Estonian information security standard
The Estonian information security standard (E-ITS) is a basis for handling information security. The standard is in Estonian language and compatible with the Estonian legal system. It is compliant with the internationally acknowledged ISO/IEC 27001 information security management standard.
The purpose of E-ITS is to develop and promote the level of information security of the Estonian public authorities as well as private businesses. Until now, the ISKE information security system has been used for the same purpose. The intention is also to make dealing with information security more manageable for smaller organisations.
The Estonian information security standard will present a baseline protection system, which will help organisations to achieve the information security system matching their needs.
The management board of the organisation has more freedom to decide which objects and processes require protection. Baseline protection matches the objects and processes protected with the standard modules of the baseline protection catalogue. Organisations can reuse the best practices of information security and thereby save on the funds spent on implementing information security.
E-ITS will probably become mandatory in January 2022 upon entry into force of the legislation related to the standard.
The new standard must be implemented by any organisation fulfilling public duties. Private business may also use E-ITS to achieve their information security goals.
The current ISKE information security system will remain valid until 31 December 2023. By this time, all ISKE users must transfer to the new information security standard. Materials which support the transition can be found from the eits.ria.ee portal ».
E-ITS will be undergoing scheduled updates every autumn.
The standard is based on the GermanBSI IT-Grundschutz (BSIG) baseline protection system and on the EVS-ISO/IEC 27001:2014 standard.
The Estonian information security standard and the related documents were drawn up by KPMG Baltics AS, Cybernetica AS, and Tallinn University of Technology for the Information System Authority. The standard was created with funding from the European Regional Development Fund under the support scheme ‘Raising Awareness about the Information Society’.
- The Estonian information security standard portal »The standard with supporting material
- The Cybersecurity Act »In force as of 23 May 2018