DAILY / PERIODIC PROTECTIVE INTELLIGENCE BRIEF

This is a standing briefing subscription that delivers recurring intelligence summaries to protective officers, executives, or operational teams on a contracted cadence: it defines the watch criteria/tripwires for protective threat indicators, the collection and briefing cadence, escalation routes for on-tripwire alerts, and service levels. It does NOT cover the baseline threat assessment or protective posture design that seeds the brief (Pre-Travel Threat Assessment, Country Risk Assessment, or Protective Intelligence Assessment), nor staffed operational services such as protective details or GSOC monitoring (staffed retained-service archetype). Prescriptive throughout: this is what we watch, how often, and how we alert - not an analytic estimate of future events.

Document Control

FieldValue
Service name[ ]
DIDOSINT-053
Client / protected subject(s)[ ]
Sponsor / billing contact[ ]
Classification & handling[e.g., classification + caveats + dissemination control]
Version[ ]
Author / service owner[ ]
Effective date[ ]
Term / period of performance[e.g., start–end, auto-renew terms]
Seeding product (baseline)[e.g., reference to the threat assessment or protective profile that establishes the watch scope]

Scope, Authorities & Limitations

State the authorized scope (which jurisdictions, which threat categories, which travel/operational windows), the engagement authority/consent basis, and what is explicitly out of scope; reproduce the verbatim caveats below; name the sibling products this service routes to.

This is a monitoring/operational service, not an investigation, a guarantee of detection, or legal advice. Collection is limited to lawful, authorized sources within the agreed scope; no unlawful access, intrusion, pretexting, or surveillance of non-consenting third parties is performed. Alerting is best-effort within the stated SLA and does not warrant prevention of any event.

BoundaryStatement
In scope[ ]
Out of scope[ ]
Authority / consent basis[ ]
Routes to (seeding product)[e.g., Pre-Travel Threat Assessment or Country Risk Assessment]
Routes to (staffed services)[e.g., protective detail operations / GSOC staffing / rapid-response team]

1. Scope & Watch Criteria / Tripwires

Enumerate every protective intelligence watch category: geopolitical/country stability alerts, threat-actor activity (terrorism/extremism/transnational crime), executive/family-specific targeting indicators, operational-area security changes, and travel-corridor status. Per the load-bearing rule each row MUST bind a tripwire (the observable threshold that fires it), implicitly a cadence (§2), and an escalation route (§4). Risk-score each watch item with the L×I key reproduced in §4. No row may omit a tripwire or an escalation route.

#Watch itemObservable indicatorTripwire thresholdLikelihood (1–5)Impact (1–5)L×I (1–25)Severity tierEscalation route (→ §4)
[ ][ ][ ][e.g., the observable condition or event that fires the alert][ ][ ][ ][ ][ ]
[ ][ ][ ][ ][ ][ ][ ][ ][ ]
[ ][ ][ ][ ][ ][ ][ ][ ][ ]

2. Collection Cadence & Sources

Specify each lawful intelligence lane keyed to the watch items above: open-source monitors (news, social media, travel advisories, sanctions lists), government threat feeds (state dept, airport/border alert systems), commercial threat intelligence, and any authorized human sources. Specify collection method, cadence, expected source grade (Admiralty, see Annex A), and owning collector. Free/browser-first lanes before escalation-tier platforms; no live tool names here - describe the lane.

Source / laneWatch item(s) servedCollection methodCadenceExpected source grade (Admiralty)Owner
[ ][ ][e.g., description of the lawful collection method][e.g., continuous / hourly / daily / weekly][e.g., A–F × 1–6][ ]
[ ][ ][ ][ ][ ][ ]
[ ][ ][ ][ ][ ][ ]

3. Reporting Cadence & Product Format

Define each recurring product the service emits: scheduled daily/weekly briefing, on-tripwire alert, and periodic health report. Specify what triggers each product, its format, recipient, and delivery channel. Distinguish routine cadence from on-tripwire alerts.

