Covert Protection Detail: Operational Service Playbook
Deliverable EP-014. Structure per cc02-standards/SERVICE-STANDARD.md. Every watch item binds a tripwire, a cadence, and an escalation route, or it is removed.
Document Control
Field
Value
Service Reference
[REF-YYYY-###]
Classification
internal
Version
0.1.0
Prepared By
[Operations Manager]
Effective Date
[YYYY-MM-DD]
Term
[12 Months]
Scope, Authorities & Limitations
This is a monitoring/operational service, not an investigation, a guarantee of detection, or legal advice. Collection is limited to lawful, authorized sources within the agreed scope; no unlawful access, intrusion, pretexting, or surveillance of non-consenting third parties is performed. Alerting is best-effort within the stated SLA and does not warrant prevention of any event.
Service Definition and Scope Boundaries
Inclusions: Low-profile mobile protection, surveillance detection (SD), discrete principal shadowing, and covert route coordination.
Authorized Knowledge List: Access to the detail’s operational parameters is restricted to the client’s CEO and Director of Security.
Written Consent: Complete signed disclosure consent [CONSENT FORM REF] is mandatory prior to launch.
Legal Sign-Off Gate: Retainer activation requires sign-off from Client Legal Counsel and the firm’s Compliance Officer.
Operator Selection Criteria
Fieldcraft Qualifications: Completion of specialized low-profile close protection and surveillance detection training.
Environmental Demographics: Operators selected must fit the local demographic environment (non-discriminatory operational cover criteria based on dress, language, and cultural profile).
Training Floor: Minimum [N] hours of annual covert movement and surveillance detection drills.
Posture and Cover Doctrine
Cover Doctrine: The team operates under discrete cover profiles, matching the principal’s lifestyle or business context. Cross-reference: [EP-007] Protective Surveillance Plan, Section 4 (Cover for Status and Action).
Compromise and Liability
Compromise Rule: If an operator’s cover is compromised, the Detail Leader shall notify the client’s Director of Security within [N] minutes.
Insurance Policy: Must maintain covert operations liability coverage up to [N] dollars.
Licensing Constraints: All operators must comply with local covert/plainclothes carriage and security licensing regulations.
1. Scope & Watch Criteria / Tripwires
Watch Item
Indicator
Tripwire Threshold
Severity (L×I)
Escalation Route
Counter-Surveillance
Apparent active surveillance on principal
More than [N] detection events in [N] hours
High (16-20)
Evacuation to safe location; notify DL
Communication Failure
Loss of covert radio net
Interruption exceeds [N] minutes
Elevated (11-15)
Switch to secondary secure GSM; notify CP
Cover Compromise
Direct query of operator identity
Third party confronts operator
High (16-20)
Operator extraction; shift cover profile
2. Collection Cadence & Sources
Source/Lane
Collection Method
Cadence
Source Grade
Owner
Surveillance Detection
Physical lookouts
Continuous
B2
SD Operator
Alert Stream
ART-threat-alert-stream
Real-time push
B1
Detail Intelligence Officer
Regional News
Media scan
Every [N] hours
C3
Detail Intelligence Officer
3. Reporting Cadence & Product Format
Product
Trigger/Cadence
Format
Recipient
Channel
SD Log Digest
End of shift
Shift Log Table
Operations Manager
Secure Portal
Compromise Alert
Immediate upon trigger
Secure Voice call
Director of Security
Signal Call
Monthly Performance Review
Monthly
PDF Executive Summary
Client
Secure Email
4. Escalation & Notification Triggers
Severity Tier
Trigger Condition
Notify
Method
Acknowledgement Target
Low
Routine shift reports
Operations Manager
Shift log update
24 Hours
Elevated
Comms failure or minor SD detection
Detail Leader
Secure Chat
1 Hour
High / Critical
Hostile surveillance or cover compromise
DL, Director of Security
Secure Call & Signal
5 Minutes
5. Service Levels (SLA)
Activation SLA
Deployment Time: From receipt of ART-engagement-order, boots-on-ground within [N] hours.
Mobilization Checklist: Verify covert licensing registry, insurance limits, local permits, and region packages per BIZ-003-mobilization-package before dispatch.
Vetting floor: Surge personnel must hold active certifications and background clearances.
Ratio cap: Surge staff shall not exceed [N]% of the total detail size.
6. Review & Renewal
Service Review: Monthly operational review between client representative and Operations Manager.
Change-Control: Any scope modifications require written addendums to ART-engagement-order.
Termination: Retainer termination requires [N] days written notice. Stand-down fees are billed at [N]% of the standard rate.
7. Quality Assurance (QA) Gates
Cover Integrity Review: Conducted by DL every [N] days.
Supervisor Inspection: Operations Manager conducts unannounced field inspections every [N] days.
AAR Compliance: Every detail deployment triggers a mandatory After-Action Report within 24 hours of demobilization.
8. Service Risk Register
Risk 1: Cover compromise by local law enforcement. Likelihood (2) × Impact (4) = 8 (Moderate). Mitigation: Ensure all licenses and CCW credentials are pre-verified.
Risk 2: Hostile surveillance intercept. Likelihood (3) × Impact (3) = 9 (Moderate). Mitigation: Enforce end-to-end encryption on all mobile communications.