Turvalisuseeskirju

Turvalisuseeskirju refers to the set of rules, guidelines, and procedures that an organization establishes to protect its information, assets, and operations from security threats. The term is common in Estonian‑speaking enterprises and public institutions and is often used interchangeably with "information security policies" in English.

The purpose of turvalisuseeskirju is to define responsibilities, set expectations for security behaviour, and provide a

Typical components include: a scope declaration that describes the assets and systems covered; principles such as

Developing turvalisuseeskirju usually follows a structured cycle: risk assessment, drafting, stakeholder approval, communication and training, implementation,

For organizations certified under ISO/IEC 27001, the security policies become part of the information security management system