Skip to main content
ResiPlan
🇳🇱 Netherlands

BIO — the Dutch government security baseline

The mandatory information-security baseline for Dutch government bodies, built directly on ISO 27001/27002.

What is BIO?

The Baseline Informatiebeveiliging Overheid (BIO) is the common information-security baseline for all layers of Dutch government — central, provincial, municipal and water authorities.

BIO is based on ISO/IEC 27001 and 27002. Earlier versions used three fixed baseline protection levels (BBN); the 2025 update (BIO2) replaces them with an explicit risk-based approach aligned to ISO/IEC 27001:2022 and 27002:2022.

BIO at a glance

ISO 27001/27002 based

Reuses the ISO control structure with government-specific requirements.

Risk-based (BIO2, 2025)

BIO2 replaces the three fixed BBN levels with an explicit risk-based approach.

Government scope

Mandatory for central, provincial, municipal and water-authority bodies.

BIO with ResiPlan

ResiPlan includes a structured BIO baseline and runs a maturity GAP analysis with evidence and reporting.

Because BIO is ISO-based, cross-mapping means an ISO 27001 assessment in ResiPlan largely pre-fills your BIO controls.

Frequently asked questions

What is BIO?

The Baseline Informatiebeveiliging Overheid: the Dutch government's information-security baseline, based on ISO 27001/27002. Earlier versions used fixed BBN levels; BIO2 (2025) moves to a risk-based approach.

Who must apply BIO?

All Dutch government layers — central government, provinces, municipalities and water authorities.

Other frameworks

ResiPlan covers 10 frameworks with cross-mapping: assess once, prove everywhere.

Assess your BIO compliance

Run a maturity gap analysis, attach your evidence and generate a report — with cross-mapping to the other frameworks.

BIO — Baseline Informatiebeveiliging Overheid (NL) | ResiPlan