BIO:2018 (baseline informatiebeveiliging overheid) is a Dutch standard for information security, specifically developed for the government. It consolidates and replaces BIR (baseline informatiebeveiliging rijk), BIG (baseline informatiebeveiliging gemeenten), BIWA (baseline informatiebeveiliging waterschappen) and IBI (interprovenciale baseline informatiebeveiliging).

It contains 136 extra controls, refining the already existing ISO 27001:2013 controls. You can maintain one Information Security Management System (ISMS) for both standards at the same time.

BIO is relevant for Dutch government bodies, as well as their (international) contractors and service providers

A key difference with ISO 27001, is that organizations do not need to be certified for BIO compliance. Instead, a report (in control statement, or fit-gap analysis) needs to be created. Some Dutch certification bodies can also check the BIO controls during an ISO 27001 certification audit, and can create a TPM or statement of compliance.


  • Contain instructions how to update an existing ISO 27001:2013 implementation to comply to BIO:2018
  • For each control the extra impact is indicated, as compared to ISO 27001:2013
  • While the BIO standards are published in Dutch, this product contains validated English translations
  • All ISO 27001 and BIO controls are labeled with BBN and the role to which they apply
  • An in control statement (fit/gap analysis) can be generated automatically

Add-ons are delivered as a package for Confluence or Microsoft 365. Instructions for activation and merging are provided.


€ 995

All prices are excluding applicable taxes (read more)

100% first time success rate!
Start with confidence.

Order now   Book a demo