The purpose of E-ITS is to develop and promote the level of information security of the Estonian public authorities as well as private businesses. The intention is also to make dealing with information security more manageable for smaller organisations.
The Estonian information security standard will present a baseline protection system, which will help organisations to achieve the information security system matching their needs.
The management board of the organisation has more freedom to decide which objects and processes require protection. Baseline protection matches the objects and processes protected with the standard modules of the baseline protection catalogue. Organisations can reuse the best practices of information security and thereby save on the funds spent on implementing information security.
The new standard must be implemented by any organisation fulfilling public duties. Private business may also use E-ITS to achieve their information security goals.
E-ITS will be undergoing scheduled updates every autumn.
The standard is based on the German BSI IT-Grundschutz (BSIG) baseline protection system and on the EVS-ISO/IEC 27001:2014 standard.
The Estonian information security standard and the related documents were drawn up by KPMG Baltics AS, Cybernetica AS, and Tallinn University of Technology for the Information System Authority. The standard was created with funding from the European Regional Development Fund under the support scheme ‘Raising Awareness about the Information Society’.
The previous ISKE information security system was in effect until 31 December 2022. By that time, all ISKE users had to transfer to the new information security standard. Materials which support the transition can be found from the eits.ria.ee portal.
Support application
To simplify the implementation of the Estonian information security standard, a web-based tool has been created to support organisations throughout the information security management process. In addition, it helps to keep up to date with the constantly expanding catalogue of security measures.
The support application runs on the 2024 version of E-ITS and is in continuous development. Its use is not mandatory.
The application can be downloaded to your computer or used online, and is available in both Estonian and English. More detailed information on the E-ITS portal.
The tool is suitable for providing feedback and understanding the logic of the application, but not for making final decisions.
If the user does not enter correct information about their organisation, they may not receive information about all the necessary security measures.
What kind of support does it provide?
- Helps to determine the protection requirement of business processes. The application allows users to assess the level of protection required for specific business processes. However, the level of protection requirement helps to determine which information security measures are necessary and prevents unnecessary overinvestment or, conversely, underestimation.
- Helps to create an implementation plan of measures. The tool automatically generates a draft implementation plan of information security measures tailored to the profile and needs of the organisation entered.
- Allows browsing the security measures catalogue by keywords. The tool allows you to conveniently browse the security measures catalogue by keywords. Users can quickly find measures suitable for a specific context without having to manually go through the entire catalogue.
Who is this tool intended for?
- Public sector institutions that require systematic information security planning.
- Private companies that are subject to information security requirements or wish to increase their credibility.
- IT and information security specialists who are responsible for risk assessment and the implementation of measures.
- Management members who require transparent information and an action plan for decision-making.
Last updated: 25.03.2026
