Here’s what it means:
BBN stands for basisbeveiligingsniveau, or basic level of protection. Based on the classification of the information that is going to be processed, you will need to comply to BBN1, BBN2 or BBN3.
If you are required to comply to BBN1, it means you can disregard all controls labelled BBN2 and BBN3.
The second label is the role who is responsible for the implementation of this control.
|SG||Secretaris generaal, directeur||Secretary general, director||Relevant only for government bodies (departments, agencies and municipalities)|
|PE||Proceseigenaar||Process owner||Relevant only for government bodies (departments, agencies and municipalities)|
|DL||Dienstenleverancier||Service provider||Relevant for internal or external service providers, such as suppliers or shared service centers|
In general, unless you are a government body, probably only the controls labelled DL are relevant for you.