What is the BIO?
De BIO, ook wel Baseline Informatiebeveiliging Overheid genoemd, is de specifieke norm die de informatiebeveiliging voor overheidsinstanties definieert. Het is een samenhangend raamwerk dat voortbouwt op eerdere baselines zoals BIG, BIR, IBI en BIWA, en is gestructureerd volgens de ISO 27001- en 27002-normen.
Why comply with BIO?
The BIO is aimed at improving information security at all levels of government. This is very important because communication between entrepreneurs, citizens and governments is increasingly taking place digitally, including sensitive and confidential information. The BIO not only applies to government agencies themselves, but government suppliers are increasingly being required to comply with the BIO.
BIO has the following advantages:
- One clear line thanks to a standardized standards framework
- Competitive bid advantage for organizations working with governments
- Facilitates interagency cooperation
- Promotes risk awareness and knowledge sharing
Protection levels BIO
The BIO has three levels of protection, called Baseline Protection Levels (BBN). The severity of the technical and organizational measures to be taken must match the risk level of a process or system.
When a process is established at BBN level 2, both the measures of BBN1 and BBN2 must be implemented. In addition, from the highest basic security level (BBN3), relevant requirements of, among others, the NATO Convention for the Security of Information and the National Office Special Information Regulations Decree (VIR-BI) must also be met. Which BBN level is needed or desired is determined by a BBN test.
BIO in relation to ISO 27001
The structure of the BIO is similar to the ISO 27001 Addendum, with the requirements from the ISO 27001 Addendum further strengthened with BIO-specific requirements. The requirements become more stringent as the aforementioned BIO risk level increases. Basic chapters 4 through 10 of the ISO 27001 standard, which set requirements for an organization's Plan-Do-Check-Act process, are not part of the BIO.
Wil je ervoor zorgen dat jouw organisatie voldoet aan de Baseline Informatiebeveiliging Overheid (BIO)? Ons team van experts staat klaar om je te begeleiden of ontzorgen bij de implementatie van de BIO-norm.
In our white paper, we take you step by step through our implementation process.