[COUNTRY/REGION] - Collection Map

OSINT-036 Continuous Country Risk Monitoring - collection workspace. Central topic = the monitored country or region. Branches = risk domains and data-point categories. Drop each collected value as a child node; expand it with where it was found. Paste raw tool output into the node’s Notes. → feeds deliverable OSINT-036.

00 · Collection Plan - PIRs & EEIs

The questions this collection must answer + the essential elements of information (EEI) for each. Tick as satisfied. → drives §1 Scope & Watch Criteria / Tripwires, §2 Collection Cadence & Sources, §3 Reporting Cadence & Product Format, §4 Escalation & Notification Triggers, §5 Service Levels (SLA).

PIR-1 - Political Instability: is the governing regime stable and is leadership continuity confirmed?

  • EEI: election calendar / contested-succession events
  • EEI: coup/executive-removal signals (military posture, parliamentary confidence votes)
  • EEI: opposition strength, mass-mobilisation indicators
  • EEI: ruling coalition cohesion (cabinet reshuffles, defections)

PIR-2 - Sanctions & Designation Changes: have designations against the country, sector, or named entities changed?

  • EEI: OFAC SDN / OFAC sectoral list updates
  • EEI: EU, UK, UN regime changes + country-specific measures
  • EEI: targeted entity / individual additions or removals
  • EEI: licence/exemption framework changes

PIR-3 - Civil Unrest & Protest Activity: is there a material increase in public disorder that could affect operations or assets?

  • EEI: protest/strike frequency and size trajectory
  • EEI: geographic spread relative to client interests / facilities
  • EEI: law-enforcement / military response posture
  • EEI: online mobilisation signals (social/Telegram/WhatsApp public groups)

PIR-4 - Security & Conflict: is armed violence, terrorism, or inter-state conflict risk rising?

  • EEI: incident data (ACLED, UCDP, local security advisories)
  • EEI: armed-group activity near client operational areas
  • EEI: terrorist-attack cadence, claimed responsibility
  • EEI: border/military movement indicators

PIR-5 - Economic Crisis & Infrastructure Disruption: is an economic shock or critical infrastructure outage imminent or underway?

  • EEI: FX rate / reserve trajectory (central bank publications)
  • EEI: sovereign debt / ratings-action signals
  • EEI: power / fuel / communications outage reports
  • EEI: supply-chain chokepoint events (ports, roads, borders)

PIR-6 - Natural Disaster & Environmental Risk: is a natural or environmental event threatening operations?

  • EEI: meteorological / seismic alerts (national hydrometeorological service, USGS)
  • EEI: public-health / epidemic alerts (WHO, CDC, ECDC)
  • EEI: government emergency declarations

Collection gaps / RFIs (running)

  • [open gap] → route to [product or analytic cell]
  • [open gap]

00b · Monitoring Cadence & Triggers

Continuous/retained service - this branch governs watch discipline and alert hygiene. → drives §2 Collection Cadence & Sources, §3 Reporting Cadence & Product Format, §4 Escalation & Notification Triggers, §5 Service Levels (SLA).

Watch items & refresh cadence

  • [Risk domain - e.g., political instability]
    • Collection lane:
    • Refresh cadence: [e.g., continuous / hourly / daily / weekly]
    • Collector owner:
    • Notes / tool output:
  • [Risk domain - e.g., sanctions/designation changes]
    • Collection lane:
    • Refresh cadence:
    • Collector owner:
    • Notes / tool output:

Alert thresholds (L×I key: 1–5 Low · 6–10 Moderate · 11–15 Elevated · 16–20 High · 21–25 Critical)

  • Critical (21–25):
    • Notify:
    • Method:
    • Acknowledgement target:
  • High (16–20):
    • Notify:
    • Method:
    • Acknowledgement target:
  • Elevated (11–15):
    • Notify:
    • Method:
    • Acknowledgement target:
  • Moderate/Low (1–10):
    • Notify:
    • Method:
    • Acknowledgement target:

Escalation path

  • Tripwire fires → [first notify]:
  • First notify fails to acknowledge → escalate to:
  • SLA miss remedy:

Service review cadence

  • Review frequency:
  • Watch-list change-control process:
  • Term / renewal date:

01 · Geographic & Administrative

Establish the monitored country/region’s administrative structure, borders, and subnational context relevant to watch items. → feeds §1 Scope & Watch Criteria / Tripwires, §2 Collection Cadence & Sources.

Country / region identity

  • Country name(s) / ISO code(s):
  • Region(s) / governorates / provinces in scope:
  • Capital / key cities in scope:
  • Borders / neighbours relevant to risk:

Administrative control map

  • Governing authority by territory:
  • Contested/disputed zones:
  • Special economic zones / foreign-investor areas:

Client footprint in-country

  • [Client facility / office / operation]
    • Location:
    • Staff count:
    • Risk exposure:
    • Notes:
  • [Client facility 2]

02 · Political & Governance

Monitor ruling-coalition stability, election calendar, leadership continuity, and governance quality signals. → feeds §1 Scope & Watch Criteria / Tripwires (political instability), §4 Escalation & Notification Triggers.

