Severity (1–5):
- Threat Likelihood of Exploitation (1–5):
- Impact (1–5):
- Inherent Risk (L×I):
- Residual Risk:
- Confidence: [H/M/L]
- Source grade:
- Notes / tool output: ← Zillow / Rightmove / Idealista / Google, Shodan, social-media search
07 · Local Environment - Security, Medical & Infrastructure
The supporting environment that conditions both threat and response: police, emergency services, hospitals, power/water/comms reliability, and infrastructure resilience. → feeds §14 Threat-Environment & Contextual Risk, §23 Recommendations.
Law-enforcement response
- Nearest police station / response time estimate:
- Source:
- Notes:
- Police-response effectiveness assessment: [H/M/L]
- Private security services available in area:
Emergency medical
- Nearest hospital / trauma centre:
- Distance / estimated response:
- Ambulance response time (local data):
- Medical-facility quality assessment:
Infrastructure resilience
- Power grid reliability / outage history:
- Water supply reliability:
- Comms / mobile coverage (providers, dead zones):
- Backup-power requirements assessment:
Adjacent high-profile targets
- [target - e.g. embassy / government building / hotel / transport hub]
- Distance from residence:
- Indirect risk created:
- Historical incidents at target:
08 · Digital & Social Signals
Selectors, accounts, and social-media content directly relevant to the residence’s exposure - the residential-context digital intelligence feed. Complements (does not replace) OSINT-044. → feeds §13 Digital & Information-Environment Exposure, §6 Principal Profile (KJ-3).
Address-linked selectors (public records & databases)
Clone per record type. → property-record searches, voter rolls, electoral registers, planning portals.
- [record type - e.g. “property title register”]
- Jurisdiction / registry:
- Found address link: [Y/N / Redacted]
- Date of record:
- Source:
- Notes / tool output: ← land registry, OpenCorporates (registered address), Companies House
Social-media accounts - residential exposure only
Clone per platform. Flag posts that reveal address, layout, schedule, or absence.
- [platform - Instagram / Facebook / X / LinkedIn / TikTok / other]
- Handle / URL:
- Address-revealing content: [Y/N - describe]
- Schedule / absence posts: [Y/N - describe]
- Interior / exterior imagery: [Y/N - describe]
- Attribution confidence: [Confirmed / Probable / Possible]
- Notes / tool output: ← manual review, social-media OSINT tools
Property-listing imagery (current / archived)
- [listing platform - e.g. Rightmove, Zillow, Idealista, Google Maps Street View]
- URL:
- Content (exterior / interior / floor plan):
- Date / currency:
- Security-relevant detail visible (panel, camera, fence type):
- Notes: ← Wayback Machine / cached listings for historical imagery
IoT / smart-home discoverability
- [device / service - e.g. “smart doorbell brand X - visible on listing photo”]
- Discoverable method: [SSID / Shodan / photo / listing]
- Model / firmware exposure:
- Vulnerability reference:
- Notes / tool output: ← Shodan, Wi-Fi SSID search tools, vendor CVE lists
Occupancy-pattern leakage (open-source schedule intelligence)
- [signal - e.g. “school-run pattern from Instagram story timestamps”]
- Platform / URL:
- Pattern derived:
- Absence window exposed:
- Notes:
09 · Indicators & Warnings
Observable tripwires that would change a domain score, raise the overall rating, or trigger the recommendation to change from ACCEPT/MITIGATE to DEFER/DO-NOT-OCCUPY. Phase: Pre-occupancy / In-occupancy / Absence-period. Clone per indicator. → feeds §18 Vulnerability-Escalation & Early-Warning Indicators.
Pre-occupancy tripwires
- [indicator - e.g. “direct threat communication referencing the address”]
- Domain / vulnerability affected:
- Change signalled: [e.g. recommendation → DO NOT OCCUPY]
- Severity: [Critical / High / Medium / Low]
- Current status: [Not present / Emerging / Present]
- Disposition: [Watch / Notify client / Re-rate / Upgrade measure / Defer / Do-not-occupy]
- Notes:
In-occupancy tripwires
- [indicator - e.g. “surveillance indicators observed near perimeter”]
- Domain / vulnerability affected:
- Change signalled:
- Severity: [Critical / High / Medium / Low]
- Current status: [Not present / Emerging / Present]
- Disposition: [Watch / Notify client / Re-rate / Upgrade measure / Curtail / Evacuate / Route to sibling]
- Notes:
Absence-period tripwires
- [indicator - e.g. “social-media post confirming principal abroad for 2 weeks”]
- Domain / vulnerability affected:
- Change signalled:
- Severity: [Critical / High / Medium / Low]
- Disposition:
- Notes: ← coordinate with OSINT-042 Pre-Travel Threat Assessment for absence-period picture
99 · Collection Admin
Working audit trail - not a deliverable section but the backbone of §24 Annex A.
Source register
Every material datum traceable to a graded source. Admiralty two-axis: Reliability A–F / Credibility 1–6.
- [S-1 - source name / type]
- Type: [Primary / Secondary / Tertiary]
- Reliability (A–F):
- Credibility (1–6):
- Date accessed:
- Coverage domain(s):
- Limitations / self-interest caveat:
Evidence archive
- [screenshot / capture ref - hash + URL + timestamp]:
Open gaps / verification pending
- Property physical state vs. disclosed specifications - unverified pending site survey → route to Residential Security Survey
- Security-system operational status - assessed from available info only; technical validation required
- Staff vetting status - not confirmed; route to OSINT-044 or standalone background-vetting product
- Satellite imagery currency - verify imagery as-of date vs. any recent construction or modifications
- [item submitted, not yet returned]
Consumed baseline products (record reference and as-of date)
- OSINT-031 Country Risk Assessment consumed: [ref / date]
- OSINT-026 Country / Regional Study consumed: [ref / date]
- OSINT-032 Operational / Country-Entry Risk consumed: [ref / date]
- OSINT-042 Pre-Travel Threat Assessment (absence periods) consumed: [ref / date]
Escalation register (items routed to sibling / downstream products)
- Residential Security Survey - physical hardening specification (route from §19)
- OSINT-044 Family & Household Digital Exposure Assessment - deep household-member digital profiling
- OSINT-042 Pre-Travel Threat Assessment - absence-period threat picture
- OSINT-034 K&R Risk Assessment - if kidnap / extortion directed-threat indicators emerge
- OSINT-045 Continuous Residential Threat Monitoring - downstream product if engagement continues