Appendix: Principles of Managing Services and Governing Information (English Version)
(1) This Regulation establishes, as the principles for managing services and governing information, the requirements for:
1) management and development of services;
2) information governance.
(2) This Regulation shall apply to governmental authorities (hereinafter authorities) in its entirety.
(3) The provisions of Chapter 4 and subsections 18 (6) to (10) of this Regulation, being the principles provided for in subsection 6 (2) of the Archives Act, shall apply to all the authorities and persons performing public law functions.
(4) An authority shall direct the state authorities administered by it towards adhering to the Regulation in its entirety.
(5) The Regulation shall not be applied to document exchange with foreign states.
(1) Within the meaning of this Regulation, services are direct public services and support services.
(2) Direct public services are the services provided by an authority to a natural person or a legal person in private law (hereinafter person) in accordance with the latter’s will, including presumed will, via a service contact in any communication channel (hereinafter channel), enabling the person to perform an obligation deriving from law or exercise a right deriving from law.
(3) Proactive services are the direct public services provided by an authority on its own initiative in accordance with the presumed will of persons and based on the data in the databases belonging to the state information system. Proactive services are provided automatically or with the consent of a person.
(4) Event services are the direct public services provided jointly by several authorities so that a person would be able to perform all the obligations and exercise all the rights conferred on the person due to an event or situation. An event service compiles several services (hereinafter component service) related to the same event into a single service for the user.
(5) Support services are provided by an authority to its own officials or employees or to the officials or employees of another authority. Support services support the performance of the functions of an authority.
(6) Within the meaning of this Regulation, processes are the organised sets of activities aimed at the performance of the principal function of an authority or at the provision of a service.
(1) Information governance is the activity that supports the achievement of the objectives of an authority and the public sector through management, sharing and exchange of information in all information systems and databases. The subactivities of information governance are data governance, document management, content governance in the intranet and extranet, and organisation of access to and protection of information.
(2) Information means the information specified in subsection 3 (1) of the Public Information Act and in subsections 2 (1) and (2) of the Archives Act which is recorded in any manner and on any medium.
(3) Within the meaning of this Regulation, document management as a subactivity of information governance means traditional records management which forms a part of arrangement of information and which organises the management, processing, exchange of and access to information specified in subsections 2 (1) and (2) of the Archives Act if such information is recorded on paper, in a computer file or an e-mail message.
(1) An authority shall determine the posts or positions held by the persons who shall ensure:
1) management and quality of the direct public services;
2) management and quality of the processes;
3) information governance and quality thereof;
4) every subactivity of information governance and quality thereof
of the authority.
(2) The persons holding the posts or positions set out in subsection (1) above shall cooperate in order to ensure the homogeneous quality of the services of the authority.
(3) An authority shall determine, with regard to every service and every channel of providing direct public services, a structural unit or a post or position that shall be responsible for the development, management and quality of such service or channel.
(1) The authorities coordinating development of services across authorities (hereinafter coordinators) shall be:
1) the Ministry of Economic Affairs and Communications in management of direct public services, including upon determination, sharing and exchange of the information necessary for providing such services;
2) the Data Protection Inspectorate in organising access to and protection of information;
3) the Estonian Information System Authority in implementation of the requirements for the architecture of the state information system and for the key components of the state information system.
(2) A coordinator shall perform the following functions:
1) plan the main directions of development and the activities supporting development;
2) issue guidelines and recommendations;
3) monitor the implementation of planned activities and application of guidelines;
4) manage communication;
5) cooperate with other coordinators;
6) engage other parties as necessary.
(3) The integrated development of the services within the area of government of a ministry shall be organised by the secretary general of the ministry or by a person authorised by the secretary general, based on the functions of the area of government and the goals set in the relevant strategic development documents.
(4) A council shall operate with the coordinator in order to support the performance of the functions set out in clauses 1), 2) and 3) of subsection (2), consisting of representatives appointed by ministries and by the Government Office, and as necessary, other persons appointed by the coordinator. The composition and work procedure of the council shall be approved by a directive of the coordinator. The materials of the council meetings shall be published on the website of the coordinator and, as necessary, in another manner.
(5) A member of the council shall inform the relevant officials and employees of the authority such member represents and of the authorities within the area of government of such authority about the activities of the council, and shall engage said persons in the formation of his or her positions and proposals.
(6) An authority shall take into consideration the guidelines and recommendations of the coordinator and shall direct the authorities administered by it towards adhering to the same.
