Rients van Blanken MSc
Security Consultant
The Baseline Information Security Government (BIO) is the basic standards framework for all levels of government. By setting up your information security policy according to this standard you show that your organization works according to the legal standards. Nestor Security supports you in implementing, auditing and maintaining your BIO information security policy.
Implementation
Implementing the BIO? Our consultants will guide you through this process. Before we start the implementation, we do a baseline measurement. Here we look at the presence and topicality of the current information security policy. With an analysis we identify the important risks and determine which improvements need to be made. In order to apply the standards from the BIO in the future, our auditor helps to establish an Information Security Management System (ISMS). The implementation focuses on your organization doing as much as possible itself. That way, it is easier to maintain the ISMS and achieve a positive result in certification audits.
Internal audit
With an internal audit, we see if your ISMS is still up to date. This is necessary to keep information security up to date and in preparation for recertification. All our audits are performed under the supervision of a certified auditor. With a risk analysis we identify the points that are important for your organization at that time. As a result, you will receive an audit report with points for improvement. Need help applying these improvements? Our consultants will support you so that you are optimally prepared for your next certification.
1500
In total, our consultants have conducted more than 1,500 internal audits
ISMS management
Do you operate in accordance with the BIO? If so, you will want to comply with the information security policy drawn up and keep it up to date. You can outsource this to us by using our ISMS management service.
When you use ISMS management, you no longer have to worry about your certification. We take the compliance and updating of your information security policy off your hands.
Among other things, we provide:
- The planning and supervision of internal audits
- Preparing for external audits
- Picking up and handling security incidents according to guidelines from policy
- The preparation and execution of quarterly meetings
- Implementing new regulations
- Advanced cyber security awareness level within your organization
Frequently Asked Questions
For whom is working according to the BIO mandatory?
It is stipulated by law that the BIO must be used in digital traffic with the State. Implementing the BIO is therefore mandatory for all government agencies.
What does the implementation process look like?
1. Kick-off
2. Zero measurement
3. Create policies
4. Implementing measures
5. Self-assessment
The guidance begins with a kick-off to go through the implementation process. This ensures that your employees can continue to do their work normally, without experiencing inconvenience. After the kick-off, the process starts with a baseline measurement to gauge your organization's information security. A policy is drawn up based on the baseline measurement. This contains the measures that must be taken in order for your ISMS to meet the BIO standards. Then the implementation of operational measures by which we increase information security starts. This is carried out independently by your organization and monitored by us in subsequent appointments. Afterwards, the implementation is checked by means of a self-assessment. After completion with a positive self-assessment, you can apply for your audit at any certifying body to receive your certificate.
Is the BIO a replacement for the BIG, BIR, IBI and BIWA?
Yes, the BIO replaces the previous baseline for municipalities, water boards, provinces and the state.