Leadership & government

  • Head of state / head of government:
    • Term expiry / election date:
    • Approval / popularity indicator:
    • Succession risk:
    • Source / date:
    • Notes:

Legislature / parliament

  • Ruling coalition composition:
    • Confidence / majority margin:
    • Next election cycle:
    • Notes:

Election & succession watch

  • [Upcoming election or succession event]
    • Date / window:
    • Candidates / factions:
    • Risk implication:
    • Notes / tool output: ← (government gazette, election commission, Reuters/AFP wire)
  • [Event 2]

Governance quality indicators

  • Corruption index / Transparency International rank:
  • Rule-of-law index:
  • Press-freedom index:
  • Notes:

03 · Security & Conflict

Track armed violence, terrorism, insurgency, and inter-state tensions near client operational areas. → feeds §1 Scope & Watch Criteria / Tripwires (security/conflict), §4 Escalation & Notification Triggers.

Incident tracker

Clone per incident batch / reporting period. Source ACLED, UCDP, local advisories.

  • [Incident batch - e.g., Week 2026-W24]
    • Incident type: [armed clashes / IED / protest / kidnap / other]
    • Location(s):
    • Actors involved:
    • Proximity to client interests:
    • Casualty / damage data:
    • L×I score:
    • Source grade:
    • Notes / tool output: ← (ACLED, UCDP, local police bulletin, embassy advisory)
  • [Incident batch 2]

Armed groups & terrorist organisations

Clone per group. → feeds collection branch 06 Key Actors & Entities and §1 Scope & Watch Criteria / Tripwires.

  • [Group name - e.g., armed faction / terrorist organisation]
    • Ideology / affiliation:
    • Area of operation:
    • Recent activity:
    • Threat level to client:
    • Notes:
  • [Group 2]

State security posture

  • Military deployment / readiness signals:
  • Border closure / movement restrictions:
  • Curfew / state of emergency:
  • Notes:

04 · Economic & Infrastructure

Watch economic-shock indicators and critical infrastructure outages that could affect operations or investment viability. → feeds §1 Scope & Watch Criteria / Tripwires (economic crisis, infrastructure disruption), §4 Escalation & Notification Triggers.

Macroeconomic indicators

  • FX rate vs. USD / EUR (current):
    • Trend (30-day):
    • Central bank reserve level:
    • Source / date:
    • Notes:
  • Inflation rate (CPI):
    • Source / date:
  • Sovereign credit rating:
    • Outlook:
    • Last rating action:
    • Notes / tool output: ← (Moody’s, S&P, Fitch public releases)

Sanctions & trade restrictions

Clone per sanctions regime. → feeds §1 Scope & Watch Criteria / Tripwires (sanctions/designation changes), §6 Review & Renewal; mirrors 07 Legal & Regulatory Environment.

  • [Sanctions regime - e.g., OFAC / EU / UK / UN]
    • Current status (country/entity):
    • Last update date:
    • Key designations relevant to client:
    • Watch-list entry/removal alert:
    • Notes / tool output: ← (OFAC SDN list, EU sanctions map, FCDO sanctions list)
  • [Regime 2]

Critical infrastructure

  • [Infrastructure node - e.g., power grid / ports / telecoms]
    • Status: [Operational / Degraded / Outage]
    • Disruption cause:
    • Client impact:
    • Date observed:
    • Notes:
  • [Node 2]

Supply-chain chokepoints

  • [Chokepoint - e.g., port / border crossing / logistics hub]
    • Operational status:
    • Disruption risk:
    • Notes:

05 · Social & Demographic

Track civil-unrest drivers, protest mobilisation, ethnic/sectarian tensions, and public-health events that elevate risk. → feeds §1 Scope & Watch Criteria / Tripwires (civil unrest), §3 Reporting Cadence & Product Format.

Civil unrest & protest activity

Clone per protest wave / labour action. Tools: social-media monitoring, Telegram public groups.

  • [Protest / unrest event - e.g., Week 2026-W24]
    • Location(s) and size:
    • Organising group:
    • Grievance / trigger:
    • LE / military response:
    • Online mobilisation signals:
    • L×I score:
    • Notes / tool output: ← (CrowdTangle, Telegram OSINT, local newswires)
  • [Event 2]

Ethnic / sectarian / communal tensions

  • [Tension line]
    • Groups involved:
    • Flash-point geography:
    • Recent incidents:
    • Notes:

Public health & pandemic watch

  • [Health event]
    • Pathogen / cause:
    • WHO / ECDC alert level:
    • Geographic spread:
    • Client-staff risk:
    • Notes:

06 · Key Actors & Entities

Maintain a standing register of government bodies, armed groups, influential individuals, and organisations relevant to the monitored risks. → feeds §1 Scope & Watch Criteria / Tripwires, §4 Escalation & Notification Triggers.

Government bodies & ministries

Clone per entity.

