DAILY / PERIODIC PROTECTIVE INTELLIGENCE BRIEF
This is a standing briefing subscription that delivers recurring intelligence summaries to protective officers, executives, or operational teams on a contracted cadence: it defines the watch criteria/tripwires for protective threat indicators, the collection and briefing cadence, escalation routes for on-tripwire alerts, and service levels. It does NOT cover the baseline threat assessment or protective posture design that seeds the brief (Pre-Travel Threat Assessment, Country Risk Assessment, or Protective Intelligence Assessment), nor staffed operational services such as protective details or GSOC monitoring (staffed retained-service archetype). Prescriptive throughout: this is what we watch, how often, and how we alert - not an analytic estimate of future events.
Document Control
| Field | Value |
|---|---|
| Service name | [ ] |
| DID | OSINT-053 |
| Client / protected subject(s) | [ ] |
| Sponsor / billing contact | [ ] |
| Classification & handling | [e.g., classification + caveats + dissemination control] |
| Version | [ ] |
| Author / service owner | [ ] |
| Effective date | [ ] |
| Term / period of performance | [e.g., start–end, auto-renew terms] |
| Seeding product (baseline) | [e.g., reference to the threat assessment or protective profile that establishes the watch scope] |
Scope, Authorities & Limitations
State the authorized scope (which jurisdictions, which threat categories, which travel/operational windows), the engagement authority/consent basis, and what is explicitly out of scope; reproduce the verbatim caveats below; name the sibling products this service routes to.
This is a monitoring/operational service, not an investigation, a guarantee of detection, or legal advice. Collection is limited to lawful, authorized sources within the agreed scope; no unlawful access, intrusion, pretexting, or surveillance of non-consenting third parties is performed. Alerting is best-effort within the stated SLA and does not warrant prevention of any event.
| Boundary | Statement |
|---|---|
| In scope | [ ] |
| Out of scope | [ ] |
| Authority / consent basis | [ ] |
| Routes to (seeding product) | [e.g., Pre-Travel Threat Assessment or Country Risk Assessment] |
| Routes to (staffed services) | [e.g., protective detail operations / GSOC staffing / rapid-response team] |
1. Scope & Watch Criteria / Tripwires
Enumerate every protective intelligence watch category: geopolitical/country stability alerts, threat-actor activity (terrorism/extremism/transnational crime), executive/family-specific targeting indicators, operational-area security changes, and travel-corridor status. Per the load-bearing rule each row MUST bind a tripwire (the observable threshold that fires it), implicitly a cadence (§2), and an escalation route (§4). Risk-score each watch item with the L×I key reproduced in §4. No row may omit a tripwire or an escalation route.
| # | Watch item | Observable indicator | Tripwire threshold | Likelihood (1–5) | Impact (1–5) | L×I (1–25) | Severity tier | Escalation route (→ §4) |
|---|---|---|---|---|---|---|---|---|
| [ ] | [ ] | [ ] | [e.g., the observable condition or event that fires the alert] | [ ] | [ ] | [ ] | [ ] | [ ] |
| [ ] | [ ] | [ ] | [ ] | [ ] | [ ] | [ ] | [ ] | [ ] |
| [ ] | [ ] | [ ] | [ ] | [ ] | [ ] | [ ] | [ ] | [ ] |
2. Collection Cadence & Sources
Specify each lawful intelligence lane keyed to the watch items above: open-source monitors (news, social media, travel advisories, sanctions lists), government threat feeds (state dept, airport/border alert systems), commercial threat intelligence, and any authorized human sources. Specify collection method, cadence, expected source grade (Admiralty, see Annex A), and owning collector. Free/browser-first lanes before escalation-tier platforms; no live tool names here - describe the lane.
| Source / lane | Watch item(s) served | Collection method | Cadence | Expected source grade (Admiralty) | Owner |
|---|---|---|---|---|---|
| [ ] | [ ] | [e.g., description of the lawful collection method] | [e.g., continuous / hourly / daily / weekly] | [e.g., A–F × 1–6] | [ ] |
| [ ] | [ ] | [ ] | [ ] | [ ] | [ ] |
| [ ] | [ ] | [ ] | [ ] | [ ] | [ ] |
3. Reporting Cadence & Product Format
Define each recurring product the service emits: scheduled daily/weekly briefing, on-tripwire alert, and periodic health report. Specify what triggers each product, its format, recipient, and delivery channel. Distinguish routine cadence from on-tripwire alerts.
| Product | Trigger / cadence | Format | Recipient | Channel |
|---|---|---|---|---|
| [e.g., daily protective brief] | [e.g., 06:00 UTC each business day or [X] days/week] | [e.g., summary format (one-pager, bullet-point, structured markdown)] | [ ] | [e.g., secure email, SMS, brief platform] |
| [e.g., tripwire alert] | [e.g., on tripwire fire per §1] | [e.g., alert format (short-form notice + escalation target)] | [ ] | [ ] |
| [e.g., periodic service-health report] | [ ] | [ ] | [ ] | [ ] |
4. Escalation & Notification Triggers
Map severity tiers to trigger conditions, the party notified, the notification method, and the acknowledgement target. Each tier must correspond to severity bands derived from the L×I key below; every §1 watch item routes to a tier here.
