University of Tartu received certification confirming compliance with ISO information security standard 21.01.2026

The University of Tartu is the first university in Estonia to receive certification confirming compliance with the international information security standard ISO/IEC 27001:2022. This shows that the university manages the information in its possession in a systematic, transparent and risk-aware manner.

According to Chief Information Security Officer Elin Nurges, the certification is an important step for both the university's internal work organisation and relations with partners. "It confirms that the University of Tartu is able to protect the information at its disposal in accordance with international requirements and to assess and manage risks on an ongoing basis. All this strengthens our credibility in research collaboration and international projects," Nurges explained.

Applying for the certification supports the university's long-term goals of ensuring the security of research and learning data, meeting increasingly strict legal and partnership requirements, and strengthening its position as a reliable research and development partner.- The adoption of an information security framework that complies with the standard enables the university to manage risks more effectively, enhance its level of cybersecurity, and ensure that its processes and technical solutions meet current requirements. The certification also supports the university's international cooperation, particularly in projects in which compliance with the information security standard is a prerequisite.

ISO/IEC 27001:2022 is the world's most widely used information security standard. Its certification demonstrates the organisation's ability to systematically assess and reduce risks and continually improve its management system. Obtaining the certificate is an important milestone for the University of Tartu, but work now continues to ensure ongoing compliance with the standard and improvement. The certificate is valid for three years. To demonstrate continued compliance, the university will undergo regular surveillance audits and enhance its information security management system as new requirements and risks emerge.

The University of Tartu is grateful to all staff members and units that contributed to receiving the certification. The University of Tartu was certified by an independent certification body, BM Certification Estonia OÜ, which conducted audits at the University of Tartu High Performance Computing Centre in spring 2025 and at other university units in the autumn and winter of 2025. The university's cooperation with the auditors will continue during the surveillance audits.