From Law to Resilience

ISMS & BIO2 technically secured for municipalities

How policy, risks and technology come together

Niveau 1: De Druk

De Wet

Municipalities are legally obligated to demonstrably protect sensitive data against loss, misuse and outage.

NIS2

Cybersecurity & duty of care

CBW

Cyberweerbaarheid (NL)

EHDS

Gezondheidsdata (EU)

Verantwoordingsplicht Aantoonbaarheid Continuous risk

Level 2: The How

PLAN

CHECK

ACT

ISMS BIO2 kader

BIO2 as Standards Framework

BIO2 helps translate legislation into structured risk management via an ISMS: policy, risks, measures, controls, and continuous improvement.

DE UITDAGING:

"How do we translate policy and risks into concrete, testable technical measures?"

Risk analysis Classification Continu verbeteren Audits

Niveau 3: The Solution

Chunk Works

Technical assurance at the data layer

Data is split into chunks, encrypted per chunk, and distributed across multiple nodes/locations. Redundancy (parity) ensures that outage does not automatically mean data loss.

Chunking (typisch tot enkele MB’s per chunk).
Encryption per chunk (no "one big vault").
Parity/redundancy for recovery in case of loss/outage.
Distribution limits one central point of failure at data level.

Gevoelige data

document / dossier / object

Engine

split → encrypt → distribute

Locatie A chunks + parity

Locatie B chunks + parity

Locatie C chunks + parity

Feit: reconstructie

A file can be successfully reconstructed when sufficient shards are available (data or parity). Not all chunks need to return.

What this solves

Outage or loss of part of the distributed storage does not automatically lead to data loss, as long as the recovery threshold ("enough shards") is met.

measures executable controleerbaar (ISMS) distributed across domains

Resultaat

Administrative certainty & technical assurance

Aantoonbaar in control

Data sovereignty secured

Resilience during outage

Policy & technology connected

Let op: Conformity remains dependent on ISMS processes (BIO2) and the chosen technical setup/configuration. This visualization shows how the data layer can support technical assurance.

Deep dive for CISO / architect / auditor

4 extra blokken: configuratie, weerbaarheid, aantoonbaarheid, scope-kader

1) Configuration & policy

In the ISMS you determine classification, risks, and which technical measures are required. The technical setup translates this into how data is split, encrypted, and distributed.

classification risk → measure domeinen/locaties

2) Resilience (outage & incidents)

The combination of distribution and parity ensures that when losing/outage of part of the shards can still recover, as long as the recovery threshold is met.

Feitelijk geformuleerd

“Recovery is possible with sufficient shards (data or parity); not all chunks are needed.”

3) Aantoonbaarheid (ISMS / audit)

For BIO2/ISMS you want to demonstrate that measures exist, are applied, and periodically tested. This panel shows the connection: standard → measure → technical implementation → control cycle.

ISMS “Check”

periodieke controle

ISMS “Act”

bijsturen & verbeteren

Note: "Demonstrability" always goes hand in hand with processes, roles, and agreements (governance) — not just technology.

4) Scope framework (clear for management)

Chunk Works secures technical measures at the data layer (splitting, encrypting, distributing, parity/recovery). The ISMS/BIO2 remains leading for policy, risk acceptance, responsibilities, and the PDCA cycle.

Datalaag

chunking • encryption per chunk • distribution • parity/recovery

Governance

policy • risks • processes • roles • audits (PDCA)

Mini scenario (visueel denken)

Situatie

Part of the distributed storage fails (location/node).

Mechanisme

Recovery is possible with sufficient shards (data or parity).

Bestuurlijke output

"Outage ≠ data loss" provided the threshold is met and ISMS assurance is in order.