Risk scoring key (reproduce verbatim): Likelihood (1–5) × Impact (1–5) = 1–25; 1–5 Low · 6–10 Moderate · 11–15 Elevated · 16–20 High · 21–25 Critical.
| Severity tier | L×I band | Trigger condition | Notify | Method | Acknowledgement target |
|---|---|---|---|---|---|
| [e.g., Critical] | [e.g., 21–25] | [ ] | [ ] | [ ] | [e.g., time-to-acknowledge target] |
| [e.g., High] | [e.g., 16–20] | [ ] | [ ] | [ ] | [ ] |
| [e.g., Elevated] | [e.g., 11–15] | [ ] | [ ] | [ ] | [ ] |
| [e.g., Moderate/Low] | [e.g., 1–10] | [ ] | [ ] | [ ] | [ ] |
5. Service Levels (SLA)
Bind measurable service-level commitments to the cadence (§2/§3) and escalation timing (§4): brief-delivery punctuality per cadence, alert-delivery time per severity tier, monitoring availability, and the remedy when a target is missed. Every target must be measurable and have a measurement method.
| Metric | Target | Measurement method | Reported | Remedy / credit on miss |
|---|---|---|---|---|
| [e.g., daily brief delivery time] | [ ] | [ ] | [ ] | [ ] |
| [e.g., alert delivery time by tier] | [ ] | [ ] | [ ] | [ ] |
| [e.g., monitoring availability / coverage] | [ ] | [ ] | [ ] | [ ] |
| [e.g., false-positive bound / quality control] | [ ] | [ ] | [ ] | [ ] |
6. Review & Renewal
State the cadence of formal service review, the change-control process for adding/removing watch items or adjusting briefing cadence, and the renewal, re-scoping, and termination terms.
| Item | Specification |
|---|---|
| Service-review cadence | [ ] |
| Watch-list change-control | [e.g., process to add/retire a §1 watch item] |
| Briefing cadence / scope adjustment process | [ ] |
| Renewal terms | [ ] |
| Termination / offboarding terms | [ ] |
Annex A - Source & Watch-List Register (graded)
Register every standing source and watch item with its current Admiralty grade. Reproduce the scales verbatim; grade each sourced datum as a two-character code (e.g., B2).
NATO Admiralty source reliability (A–F): A Completely reliable · B Usually reliable · C Fairly reliable · D Not usually reliable · E Unreliable · F Reliability cannot be judged. NATO Admiralty information credibility (1–6): 1 Confirmed by other sources · 2 Probably true · 3 Possibly true · 4 Doubtful · 5 Improbable · 6 Truth cannot be judged.
| Source / watch item | Lane (→ §2) | Reliability (A–F) | Credibility (1–6) | Grade | Last verified | Notes |
|---|---|---|---|---|---|---|
| [ ] | [ ] | [ ] | [ ] | [e.g., B2] | [ ] | [ ] |
| [ ] | [ ] | [ ] | [ ] | [ ] | [ ] | [ ] |
Annex B - Onboarding / Offboarding & Data-Handling Checklist
Capture the standing-up and tearing-down steps and the data-handling regime over the term: authorization capture, briefing-scope sign-off, collection standup, retention/destruction, and offboarding.
| Step | Phase | Owner | Status |
|---|---|---|---|
| [e.g., capture authority/consent + briefing scope sign-off] | [e.g., onboarding] | [ ] | [ ] |
| [e.g., ingest seeding baseline (threat assessment or profile)] | [e.g., onboarding] | [ ] | [ ] |
| [e.g., stand up collection lanes + tripwires] | [e.g., onboarding] | [ ] | [ ] |
| [e.g., data retention / destruction schedule] | [e.g., steady-state] | [ ] | [ ] |
| [e.g., offboarding + data return/purge] | [e.g., offboarding] | [ ] | [ ] |
END OF SERVICE PLAYBOOK
Model wiring
Generated from cell frontmatter at publish time.