INDICATORS & WARNING (I&W) PROGRAM

A standing strategic warning program monitoring a defined set of indicators (conditions, events, thresholds) chosen to detect material changes in the operational environment or threat landscape; upon tripwire, escalation routes drive immediate notification and action. The program specifies which indicators are watched, at what collection cadence, what observable condition triggers an alert (the “indicator fired”), the risk severity of each, and the escalation/notification procedure. It does NOT cover the strategic-estimate or key-assumptions products that establish the baseline (the Geopolitical Risk Assessment node), nor any staffed crisis-response cell (→ staffed retained-service archetype). Prescriptive throughout: this is what we monitor, how often, what fires an alert, and who we notify - not our judgment of what will occur.

Document Control

FieldValue
Service name[ ]
DIDOSINT-040
Operational area / threat domain[ ]
Client / sponsor[ ]
Classification & handling[e.g., classification + caveats + dissemination control]
Version[ ]
Author / service owner[ ]
Effective date[ ]
Term / period of performance[e.g., start–end, auto-renew terms]
Seeding product (baseline)[e.g., reference to the Geopolitical Risk Assessment or strategic estimate that establishes the indicator set]

Scope, Authorities & Limitations

State the authorized geographic, temporal, and thematic scope (which threat domain, which region, which adversary or actor set, which operational timeline); the engagement authority; and what is explicitly out of scope; reproduce the verbatim caveats below; name the sibling products this service routes to.

This is a monitoring/operational service, not an investigation, a guarantee of detection, or legal advice. Collection is limited to lawful, authorized sources within the agreed scope; no unlawful access, intrusion, pretexting, or surveillance of non-consenting third parties is performed. Alerting is best-effort within the stated SLA and does not warrant prevention of any event.

BoundaryStatement
In scope[ ]
Out of scope[ ]
Authority / consent basis[ ]
Routes to (seeding product)[e.g., the Geopolitical Risk Assessment node]
Routes to (crisis staffing)[e.g., Crisis Response Team / watch-floor staffing sibling]

1. Scope & Watch Criteria / Tripwires

Enumerate every indicator in the I&W set; each row binds the indicator name, its observable dimension (the measurable condition), the tripwire threshold (the exact condition/value/event that “fires” the indicator), the likelihood and impact of occurrence, and the escalation route. No row may omit a tripwire or escalation destination.

#IndicatorObservable dimensionTripwire thresholdLikelihood (1–5)Impact (1–5)L×I (1–25)Severity tierEscalation route (→ §4)
[ ][e.g., indicator name reflecting a material change][e.g., the measurable aspect tracked][e.g., the specific condition/event/threshold value that fires the alert][ ][ ][ ][ ][ ]
[ ][ ][ ][ ][ ][ ][ ][ ][ ]
[ ][ ][ ][ ][ ][ ][ ][ ][ ]

2. Collection Cadence & Sources

Specify each lawful collection lane keyed to the indicators above, the method of detection/verification, the refresh cadence (how often the indicator is checked/verified), the expected source grade (Admiralty), and the owning collector. Free/browser-first lanes before escalation-tier platforms; no live tool names.

Indicator(s) servedSource / laneCollection methodCadenceExpected source grade (Admiralty)Owner
[ ][ ][e.g., description of the lawful detection/monitoring method][e.g., continuous / hourly / daily / weekly][e.g., A–F × 1–6][ ]
[ ][ ][ ][ ][ ][ ]
[ ][ ][ ][ ][ ][ ]

3. Reporting Cadence & Product Format

Define each recurring product the service emits: a routine strategic-watch summary (cadence-driven), and on-tripwire alert products (incident-driven). Specify format, recipient, and delivery channel.

ProductTrigger / cadenceFormatRecipientChannel
[e.g., routine strategic I&W summary/bulletin][ ][ ][ ][ ]
[e.g., indicator-fired immediate alert][e.g., on tripwire fire (§1), per tier (§4)][ ][ ][ ]
[e.g., periodic collection-health / source-quality report][ ][ ][ ][ ]

4. Escalation & Notification Triggers

Map severity tiers to trigger conditions (indicator fires + threshold met), the party notified, the notification method, and the acknowledgement target. Each tier must correspond to the L×I bands below; every §1 indicator routes to a tier here.

Risk scoring key (reproduce verbatim): Likelihood (1–5) × Impact (1–5) = 1–25; 1–5 Low · 6–10 Moderate · 11–15 Elevated · 16–20 High · 21–25 Critical.

Severity tierL×I bandTrigger conditionNotifyMethodAcknowledgement target
[e.g., Critical][e.g., 21–25][ ][ ][ ][e.g., time-to-acknowledge target]
[e.g., High][e.g., 16–20][ ][ ][ ][ ]
[e.g., Elevated][e.g., 11–15][ ][ ][ ][ ]
[e.g., Moderate/Low][e.g., 1–10][ ][ ][ ][ ]

5. Service Levels (SLA)

Bind measurable service-level commitments to the collection cadence (§2), reporting schedule (§3), and escalation timing (§4): indicator-refresh timeliness, alert-delivery time per severity tier, routine-product punctuality, detection availability, and the remedy when a target is missed.

MetricTargetMeasurement methodReportedRemedy / credit on miss
[e.g., indicator-refresh cadence compliance][ ][ ][ ][ ]
[e.g., alert delivery time by severity tier][ ][ ][ ][ ]
[e.g., routine I&W summary punctuality][ ][ ][ ][ ]
[e.g., monitoring availability / coverage][ ][ ][ ][ ]
[e.g., false-alarm / quality bound][ ][ ][ ][ ]

6. Review & Renewal

State the cadence of formal service review, the change-control process for adding/removing/adjusting indicators or thresholds, and the renewal, re-scoping, and termination terms.

ItemSpecification
Service-review cadence[ ]
Indicator change-control[e.g., process to add/retire/adjust a §1 indicator or tripwire]
Cadence / scope adjustment process[ ]
Renewal terms[ ]
Termination / offboarding terms[ ]

Annex A - Source & Indicator Register (graded)

Register every standing source and indicator with its current Admiralty grade and the last verified date. Reproduce the scales verbatim; grade each source datum as a two-character code (e.g., C3).

NATO Admiralty source reliability (A–F): A Completely reliable · B Usually reliable · C Fairly reliable · D Not usually reliable · E Unreliable · F Reliability cannot be judged. NATO Admiralty information credibility (1–6): 1 Confirmed by other sources · 2 Probably true · 3 Possibly true · 4 Doubtful · 5 Improbable · 6 Truth cannot be judged.

Indicator / sourceLane (→ §2)Reliability (A–F)Credibility (1–6)GradeLast verifiedNotes
[ ][ ][ ][ ][e.g., B2][ ][ ]
[ ][ ][ ][ ][ ][ ][ ]

Annex B - Onboarding / Offboarding & Data-Handling Checklist

Capture the standing-up and tearing-down steps and the data-handling regime over the term: authorization capture, baseline ingest, indicator/collection setup, retention/destruction, and offboarding.

StepPhaseOwnerStatus
[e.g., capture authority/scope + indicator-set sign-off][e.g., onboarding][ ][ ]
[e.g., ingest seeding baseline (Geopolitical Risk Assessment or strategic estimate)][e.g., onboarding][ ][ ]
[e.g., stand up collection lanes + indicator tripwires][e.g., onboarding][ ][ ]
[e.g., data retention / destruction schedule][e.g., steady-state][ ][ ]
[e.g., offboarding + data return/purge][e.g., offboarding][ ][ ]

END OF SERVICE PLAYBOOK

Model wiring

Generated from cell frontmatter at publish time.