The ISO 27000 series is one of the ISO series covering information security. Annex A to ISO 27001 contains the control objectives and controls that an organization must consider when implementing its information security management system.
A set of controls has been developed specifically for government bodies and is named Baseline Information Security Government (BIO) [Baseline Informatiebeveiliging Overheid]. The standard system applies to government, municipalities, water authorities and provincial boards.
BIO intends to promote information security within all levels of government and administrative bodies so that all units may rely on appropriate security for mutually exchanged data, all in line with legislation and regulations. Society may then rely on a responsible information security policy.
During the certification against this standard, the additional controls as included in the BIO are assessed. If a government body has implemented these controls with demonstrable effectiveness, an additional certificate will be issued confirming that the organization fulfils the additional controls .
How does it work?
Brand Compliance can include assessing the BIO controls in the regular ISO 27001 certification process. It is also possible to certify the additional controls later, as part of ISO 27001.