  • [Ministry / agency - e.g., Ministry of Interior]
    • Head:
    • Relevance to risk domains:
    • Contact / liaison:
    • Notes:
  • [Entity 2]

Key individuals (political / military / economic)

Clone per individual.

  • [Name - role, e.g., Finance Minister]
    • Affiliation:
    • Stance relevant to monitored risks:
    • Recent statements / actions:
    • PEP / sanctions status:
    • Notes:
  • [Individual 2]

Influential non-state actors

Clone per actor.

  • [Actor name - e.g., major trade union / religious institution / business council]
    • Type:
    • Relevance:
    • Stance:
    • Notes:
  • [Actor 2]

Track legislative changes, sanctions-regime updates, and regulatory developments that affect client operations or compliance posture. → feeds §1 Scope & Watch Criteria / Tripwires (sanctions/designation changes), §4 Escalation & Notification Triggers, §6 Review & Renewal.

Sanctions & designations watch

  • OFAC SDN / sectoral list status: [Clear / Hit / Near-match]
    • Last checked:
    • Change since last check:
    • Notes / tool output: ← (OFAC sanctions search, ofac.treasury.gov)
  • EU Consolidated Sanctions List:
    • Last checked:
    • Notes:
  • UK FCDO / HM Treasury sanctions:
    • Last checked:
    • Notes:
  • UN Security Council consolidated list:
    • Last checked:
    • Notes:

Legislative / regulatory changes

  • [Legislative change or regulation]
    • Domain (investment / labour / telecoms / security / AML / other):
    • Effective date:
    • Client impact:
    • Source:
    • Notes:

Investment / operating-permit changes

  • [Permit / licence type]
    • Change:
    • Effective date:
    • Notes:

08 · Indicators & Events (Timeline)

Running timeline of significant events and emerging indicators keyed to the §1 watch-item tripwires. Each entry is expandable with source, grade, and analytic note. → feeds §1 Scope & Watch Criteria / Tripwires, §3 Reporting Cadence & Product Format, §4 Escalation & Notification Triggers.

Tripwire-fire log

Clone per tripwire event. Link back to §1 watch-item row.

  • [Tripwire event - e.g., 2026-W24 political-instability]
    • Watch item fired (→ §1 row #):
    • Observable:
    • L×I score:
    • Severity tier:
    • Escalation actioned:
    • Notified (who / when):
    • Alert product issued:
    • Source grade:
    • Notes / tool output:
  • [Event 2]

Emerging indicator log

Below-threshold signals to monitor; may become tripwire-fires if they develop.

  • [Indicator - date]
    • Risk domain:
    • Observable:
    • Current L×I estimate:
    • Recommended action:
    • Notes:
  • [Indicator 2]

Significant events calendar

  • [Scheduled event - election / summit / public holiday / anniversary]
    • Date:
    • Risk-elevation expected:
    • Notes:

09 · Sources & Media Landscape

Map the information environment: reliable standing sources, local media outlets, and social/grey-media channels for the monitored country. → feeds §2 Collection Cadence & Sources, Annex A Source & Watch-List Register.

Standing open-source feeds

Clone per source lane.

  • [Source / feed - e.g., government official gazette]
    • URL / access method:
    • Risk domain(s) served:
    • Language:
    • Collection cadence:
    • Reliability (A–F):
    • Credibility (1–6):
    • Notes:
  • [Source 2]

Local / national media

Clone per outlet.

  • [Outlet name]
    • Political alignment / ownership:
    • Reliability assessment:
    • Language:
    • Monitoring method:
    • Notes:
  • [Outlet 2]

Social / grey-media channels

  • [Channel - e.g., Telegram group / Facebook page / Reddit sub]
    • Platform:
    • Language:
    • Subscriber / follower count:
    • Reliability:
    • Notes:

Disinformation / information-environment notes

  • Known state-media / propaganda outlets:
  • Known disinformation narratives active:
  • Notes:

99 · Collection Admin

Working register - not a deliverable section, but the audit trail behind it. → feeds Annex A Source & Watch-List Register, Annex B Onboarding/Offboarding & Data-Handling Checklist.

Source register

Every material datum traceable to a graded source. Admiralty scale: Reliability A (completely reliable) → F (cannot be judged); Credibility 1 (confirmed) → 6 (cannot be judged).

  • [S-1 - source name]
    • Type: [Primary / Secondary / Tertiary]
    • Reliability (A–F):
    • Credibility (1–6):
    • Grade (e.g., B2):
    • Date accessed:
    • Notes:
  • [S-2]

Evidence archive

  • [Capture ref - screenshot / PDF + hash + URL + timestamp]:

Open gaps / verification pending

  • [item submitted, not yet returned → route to collection lane or analytic cell]

Onboarding / offboarding status (→ Annex B)

  • Authority / consent captured:
  • Baseline seeding product ingested (Country Risk Assessment):
  • Collection lanes + tripwires stood up:
  • Data retention / destruction schedule confirmed:
  • Offboarding / data return / purge completed: