Indicators & Warning (I&W) Program - Collection Map

OSINT-040 Indicators & Warning (I&W) Program - collection workspace. Central topic = the monitoring question / threat domain under watch. Branches = indicator sets, source lanes, escalation logic, and service administration. Drop collected values as child nodes; expand each with where it was found and what it links to. Paste raw tool output into node Notes. → feeds deliverable OSINT-040.

00 · Collection Plan - PIRs & EEIs

The program intelligence requirements and the essential elements of information (EEI) that must be satisfied before each indicator can be graded, fired, or updated. Tick each EEI as satisfied. → drives §1 Scope & Watch Criteria / Tripwires, §4 Escalation & Notification Triggers.

PIR-1 - Indicator set: are all watch items defined with observable dimensions and tripwire thresholds?

  • EEI: each indicator has a named observable dimension (measurable aspect being tracked)
  • EEI: each indicator has a precise tripwire threshold (specific condition/value/event that fires)
  • EEI: each indicator has an assigned Likelihood (1–5) × Impact (1–5) score and severity tier
  • EEI: each indicator routes to a named escalation path (→ §4)

PIR-2 - Collection coverage: are all indicators served by at least one graded source lane?

  • EEI: every §1 indicator is mapped to at least one collection lane in §2
  • EEI: each lane has a confirmed cadence (continuous / hourly / daily / weekly)
  • EEI: each lane has an Admiralty source reliability grade (A–F) assessed
  • EEI: seeding baseline product (Geopolitical Risk Assessment or strategic estimate) identified and ingested

PIR-3 - Escalation readiness: do notification paths exist for every severity tier?

  • EEI: Critical (L×I 21–25) tier - notify chain and acknowledgement target confirmed
  • EEI: High (16–20) tier - notify chain confirmed
  • EEI: Elevated (11–15) tier - notify chain confirmed
  • EEI: Moderate/Low (1–10) tier - notify chain confirmed
  • EEI: all §1 indicators route to a tier listed in §4

PIR-4 - SLA compliance: are service-level targets measurable and remedies defined?

  • EEI: indicator-refresh cadence compliance metric and measurement method documented (→ §5)
  • EEI: alert delivery time by severity tier specified (→ §5)
  • EEI: routine I&W summary punctuality target set (→ §5)
  • EEI: remedy / credit on miss defined for each metric

PIR-5 - Program governance: are change-control and renewal terms current?

  • EEI: indicator change-control process documented (→ §6)
  • EEI: service-review cadence confirmed
  • EEI: renewal / termination terms current

Collection gaps / RFIs (running)

  • [indicator without an assigned collection lane] → route to §2
  • [source lane without a confirmed Admiralty grade] → route to Annex A
  • [open escalation path not confirmed] → route to §4

00b · Monitoring Cadence & Triggers

This deliverable is a retained continuous monitoring service - watch items, cadences, and alert thresholds must be active and current at all times. Review and update this branch at every service-review cycle (→ §6). → drives §2 Collection Cadence & Sources, §3 Reporting Cadence & Product Format, §4 Escalation & Notification Triggers, §5 Service Levels (SLA).

Active watch items

  • [indicator being monitored - e.g. political stability index change]
    • Observable dimension:
    • Tripwire threshold:
    • Severity tier: [Critical / High / Elevated / Moderate / Low]
    • Refresh cadence: [continuous / hourly / daily / weekly]
    • Last checked:
    • Status: [Watching / Fired / Cleared / Suspended]
    • Notes / tool output:
  • [indicator 2]

Refresh cadence registry

  • Continuous (real-time / automated feed):
  • Hourly:
  • Daily:
  • Weekly:
  • Monthly (schedule-review trigger):

Alert thresholds - current settings

  • Critical (L×I 21–25): tripwire fired → immediate notification [recipient]:
  • High (16–20): [notification method + time target]:
  • Elevated (11–15): [notification method + time target]:
  • Moderate/Low (1–10): [notification method + next routine summary]:

Escalation path - current contacts

  • [role / name]
    • Notification method:
    • Acknowledgement target (time):
    • Backup / secondary:

Drift / anomaly flags (inter-cycle notes)

  • [observed deviation from expected indicator baseline]:

01 · Drivers & Key Variables

The underlying forces that cause indicators to move - political, economic, social, security, or structural. Understanding drivers determines which indicators are worth watching and what thresholds are meaningful. → feeds §1 Scope & Watch Criteria / Tripwires (indicator rationale), §6 Review & Renewal (scope adjustment).

Political / governance drivers

  • [driver - e.g. electoral cycle, regime stability, coalition dynamics]
    • Current status / trend:
    • Direction of change: [deteriorating / stable / improving]
    • Source:
    • Notes:

Economic / financial drivers

  • [driver - e.g. fiscal stress, FX reserves, debt servicing capacity]
    • Current status / trend:
    • Direction:
    • Source:

Security / kinetic drivers

  • [driver - e.g. insurgent activity tempo, security-force cohesion, external state pressure]
    • Current status / trend:
    • Direction:
    • Source:

Social / demographic drivers

  • [driver - e.g. protest potential, ethnic/sectarian tension, displacement]
    • Current status / trend:
    • Direction:
    • Source:

Structural / systemic drivers

  • [driver - e.g. institutional capacity, rule-of-law index, sanctions regime]
    • Current status / trend:
    • Direction:
    • Source:

02 · Indicators & Warnings

Core recursive block. Each indicator in the §1 watch set is a clonable entry. Clone one block per indicator. Track observed state vs. tripwire threshold and grade each observation before routing to §4. → feeds §1 Scope & Watch Criteria / Tripwires, §4 Escalation & Notification Triggers, Annex A.

[Indicator - e.g. political violence event count, rolling 30-day]

Clone this block per §1 indicator. → feeds §1 row, §4 escalation tier, Annex A graded entry.

  • Observable dimension:
  • Tripwire threshold:
  • Likelihood (1–5):
  • Impact (1–5):
  • L×I score:
  • Severity tier: [Critical / High / Elevated / Moderate / Low]
  • Current observed value:
  • Indicator status: [Below threshold / At threshold / Fired / Cleared]
  • Date of last observation:
  • Observation source (Admiralty grade):
  • Escalation route (→ §4):
  • Notes / tool output: ← GDELT, ACLED, RSS alert feeds, government bulletins

[Indicator 2]

  • Observable dimension:
  • Tripwire threshold:
  • Likelihood (1–5):
  • Impact (1–5):
  • L×I score:
  • Severity tier:
  • Current observed value:
  • Indicator status:
  • Date of last observation:
  • Observation source (Admiralty grade):
  • Escalation route (→ §4):
  • Notes / tool output:

Fired-indicator log (chronological)

  • [indicator name - date fired]
    • Observed value at firing:
    • Alert sent to:
    • Alert method / timestamp:
    • Acknowledgement received:
    • Outcome / follow-on action:
    • Cleared date:

03 · Scenarios / Hypotheses

Working hypotheses about how the threat domain could evolve. Scenarios anchor what “material change” looks like and guide indicator selection - a new scenario may require new indicators (→ §6 change-control). → feeds §1 Scope & Watch Criteria / Tripwires (scenario-indicator linkage), §6 Review & Renewal.

[Scenario / hypothesis - e.g. rapid deterioration / escalation]

  • Summary:
  • Key assumptions underlying this scenario:
  • Indicators that would confirm this scenario:
  • Indicators that would disconfirm:
  • Probability estimate (qualitative): [Remote / Unlikely / Possible / Likely / Almost certain]
  • Driver linkage (→ §01):
  • If realized - recommended watch escalation:
  • Notes:

[Scenario 2 - e.g. status quo / muddle-through]

  • Summary:
  • Key assumptions:
  • Confirming indicators:
  • Disconfirming indicators:
  • Probability estimate:
  • Notes:

[Scenario 3 - e.g. positive stabilization]

  • Summary:
  • Key assumptions:
  • Confirming indicators:
  • Disconfirming indicators:
  • Probability estimate:
  • Notes:

Competing-hypotheses log

  • [hypothesis being tracked vs. dismissed]:
    • Evidence for:
    • Evidence against:
    • Current disposition: [Active / Disconfirmed / Merged with scenario N]

04 · Data Sources & Feeds

Standing collection lanes that feed the indicator set. Each source entry is clonable - one block per lane. Assess Admiralty grade per the Annex A scale. → feeds §2 Collection Cadence & Sources, Annex A Source & Indicator Register.

[Source / lane - e.g. official government reporting / ministry statements]

Clone per collection lane. → feeds §2 row, Annex A. Check cadence against §5 SLA targets.

  • Indicator(s) served (→ §1):
  • Collection method:
  • Cadence: [continuous / hourly / daily / weekly]
  • Access method: [open web / RSS / API / manual review]
  • Reliability (A–F):
  • Credibility (1–6):
  • Admiralty grade:
  • Last verified date:
  • Owner / collector:
  • Notes / tool output: ← RSS aggregators, GDELT API, official open-data portals

[Source 2 - e.g. open-source media monitoring / press survey]

  • Indicator(s) served:
  • Collection method:
  • Cadence:
  • Access method:
  • Reliability (A–F):
  • Credibility (1–6):
  • Admiralty grade:
  • Last verified date:
  • Owner / collector:
  • Notes / tool output: ← Feedly, Inoreader, aggregated news search

[Source 3 - e.g. structured open-source event data]

  • Indicator(s) served:
  • Collection method:
  • Cadence:
  • Access method: [e.g. ACLED API / GDELT / public dataset download]
  • Reliability (A–F):
  • Credibility (1–6):
  • Admiralty grade:
  • Last verified date:
  • Owner / collector:
  • Notes / tool output:

[Source 4 - e.g. economic / financial open data]

  • Indicator(s) served:
  • Collection method:
  • Cadence:
  • Access method: [e.g. World Bank / IMF / central bank open portals]
  • Reliability (A–F):
  • Credibility (1–6):
  • Admiralty grade:
  • Last verified date:
  • Owner / collector:
  • Notes / tool output:

[Source 5 - e.g. social media / open forum monitoring]

  • Indicator(s) served:
  • Collection method:
  • Cadence:
  • Access method: [e.g. public search / Telegram / open social monitoring]
  • Reliability (A–F):
  • Credibility (1–6):
  • Admiralty grade:
  • Last verified date:
  • Owner / collector:
  • Notes / tool output:

05 · Key Actors & Entities

State, non-state, and transnational actors whose behavior constitutes or influences the indicators being watched. Each actor is a clonable block. → feeds §1 Scope & Watch Criteria / Tripwires (actor-linked indicators), §4 Escalation & Notification Triggers (actor-triggered alerts).

