EXPERTISE
Baseline Information Security for Government 2 (BIO2)
The information-security baseline for Dutch government — the successor to the BIO, aligned to ISO 27001/27002 and more strongly risk-based.
What it is — and why it matters.
BIO2.0 (Baseline Informatiebeveiliging Overheid) is the common information-security framework for Dutch government bodies — central government, municipalities, provinces, and water authorities. The updated 2.0 version aligns more closely with the latest ISO 27001/27002 and takes a more explicitly risk-based approach than its predecessor. For public-sector organisations — and the suppliers that serve them — meeting the BIO is effectively mandatory.
Who this affects.
Dutch government organisations (Rijk, gemeenten, provincies, waterschappen) and the suppliers and service providers that work with them.
What's involved
Risk-based selection of controls aligned to ISO 27002
Governance and management accountability for information security
Implementation of organisational and technical controls
ENSIA self-assessment and audit reporting (where applicable)
Continuous improvement
How we help.
Scoping & gap analysis | Where you stand against the BIO baseline today.
Risk-based control selection | The controls appropriate to your risk profile.
Control implementation | Organisational controls implemented; technical ones orchestrated.
ENSIA reporting support | Help with the self-assessment and audit reporting.
Aligned to ISO 27001 | Run together so you don't do the work twice.
Ongoing maintenance | Kept current as your managed office.
Compliance
Within your managed office.
BIO2.0 sits under Compliance and overlaps heavily with ISO 27001 — we run them together so a single management system satisfies both. It connects to Governance and Risk as part of your wider program.
Related expertise
Topic
Enterprise Security Architecture
A business-driven, enterprise-wide architecture that links security to strategy — from business context down to logical and physical design, so every control traces back to a goal.
Topic
Information Security Architecture
The structured design of security controls across your technical estate — identity, network, data, cloud, endpoints — as one coherent system aligned to your risks.
Topic
Security Strategy
Setting direction and priorities for security — a sequenced, realistic roadmap aligned to your objectives and risk, not a wish list of everything.
Within your managed office.
BIO2.0 sits under Compliance and overlaps heavily with ISO 27001 — we run them together so a single management system satisfies both. It connects to Governance and Risk as part of your wider program.
CTRL Disrupt
Your Managed Security & Risk Office.
Based in the Netherlands.
EXPERTISE
ISO 27001
NIS2
BIO2.0
EU AI Act
AI Security & Compliance
Marshalllaan 2
2625 GZ Delft
The Netherlands
© 2026 CTRL Disrupt Consulting B.V. · KvK 87198983 · All rights reserved.