BIO compliance for
Dutch government organisations
The Baseline Informatiebeveiliging Overheid is mandatory for all Dutch government bodies — ministries, municipalities, water boards, and agencies. Based on ISO 27001, it defines security requirements across three BBN levels. Gatekeeper covers all major BIO domains and automates evidence collection, gap analysis, and incident management.
- ISO 27001-based control mapping
- BBN1 / BBN2 / BBN3 support
- DigiD & AD integration
- Audit-trail & evidence vault
Domain coverage
BIO domains addressed by Gatekeeper
BIO follows the ISO 27001 Annex A structure. Each card shows the domain requirement and the platform capability that covers it.
Asset Management
“An inventory of all information assets must be maintained and assigned to an owner.”
Gatekeeper coverage
Auto-discovered CMDB registers every device, VM, endpoint, and application. Asset ownership, lifecycle status, EOL dates, and classification labels are maintained continuously.
Access Control
“Access to information and IT systems must be controlled and restricted based on business needs.”
Gatekeeper coverage
Role-based access control per tenant, TOTP MFA enforcement, Active Directory integration with policy sync, and an encrypted credentials vault with audit log.
Operations Security
“Operational procedures must protect against malware, ensure capacity, manage changes, and monitor for security events.”
Gatekeeper coverage
SIEM with real-time detection, SOAR automation, patch status tracking, change management with CAB workflows, and continuous CVE monitoring against your asset register.
Communications Security
“Network infrastructure must be managed and controlled to protect information in systems and applications.”
Gatekeeper coverage
Continuous network discovery, IPAM with VLAN and subnet management, FortiGate firewall integration, switch connector, and real-time traffic monitoring.
Change Management
“Changes to IT systems and infrastructure must follow a controlled, documented, and approved process.”
Gatekeeper coverage
Structured change workflow: submitted → review → approved → implemented. AI risk scoring per change, CAB scheduling, emergency change fast-track, and full change history.
Incident Management
“Information security incidents must be reported, assessed, and resolved in a consistent and effective manner.”
Gatekeeper coverage
SIEM creates incidents automatically from detected events. SLA timers, escalation policies, on-call schedules, and SOAR playbooks ensure every incident reaches resolution.
BBN levels
Support for all three BBN levels
BIO defines three Basisbeveiligingsniveaus. Gatekeeper scales from BBN1 through BBN3, including fully air-gapped deployments for the highest classification environments.
Adequate for non-sensitive processes with limited impact. Minimum baseline for all government systems.
Examples: Public websites, general office tools, non-sensitive workflow systems.
Key Gatekeeper features
- CMDB asset inventory
- Network discovery
- Basic ITSM tickets
- Compliance framework mapping
Required for systems processing personal data, sensitive correspondence, and most administrative processes.
Examples: DigiD integrations, HR systems, citizen service portals, financial administration.
Key Gatekeeper features
- SIEM & CVE tracking
- MFA enforcement
- Change management
- Dark web monitoring
- Credentials vault
For systems processing state-sensitive information or underpinning critical national infrastructure.
Examples: AIVD-connected systems, Defensie netwerken, critical infrastructure control systems.
Key Gatekeeper features
- Air-gapped deployment
- On-premise data residency
- Full audit trail
- SOAR automation
- Supply chain visibility
BIO compliance framework
Pre-mapped BIO control set with evidence upload, coverage tracking, and gap analysis per domain.
Auto-discovered CMDB
Meets BIO A.8 asset management requirements automatically. No manual register maintenance required.
MDM for endpoints
Manages and enforces policy on mobile devices, laptops, and tablets — required for BBN2+ environments.
On-prem & air-gapped
BBN3 environments can run fully isolated with no internet dependency. Data never leaves your network.
Get started
Implement BIO across your organisation
Available as cloud-hosted, on-prem, or fully air-gapped — matching your BBN classification requirements.
Explore more solutions
See how Gatekeeper fits your specific environment
NIS2 for Municipalities
Art. 21–23 compliance for local government
MSP Multi-tenant
Multi-tenant architecture for service providers
Air-gapped Deployment
Fully isolated, zero internet dependency
On-prem vs Hybrid
Choose the right deployment model
Healthcare
Medical device security & NEN 7510
Finance & DORA
ICT risk management for financial services
Utilities & OT
SCADA/ICS security for critical infrastructure
Education
Campus network security & BYOD management