ProductTrigger / cadenceFormatRecipientChannel
[e.g., daily protective brief][e.g., 06:00 UTC each business day or [X] days/week][e.g., summary format (one-pager, bullet-point, structured markdown)][ ][e.g., secure email, SMS, brief platform]
[e.g., tripwire alert][e.g., on tripwire fire per §1][e.g., alert format (short-form notice + escalation target)][ ][ ]
[e.g., periodic service-health report][ ][ ][ ][ ]

4. Escalation & Notification Triggers

Map severity tiers to trigger conditions, the party notified, the notification method, and the acknowledgement target. Each tier must correspond to severity bands derived from the L×I key below; every §1 watch item routes to a tier here.

Risk scoring key (reproduce verbatim): Likelihood (1–5) × Impact (1–5) = 1–25; 1–5 Low · 6–10 Moderate · 11–15 Elevated · 16–20 High · 21–25 Critical.

Severity tierL×I bandTrigger conditionNotifyMethodAcknowledgement target
[e.g., Critical][e.g., 21–25][ ][ ][ ][e.g., time-to-acknowledge target]
[e.g., High][e.g., 16–20][ ][ ][ ][ ]
[e.g., Elevated][e.g., 11–15][ ][ ][ ][ ]
[e.g., Moderate/Low][e.g., 1–10][ ][ ][ ][ ]

5. Service Levels (SLA)

Bind measurable service-level commitments to the cadence (§2/§3) and escalation timing (§4): brief-delivery punctuality per cadence, alert-delivery time per severity tier, monitoring availability, and the remedy when a target is missed. Every target must be measurable and have a measurement method.

MetricTargetMeasurement methodReportedRemedy / credit on miss
[e.g., daily brief delivery time][ ][ ][ ][ ]
[e.g., alert delivery time by tier][ ][ ][ ][ ]
[e.g., monitoring availability / coverage][ ][ ][ ][ ]
[e.g., false-positive bound / quality control][ ][ ][ ][ ]

6. Review & Renewal

State the cadence of formal service review, the change-control process for adding/removing watch items or adjusting briefing cadence, and the renewal, re-scoping, and termination terms.

ItemSpecification
Service-review cadence[ ]
Watch-list change-control[e.g., process to add/retire a §1 watch item]
Briefing cadence / scope adjustment process[ ]
Renewal terms[ ]
Termination / offboarding terms[ ]

Annex A - Source & Watch-List Register (graded)

Register every standing source and watch item with its current Admiralty grade. Reproduce the scales verbatim; grade each sourced datum as a two-character code (e.g., B2).

NATO Admiralty source reliability (A–F): A Completely reliable · B Usually reliable · C Fairly reliable · D Not usually reliable · E Unreliable · F Reliability cannot be judged. NATO Admiralty information credibility (1–6): 1 Confirmed by other sources · 2 Probably true · 3 Possibly true · 4 Doubtful · 5 Improbable · 6 Truth cannot be judged.

Source / watch itemLane (→ §2)Reliability (A–F)Credibility (1–6)GradeLast verifiedNotes
[ ][ ][ ][ ][e.g., B2][ ][ ]
[ ][ ][ ][ ][ ][ ][ ]

Annex B - Onboarding / Offboarding & Data-Handling Checklist

Capture the standing-up and tearing-down steps and the data-handling regime over the term: authorization capture, briefing-scope sign-off, collection standup, retention/destruction, and offboarding.

StepPhaseOwnerStatus
[e.g., capture authority/consent + briefing scope sign-off][e.g., onboarding][ ][ ]
[e.g., ingest seeding baseline (threat assessment or profile)][e.g., onboarding][ ][ ]
[e.g., stand up collection lanes + tripwires][e.g., onboarding][ ][ ]
[e.g., data retention / destruction schedule][e.g., steady-state][ ][ ]
[e.g., offboarding + data return/purge][e.g., offboarding][ ][ ]

END OF SERVICE PLAYBOOK

Model wiring

Generated from cell frontmatter at publish time.