PlannedWorksMarktconsultatie

Impact of the introduction of the BIO2 for contractors and the Rijksvastgoedbedrijf (RVB) regarding the building-related systems managed by the RVB.

Name: Impact of the introduction of the BIO2 for contractors and the Rijksvastgoedbedrijf (RVB) regarding the building-related systems managed by the RVB.
Creator: Rijksvastgoedbedrijf
Published: 2026-03-10
License: https://creativecommons.org/publicdomain/zero/1.0/
Keywords: Information security, cyber, market consultation, BIO2, Rijksvastgoedbedrijf

Rijksvastgoedbedrijf · Marktconsultatie · 1 lots · 415323

3 of 6 core insights found

Measures presence, not accuracy · documents remain authoritative

ScopeAdvicePoints of attentionSuitability requirementsAward criteriaTimeline

Type

Works

45000000 · Construction works

Estimated value

Not published

To deadline

Ongoing

Knock-outs

n/a

exclusion grounds

Award basis

Best price-quality ratio

Assess manuallyconfidence moderate

The BIO2 is the mandatory standard framework for information security within the entire Dutch government, based on the ISO 27001 and 27002 standards supplemented with specific government measures.

Works · Marktconsultatie · National procedure

Contracting authority

Rijksvastgoedbedrijf

Contract type

Works

Marktconsultatie

Estimated value

Estimate not published

Submission deadline

Ongoing

Scope

National

National procedure

Lots

1 lots

Main CPV code

45000000

Construction works

Location

Netherlands

CharacteristicsCPV 45WorksInformation securitycybermarket consultation

01What is being requested

The document describes the Baseline Informatiebeveiliging Overheid 2 (BIO2), the mandatory standard framework for information security within all government organizations. The framework provides guidelines, general principles, and mandatory government measures for the design, implementation, maintenance, and improvement of information security within the government and its chains.

The BIO2 (Baseline Informatiebeveiliging Overheid 2) focuses on securing information systems within the government, including building installations such as climate control, access control, fire alarm systems, and energy networks. These systems are increasingly connected to IT networks (IoT, Building Management Systems), making them vulnerable to cyber risks. An attack on these systems can lead to physical consequences, such as disruptions in critical processes, safety risks, or service outages. Building installations fall within the BIO2 scope because they form part of the information system.

45000000Works

1Impact of the introduction of the BIO2 for contractors and the Rijksvastgoedbedrijf (RVB) regarding the building-related systems managed by the RVB.—

02Strategic insight

“

Strategic insight · AI analysis

Ensure that information security is not seen solely as a technical ICT solution, but also encompasses organization and processes. Take into account the mandatory government measures which serve as a minimum standard and cannot be deviated from in a risk analysis without substantiation. Integrate the ISO 27001 structure directly into the proposed working methods to align with the mandatory management system requirements.

Read automatically from the tender documents using AI. Always verify against the original documents.

03Points of attention

Important · 7

The BIO2 is entirely structured according to NEN-EN-ISO/IEC 27001 (Annex A) and NEN-EN-ISO/IEC 27002.Important

Compliance with ISO 27001 is mandatory for the design of the information security management system (ISMS).Important

The BIO2 does not replace the ISO standards; the ISO documents are required for the details of implementation and risk management.Important

The BIO2 contains measures at a tactical level that must first be operationalized before they can be implemented.Important

Organizations must demonstrate the design, existence, and effectiveness of measures.Important

Publishing the scope of the ISMS and the associated Statement of Applicability (SoA) is mandatory for a government organization.Important

The BIO2 is mandatory for all organizations in the 'Government' sector and applies to all network and information systems, both digitally and physically.Important

04Value in context

Estimate not published

The contracting authority did not publish an estimated value — common for a large share of contracts. The EU threshold for werken is € 5,54 M, for reference.

05Likely competitors

#Likely bidderFitWins

1Heijmans Infra B.V.SME9165×

2ENGIE Infra & Mobility B.V.SME8769×

3Facilicom Solutions B.V.SME8414×

4Constructif B.V.SME8112×

5Combinatie Dijkversterking Heel en Beesel, Mourik Infra B.V. & FL B.V.SME7617×

6GKB Realisatie B.V.SME7521×

06Tender documents

NvI (def)pdfMar 26, 2026 · 470 KB

marktconsultatiedocumentpdfMar 10, 2026 · 351 KB

20250924-baseline-informatiebeveiliging-overheid-2-bio2-v12-defpdfMar 10, 2026 · 451 KB

TN575607 - EFE1 Vrijwillige aankondiging van voorafgaande marktconsultatie 20260310162448pdfMar 10, 2026 · 176 KB

vragenlijstdocxMar 10, 2026 · 100 KB

07Legal themes that may be relevant here

Advies 442> Europese openbare procedure voor een overheidsopdracht voor werken voor het ontwerpen en uitvoeren van integraal groot onderhoudComplaint upheld Advies 451> Beklaagden hebben op 29 mei 2017 een Europese openbare aanbestedingsprocedure aangekondigd voor een raamovereenkomst per perceel Advies 53> Europese openbare procedure voor een overheidsopdracht tot het verrichten van diensten bestaande uit (dagelijks en periodiek) sc Advies 48> Europese niet-openbare procedure voor werktuigkundige en elektrotechnische installaties van de nieuwbouw van een multifunctionel Advies 174> Concurrentiegerichte dialoog ten behoeve van het afsluiten van een raamovereenkomst met één ondernemer. Is er sprake van het sam

08Estimated value versus the market

p25
€ 1,4 mln

median
€ 3,6 mln

p75
€ 9,1 mln

deze opdracht

Gegunde waarden in CPV 45 · werken n=3159