Information security principles at the Estonian Internet Foundation

As a critical infrastructure operator, the Estonian Internet Foundation is committed to maintaining a high level of information security. This is essential to ensure the trust and safety of both our registrants and registrars. To meet this goal, we have aligned our service-related information security practices with the ISO/IEC 27001:2022 certification standard. The certification covers the management of the .ee domain name registry and the provision of .ee name server services.

We apply the information security policy established by the EIF management board across all our operations. This policy is followed by all our team members - from developers and administrators to department heads. We also have high expectations for our partners in terms of information security to ensure that no compromises are made across the supply chain. We assess the relevance and effectiveness of our security policies and principles at least once a year and work continuously to improve the safety of our processes and systems.

Our Information Security Manager is responsible for maintaining, updating, and implementing high-level information security and related policies. The management board is responsible for ensuring that security objectives and processes are followed. However, it is the daily contributions of all EIF employees that help maintain our high security standards.

.ee Registrant Data Security

Client information, meaning data about .ee registrants that is stored and processed within the IT systems of the .ee domain registry, is confidential. This means the information may only be accessed and used by authorized employees.

Our high level of security does not automatically extend to external parties, including accredited .ee registrars. However, several registrars have aligned their information systems with the ISO/IEC standard. To learn more about a registrar’s security practices, please refer to the respective service provider’s website.

EIF never sells data from its information systems or uses it for direct commercial purposes. We use .ee registrant data only for purposes that are required or justified by legitimate interest.

Data Location

EIF provides its services in physically secure environments, and our data centers are located within the territory of the European Union. These data centers are in facilities specially designed for hosting information and communication technology equipment. The equipment is housed in locked cabinets in restricted-access rooms, and only authorized employees have access.

Monitoring

We perform automated 24/7 monitoring of all servers and network devices that provide our services. In addition, we conduct active monitoring on workdays from 9:00 to 17:00. We monitor service availability, performance, load, and any signs of potential security incidents. If a problem occurs, we respond immediately according to the EIF Information Security Management System (ISMS) and its established procedures.

Customer Support

Our customer support is available to .ee registrants, accredited registrars, and users of our other services. Support is provided by phone and email on weekdays from 9:00 to 17:00.

Customer support phone: +372 727 1000
Customer support email: info@internet.ee