BIR:2017 (baseline informatiebeveiliging rijksdienst) and BIO:2018 (baseline informatiebeveiliging overheid) are Dutch standards for information security, specifically developed for the government. They add 136 extra controls, refining the already existing ISO 27001:2013 controls. You can maintain one Information Security Management System (ISMS) for both standards at the same time.

BIR and BIO are relevant for all Dutch government bodies, as well as their (international) contractors and service providers

A key difference with ISO 27001, is that organizations do not need to be certified for BIR/BIO compliance. Instead, a report (in control statement, or fit-gap analysis) needs to be created, detailing the level in which an organization complies to the requirements (or, which plans are made to comply in the future).

This product maps all BIR/BIO requirements to the existing ISO 27001 controls, so an ISO 27001 certification based on this content will add validation to the in control statement.


  • Contain instructions how to update an existing ISO 27001:2013 implementation to comply to BIR:2017 and BIO:2018
  • For each control the extra impact is indicated, as compared to ISO 27001:2013
  • While the BIR/BIO standards are published in Dutch, this product contains validated English translations
  • All ISO 27001 and BIR/BIO controls are labeled with BBN and the role to which they apply
  • An in control statement (fit/gap analysis) can be generated automatically

Instant 27001 add ons can be installed by importing them and subsequently merging them with the existing content. Instructions to do so are included. Alternatively, you can let us do the work for you!


  • BIR/BIO add-on: € 995 (for existing Instant 27001 clients)
  • Instant 27001 + BIR/BIO add-on: € 2990

Depending on your location, local taxes may apply (read more).

Start your ISO 27001
journey today!

Order now   Book a demo