HomeCompliance › BIO

BIO compliance software for Dutch public-sector organisations.

BIO baseline pre-loaded with BBN1, BBN2 and BBN3 classification, ISO 27002 mapping, ENSIA registration tracking, supplier risk register. Built for Dutch ministries, municipalities, water boards and provinces.

Open the portal See pricing

What is BIO?

BIO (Baseline Informatiebeveiliging Overheid). Dutch ministries, municipalities (gemeenten), water boards (waterschappen), provinces, executive agencies (uitvoeringsorganisaties) and the suppliers serving them.

Who needs to comply

  • Dutch ministries and central-government departments
  • Municipalities (gemeenten) of all sizes
  • Provinces and water boards (waterschappen)
  • Executive agencies (UWV, RDW, Belastingdienst-adjacent organisations)
  • Private suppliers running BIO-classified systems for public-sector customers

Key BIO controls covered by Dazr

BBN1Basis baseline: minimum-required controls for any government information system.
BBN2Verhoogde baseline: applies to systems with higher confidentiality, integrity or availability needs.
BBN3Hoge baseline: applies to systems with critical confidentiality, integrity or availability needs.
ISO 27002 mappingThe full BIO is mapped to ISO 27002 controls; reuse the same evidence if you also run ISO 27001.
ENSIAAnnual self-assessment registered with the supervisor for municipalities and a number of executive agencies.

What auditors look for

BIO audits sample the same evidence as ISO 27001 (the baseline is mapped to ISO 27002), plus public-sector specifics: BIO classification per asset, ENSIA self-assessment, and supplier obligations cascaded down to BBN-level. Dazr covers all of it.

How Dazr helps with BIO

  • Hold the BIO baseline with BBN1 / BBN2 / BBN3 classification per asset
  • Run BIO controls alongside ISO 27001 Annex A in one workspace
  • Track ENSIA registration date and the next-due date on the workspace profile
  • Operate the vendor register with BBN-level cascaded obligations
  • Hand the auditor or the supervisor a read-only view or a single-PDF audit trail

Back to the full Dazr Compliance overview › | Sign up free ›

BIO questions, answered.

What is the difference between BIO 1.04 and the new BIO 2.0?

BIO 1.04 is the version still in use across most Dutch public-sector organisations; BIO 2.0 (in development by CIP) aligns more directly with ISO 27001:2022 and brings new control wording. Dazr supports the current BIO and tracks BIO 2.0 readiness as the migration progresses.

Can we run BIO alongside ISO 27001?

Yes; in fact most public-sector organisations should. The BIO is mapped to ISO 27002, so the same evidence often serves both. Enable both frameworks in the same workspace.

Does Dazr file the ENSIA self-assessment for us?

No. The ENSIA assessment goes through the IBD / VNG portal. Dazr tracks the self-assessment date, the supervisor case reference and the next-due date.

Where is data hosted?

European Union only. AES-256-GCM at rest. Dutch public-sector typically requires EU-only data residency; we deliver that by default.

Ready to start your BIO program?

Free for one user. Pro €29/mo and Enterprise €299/mo are self-serve via Mollie. Custom (from €800/mo) is the only tier on a contract.

Open the portal All frameworks