[Actor - e.g. host-state security apparatus]

Clone per key actor. → feeds §1 observable dimensions, §4 alert triggers.

  • Actor type: [state / non-state / armed group / economic actor / IFI / NGO / other]
  • Role in threat domain:
  • Current disposition / posture:
  • Indicators this actor drives (→ §02):
  • Monitoring approach:
  • Key open-source traces:
  • Reliability of available information:
  • Notes / tool output: ← OpenCorporates, company registries, government open data, press

[Actor 2 - e.g. armed non-state group]

  • Actor type:
  • Role in threat domain:
  • Current disposition / posture:
  • Indicators this actor drives:
  • Monitoring approach:
  • Key open-source traces:
  • Notes / tool output:

[Actor 3 - e.g. international / regional body]

  • Actor type:
  • Role:
  • Current disposition:
  • Indicators this actor drives:
  • Notes:

06 · Events Timeline

Chronological log of significant observed events, indicator fires, and environmental shifts during the service term. Each entry is clonable. → feeds §3 Reporting Cadence & Product Format (routine summary inputs), §4 Escalation & Notification Triggers (event-triggered alert record), Annex A.

[Event - date: YYYY-MM-DD]

Clone per significant event. → feeds §3 routine I&W summary, §4 alert record.

  • Event description:
  • Event type: [indicator-fired / environmental shift / source anomaly / escalation triggered / cleared]
  • Indicators affected (→ §02):
  • Severity tier at time of event (→ §4):
  • Alert sent: [Y/N]
  • Alert recipient and method:
  • Source / evidence ref:
  • Follow-on action taken:
  • Notes:

[Event 2]

  • Event description:
  • Event type:
  • Indicators affected:
  • Severity tier:
  • Alert sent:
  • Notes:

Trend / pattern observations (inter-event)

  • [pattern observed across multiple events]:
    • Date range:
    • Indicators involved:
    • Analytical note:

07 · Assumptions & Uncertainties

Explicit record of analytic assumptions underlying the indicator set and known uncertainties that could degrade detection. Surfacing these protects against assumption-blindness and drives §6 review. → feeds §6 Review & Renewal (assumption audit), §5 Service Levels (SLA) (false-alarm / quality bound).

Standing assumptions

  • [assumption - e.g. current source reliability grades remain valid]
    • Basis:
    • If assumption fails: [expected impact on detection coverage]
    • Review trigger:
  • [assumption 2 - e.g. indicator set reflects the current threat model]
    • Basis:
    • If assumption fails:
    • Review trigger:

Known intelligence gaps

  • [gap - e.g. no reliable source for real-time kinetic event data in sub-region X]
    • Indicator(s) affected (→ §02):
    • Gap severity: [H/M/L]
    • Mitigation or workaround:
    • RFI status:

Analytic uncertainties

  • [uncertainty - e.g. threshold calibration may not reflect current baseline volatility]
    • Indicators affected:
    • Risk: [over-triggering / under-triggering]
    • Recommended review action:

Threshold calibration notes

  • [indicator name] - current threshold rationale:
    • Last calibrated:
    • Proposed adjustment (if any):
    • Change-control status (→ §6):

99 · Collection Admin

Working register - not a deliverable section, but the audit trail behind §1–§6 and Annexes A–B.

Source register (Admiralty graded)

Every material source traceable to a two-character Admiralty grade. Reliability A–F; Credibility 1–6.

  • [S-1 - source name / lane]
    • Type: [Primary / Secondary / Tertiary]
    • Reliability (A–F):
    • Credibility (1–6):
    • Grade: [e.g., B2]
    • Date accessed:
    • Indicators served:
  • [S-2]
    • Type:
    • Reliability (A–F):
    • Credibility (1–6):
    • Grade:
    • Date accessed:
    • Indicators served:

Evidence archive

  • [screenshot / capture ref + hash + URL + timestamp]:
  • [indicator-fire record + alert log entry + timestamp]:

Onboarding / offboarding checklist cross-reference (→ Annex B)

  • Authority / scope + indicator-set sign-off captured
  • Seeding baseline product ingested (Geopolitical Risk Assessment or strategic estimate)
  • Collection lanes + indicator tripwires stood up
  • Data retention / destruction schedule in effect
  • Offboarding + data return / purge procedure confirmed

Open gaps / RFIs (running)

  • [gap - indicator without a confirmed source lane]
  • [gap - source reliability grade not yet assessed]
  • [gap - escalation contact not confirmed for tier X]
  • [RFI submitted, not yet returned]