Baseline Informatiebeveiliging Overheid
What it is
BIO is the official Dutch government baseline for information security. The latest BIO 2.0 version consolidates and completely replaces older individual public sector baselines, such as the BIR (Baseline Informatiebeveiliging Rijk), BIG (Baseline Informatiebeveiliging Gemeenten), BIWA (Baseline Informatiebeveiliging Waterschappen), and IBI (Interprovinciale Baseline Informatiebeveiliging). By integrating these separate standards, it provides a unified security framework that allows you to maintain a single Information Security Management System (ISMS) for both ISO 27001 and government compliance.
When to use it
Use this add-on when your organization works with, hosts data for, or supplies digital services to Dutch government bodies (municipalities, ministries, provinces, or water boards). Unlike its predecessor (BIO 1.04), BIO 2.0 removes rigid, role-based controls (BBN) and matches the modern ISO 27001 approach, requiring a formal, risk-based assessment to determine your necessary controls.
What it adds
It extends your ISMS with specialized public-sector requirements so government expectations can be managed in a structured, audit-ready way. While the official government baselines are published exclusively in Dutch, this add-on provides validated, professional English translations, upgrading your framework with:
- Step-by-step instructions on how to update an existing ISO 27001 implementation to satisfy the rigorous BIO 2.0 criteria.
- 122 extra controls that systematically refine and enhance the existing controls found in ISO 27001 Annex A.
- Granular impact indicators for every single control, showing the precise extra operational overhead required compared to your standard ISO 27001 baseline.
- Clear migration guidance if your organization needs to upgrade its existing framework from the older BIO 1.04 version to BIO 2.0.
Add-ons can be used together with Instant 27001 for Confluence or Microsoft 365 (ISOPlanner). Instructions for installation and implementation are provided.
Relevant for
- Suppliers to Dutch government organizations
- Software companies serving public-sector clients
- Organizations participating in government tenders
- Companies aligning with Dutch public-sector security requirements
Pricing
€ 1 495
All prices are excluding applicable taxes and subscription fees for Confluence, Microsoft 365 or ISOPlanner.