The management of the services by an authority shall ensure:
1) creation of measurable or perceptible value for every target group and interest group of services;
2) discontinuance or rearrangement of services that do not create value;
3) satisfaction of the users of services and optimum administrative burden of persons;
4) optimum extent of documentation of the performance of the functions and provision of services by the authority;
5) cooperation with other authorities and parties, contributing to the efficiency of the public sector as a whole and to consideration of the needs of persons in the development of direct public services;
6) continuity of the provision of services and cooperation upon termination of the service or employment relationship of an official or employee, modification of the work procedures of the authority and during the suspension of an official’s right to exercise official authority or during temporary absence of an employee.
(1) An authority shall have an overview of the services provided in the course or as a result of performing its principal functions. The overview shall be prepared in the manner enabling easy updating thereof.
(2) If there is no overview covering a single or several principal functions as specified in subsection (1) or if it is out of date, an authority shall determine:
1) the services provided in the course or as a result of performing its principal function;
2) the significance of every service, considering the value created by the provision of the service;
3) the target group and interest groups of every significant service, and the value created to them by the provision of the service;
4) the legislation regulating the significant services and the processes of providing these services;
5) the processes of providing significant services;
6) the information created in the course of the processes of providing significant services in the manner set out in subsections 12 (3) and (4);
7) the channels for providing direct public services.
(3) As necessary, an authority shall apply the provisions of clauses (2) 3) to 6) to other services.
(4) An authority shall assess, at least once a year, the quality of the significant services and of the processes of providing such services.
(5) Carrying out the assessment, an authority shall ascertain organisational, legal and technological factors inhibiting the development of the services. The authority shall determine the needs for modification and development, the priorities thereof and the value created upon implementation thereof.
(6) An authority shall plan and implement activities based on the priorities, minimising the effect of the factors that inhibit development.
(7) Authorities may manage and provide a service jointly in order to ensure the better quality of the service. Regarding the service to be provided jointly, the authorities shall agree upon:
1) the authority that shall be responsible for its development, management and quality;
2) the process of providing the service;
3) the term of providing the service;
4) as necessary, amendment of the legislation regulating the provision of the service;
5) the technical solution and use thereof;
6) the resources of the responsible authority and other authorities, needed for providing the service;
7) the details of elaboration or development and of provision of the service.
(8) If the information needed for the provision of a direct public service exists in the databases of the state information system, the authority shall devise a proactive service, where appropriate, in cooperation with the authorities administering the databases.
(9) The planning or development of an event service may be initiated by the coordinator or by an authority providing at least one direct public service related to the event. In addition to the provisions of subsection (7) above, the authorities shall agree upon the terms for providing component services.
(10) If an authority administers an information system where another authority provides or uses a service, the authority administering the information system shall be responsible for the technical solution and for its functioning and development. The administrator of the information system and the authorities using the information system shall agree upon:
1) the potential of the information system, use and modification thereof;
2) the division of responsibility for the process and service quality.
(11) The administrator of the information system set out in subsection (10) shall ensure the facilities for analysis and reporting for the authority using the information system in order to support the authority upon the assessment of the quality of the service provided by it and upon making other management decisions.
(1) An authority shall have an up-to-date list of its own direct public services and of the support services provided to other authorities, containing at least significant services.
(2) To draw up a list or adjust an existing list of services, an authority shall use the guidelines, uniform form for describing and machine readable description language devised by the coordinator.
(3) An authority shall publish the list of services in the central catalogue of the services of governmental authorities administered by the coordinator, and where possible, also on its own website.
(4) The list of services shall include the quality indicators for the significant direct public services, which shall be calculated taking into account the guidelines devised by the coordinator. An authority shall submit the quality indicators for every calendar year.
(1) An authority shall ensure that the information necessary for using a direct public service is easy to find. The information shall be provided to the target group of the service in an appropriate manner and volume. If the information is published in the Estonian information gateway eesti.ee (hereinafter eesti.ee gateway), the authority shall take into consideration the requirements set out in the Public Information Act and legislation established on the basis thereof regarding publication of information in eesti.ee gateway.
(2) An authority shall not request a person to submit again the data that are required for providing a direct public service but are already in the database of the authority, or are included, as basic data, in any other database belonging to the state information system. A person shall have an opportunity to inform the datasource about a change in the previously submitted data.
(3) An authority shall not require a person to check and confirm the correctness of the data created or processed by authorities, but the person shall have an opportunity to inform the datasource about inaccurate or misleading data and require correction of such data.
(4) The rights of the users of a direct public service to carry out acts in the web environment may differ based on the manner of authentication of the person.
