BIR/BIO add-on

Add-on for for BIR:2017 and BIO:2018


BIR:2017 (baseline informatiebeveiliging rijksdienst) and BIO:2018 (baseline informatiebeveiliging overheid) are Dutch standards for information security, specifically developed for the government. They add 136 extra controls, refining the already existing ISO 27001:2013 controls. You can maintain one Information Security Management System (ISMS) for both standards at the same time.

BIR and BIO are relevant for all Dutch government bodies, as well as (international) contractors and service providers

A key difference with ISO 27001, is that organizations do not need to be certified for BIR/BIO compliance. Instead, a report (in control statement, or fit-gap analysis) needs to be created, detailing the level in which an organization complies to the requirements (or, which plans are made to comply in the future).

This product maps all BIR/BIO requirements on the existing ISO 27001 controls, so an ISO 27001 certification based on this content will add validation to the in control statement.


  • Contain instructions how to update an existing ISO 27001:2013 implementation to comply to BIR:2017 and BIO:2018
  • For each control the extra impact is indicated, as compared to ISO 27001:2013
  • While the BIR/BIO standards are published in Dutch, this product contains validated English translations
  • All ISO 27001 and BIR/BIO controls are labeled with BBN and the role to which they apply
  • An in control statement (fit/gap analysis) can be generated automatically (ISMS only)
  • Can be used with or without Instant 27001


  • BIR/BIO add-on ISMS: € 795 (for existing Instant 27001 clients)
  • Instant 27001 ISMS + BIR/BIO add-on: € 2590

Prices do not include local taxes (read more).

Instant buy | Request a demo