The Estonian information security standard is a basis for handling information security. The standard is in Estonian language and compatible with the Estonian legal system. It is compliant with the internationally acknowledged ISO/IEC 27001 information security management standard.
The purpose is to develop and promote the level of information security of the Estonian public authorities as well as private businesses. Until now, the ISKE information security system has been used for the same purpose. The intention is also to make dealing with information security more manageable for smaller organisations.
The Estonian information security standard will present a baseline protection system, which will help organisations to achieve the information security system matching their needs.
The management board of the organisation has more freedom to decide which objects and processes require protection. Baseline protection matches the objects and processes protected with the standard modules of the baseline protection catalogue. Organisations can reuse the best practices of information security and thereby save on the funds spent on implementing information security.
The standard is based on the GermanBSI IT-Grundschutz (BSIG) baseline protection system and on the EVS-ISO/IEC 27001:2014 standard.
The Estonian information security standard and the related documents were drawn up by KPMG Baltics AS, Cybernetica AS, and Tallinn University of Technology for the Information System Authority. The standard was created with funding from the European Regional Development Fund under the support scheme ‘Raising Awareness about the Information Society’.