(5) An authority shall inform the user of a direct public service about the term of providing the service and about the course of the service. The authority shall ensure the provision of the service within the term.
(6) An authority shall enable the user of a direct public service to receive advice and assistance in the course of using the service, provide feedback and make proposals on the service.
(7) The requirements set out in subsections (2) to (4) shall be applied at least to the provision of significant direct public services.
(1) A coordinator or any other competent authority may issue guidelines to specify the requirements provided for in this Chapter. The coordinators and competent authorities may issue joint guidelines.
(2) If it is necessary to agree on a uniform response to a single case of application of legislation or guidelines, the council operating on the basis of subsection 5 (4) shall make a decision on the proposal of the coordinator.
(3) The detailed arrangement of the provision of the direct public services by an authority shall be provided for in the instruments and guidelines regulating the internal work procedures of the authority. The authority shall keep the instruments and guidelines up to date and shall support the conformity to the provided requirements by IT tools.
The information governance of an authority shall ensure:
1) the quality and availability of information;
2) the management of risks and reduction of costs related to the storage, exchange and use of information;
3) continuity of information governance upon termination of the service or employment relationship of an official or employee, modification of the work procedures of the authority and during the suspension of an official’s right to exercise official authority or during temporary absence of an employee.
(1) An authority shall have an overview of the information created upon performance of its principal functions, sources and storage facilities for such information. The overview shall be prepared in the course of analysing the processes and in the manner enabling easy updating thereof.
(2) If there is no overview covering a single or several principal functions as specified in subsection (1) above or if it is out of date, the authority shall prepare the overview in the manner specified in subsections (3) and (4).
(3) To obtain an overview of the information created upon performance of the principal function, the authority shall determine:
1) the information that is needed for providing the services related to the performance of the principal function, based on the conditions provided for by legislation;
2) the additional information that is created or obtained upon performance of the principal function or provision of services;
3) the information sources;
4) the formats and storage facilities where information is stored;
5) the information retention periods and the conditions for accessing the information;
6) the users of information.
(4) An authority shall analyse the use and necessity of information, ascertain the duplication of the same information in different formats and storage facilities, determine the missing retention periods and access conditions, specify the information referred to in subsection 2 (1) of the Archives Act, and classify it in accordance with the classification scheme set out in the regulation established under § 13 of the Archives Act (hereinafter the archival rules).
(5) An authority shall discontinue collecting unnecessary information and reduce duplication of necessary information. Upon reduction of the duplication of information, an authority shall prefer the information stored as data to the information stored on paper, in computer files or e-mail messages. The reproduction of the information stored as data within the retention period shall be ensured by IT tools.
(6) In addition to other information, an authority shall organise the storing, sharing and usage of the knowledge and experience gained in the course of the work of its officials and employees. The authority shall set the rules for documenting work meetings and the significant knowledge gained at information events, trainings and assignments abroad, and for sharing information.
(1) An authority shall ensure the preservation, usability and protection of information until it is transferred to the public archives or destroyed. An authority shall preserve and transfer information set out in subsections 2 (1) and (2) of the Archives Act and destroy the information set out in subsection 2 (1) of the Archives Act on the basis of the archival rules, taking into consideration the guidelines of the National Archives.
(2) An authority shall ensure that the administration system for the state information system (hereinafter the RIHA) shall contain up-to-date and correct data specifying the information systems administered or used by it as a chief processor of information, and that the description shall conform to the established requirements.
(3) Information can be entered in an information system, used or otherwise processed by a person who has appropriate rights and who has been identified. The processing of information shall be described and auditable and it shall ensure the quality of information.
(4) If an authority administers an information system where other authorities process information, the administrator shall be responsible for the preservation, usability and protection of information, for the transfer of information to the public archives or for its destruction, and for granting access to the information.
(5) An authority shall grant access to information and manage the protection of personal data and other information on the basis of the Public Information Act and legislation regulating data protection, taking into consideration the guidelines of the coordinator.
(6) The administrator of an information system referred to in subsection (4) shall ensure the facilities for analysis and reporting for the authority using the information system in order to support the authority upon use of the information created by it and upon making management decisions.
(7) If an authority houses information with a person in private law, or authorises a person in private law to perform an administrative duty, an agreement shall specify the following terms and conditions with regard to the public information created in the course of such housing or performance of an administrative duty:
1) arrangement of the storage, usability and protection thereof and access thereto;
2) arrangement of its transfer to the authority upon termination of the agreement or upon winding up the activities of the person in private law.
