What is BIO?
The Baseline Informatiebeveiliging Overheid (BIO) is the common information-security baseline for all layers of Dutch government — central, provincial, municipal and water authorities.
BIO is based on ISO/IEC 27001 and 27002. Earlier versions used three fixed baseline protection levels (BBN); the 2025 update (BIO2) replaces them with an explicit risk-based approach aligned to ISO/IEC 27001:2022 and 27002:2022.
BIO at a glance
ISO 27001/27002 based
Risk-based (BIO2, 2025)
Government scope
BIO with ResiPlan
ResiPlan includes a structured BIO baseline and runs a maturity GAP analysis with evidence and reporting.
Because BIO is ISO-based, cross-mapping means an ISO 27001 assessment in ResiPlan largely pre-fills your BIO controls.
Frequently asked questions
What is BIO?
The Baseline Informatiebeveiliging Overheid: the Dutch government's information-security baseline, based on ISO 27001/27002. Earlier versions used fixed BBN levels; BIO2 (2025) moves to a risk-based approach.
Who must apply BIO?
All Dutch government layers — central government, provinces, municipalities and water authorities.