BIO:2018 (baseline informatiebeveiliging overheid) is a Dutch standard for information security, specifically developed for the government. It contains 136 extra controls, refining the already existing ISO 27001:2013 controls. You can maintain one Information Security Management System (ISMS) for both standards at the same time.

BIO is relevant for Dutch government bodies, as well as their (international) contractors and service providers

A key difference with ISO 27001, is that organizations do not need to be certified for BIO compliance. Instead, a report (in control statement, or fit-gap analysis) needs to be created, detailing the level in which an organization complies to the requirements (or, which plans are made to comply in the future).

This product maps all BIO requirements to the existing ISO 27001 controls, so an ISO 27001 certification based on this content will add validation to the in control statement.


  • Contain instructions how to update an existing ISO 27001:2013 implementation to comply to BIO:2018
  • For each control the extra impact is indicated, as compared to ISO 27001:2013
  • While the BIO standards are published in Dutch, this product contains validated English translations
  • All ISO 27001 and BIO controls are labeled with BBN and the role to which they apply
  • An in control statement (fit/gap analysis) can be generated automatically

Add-ons are delivered as a separate Confluence space backup. They can be merged into Instant 27001 using the provided instructions.


  • BIO add-on: € 995 (for existing Instant 27001 clients)

Excluding applicable taxes (read more)

Start your ISO 27001
journey today!

Order now   Book a demo