(8) Upon the development of a new information system, an authority shall determine the retention periods for the data in the information system and other information managed in the information system.
(9) Before transfer of information from an existing information system to a new information system, the authority shall review the retention periods for the information. The information with an expired retention period and information not needed by the authorities using the new information system shall not be transferred. Retention periods shall be determined for the transferable information.
(10) Upon the development of a new or an existing information system, technological and organisational conditions shall be created to enable a person to get an overview of the data concerning him or her, which are processed in the information system, and to whom and when his or her personal data have been transferred from the system, and where possible, also who and when have used his or her personal data.
(11) An authority shall publish on its website user-friendly information regarding:
1) the processing of personal data by the authority;
2) the access to the information provided for re-use by the authority, and the fee charged for the re-use of the information.
(12) An authority shall publish information describing its field of activity and direct public services in eesti.ee gateway in accordance with the requirements for publication of information in eesti.ee gateway provided for in the Public Information Act and legislation established on the basis thereof.
(1) An authority shall find out the needs of different user groups for the information, manner and volume of presentation of the information, and shall take into consideration the needs of users in the development of processes and services.
(2) Authorities shall cooperate to share information and use it for the provision of services.
(3) The exchange of the information set out in subsections 2 (1) and (2) of the Archives Act which has been recorded on paper, in a computer file or an e-mail message (in this Regulation hereinafter the document) shall be replaced, where possible, for exchange of the data contained in the documents or for granting access to information.
(4) Authorities shall exchange documents between themselves electronically, unless they have to transfer:
1) a document which is not usable by the recipient in electronic form due to the format of the document or quality of presentation;
2) a paper document or file created before the entry into force of the Regulation or received, the digitation whereof is not expedient due to its volume or for an exceptional reason.
(5) Constitutional institutions, governmental authorities and local authorities, and where possible, other authorities shall exchange documents between themselves electronically via the inter-authority document exchange centre (hereinafter the DEC) of the data exchange layer for information systems (hereinafter the X-Road). A document sent shall include metadata describing the document, which correspond to the list of metadata for document exchange, registered with the RIHA.
(6) The administration of the DEC shall be organised and the uninterrupted operation of the DEC shall be ensured by the Information System Authority. If the DEC is replaced for an alternative X-Road document exchange solution, the respective solution shall be devised and its implementation shall be organised by the Information System Authority. The resources required for ensuring the continuity of document exchange shall be provided for by the Ministry of Economic Affairs and Communications.
(1) If the addressee of the information set out in subsections 2 (1) or (2) of the Archives Act which is sent out from an authority is a person who has activated his or her official e-mail address in eesti.ee gateway and has not provided any other contact details for communication related to the given proceeding, the authority shall send a message regarding communication of the information to the official e-mail address of the person. The message shall include a reference to the web environment where the person can read the information after authentication and authorisation. The authority shall ensure that the web environment contains information regarding the time when the person examined the communicated information.
(2) If an authority lacks a secure web environment for communication of the information referred to in subsection (1) above, the authority shall send a document via eesti.ee gateway’s infrastructure service for official documents (hereinafter the person’s official mailbox). The information stating that a document is sent to the person’s official mailbox is sent to the person from eesti.ee gateway. Eesti.ee gateway shall provide the authority with information on the time when the document reached the person’s official mailbox and when the person opened, downloaded or forwarded the document.
(3) In addition to the information referred to in subsections (1) and (2), an authority may send a reminder or any other awareness raising message to the official e-mail address of a person, if it derives from the performance of a public law function imposed on the authority. An authority shall not send any information that is not related to the performance of a public law function, especially advertising, to the official e-mail address of a person.
(4) Constitutional institutions, governmental authorities and local government authorities, and where possible, other authorities shall send information in the manner described in subsections (1) to (3).
(5) The functioning of the activation of official e-mail addresses shall be ensured and the administration and development of a person’s official mailbox shall be organised by the Information System Authority. The resources required for it shall be provided for by the Ministry of Economic Affairs and Communications.
(1) Document management and organisation of access thereto shall be governed by the requirements provided for in section 13, taking account of the specifications set out in this section.
(2) The sharing and exchanging of documents, and sending documents via a person’s official e-mail address shall be governed by the requirements provided for in sections 14 and 15 above, taking account of the specifications set out in this section.
(3) An authority shall create, coordinate and process documents electronically. If it is necessary to issue a document on paper, the authority may issue a copy of the electronic document.
(4) A document created by an authority shall have the mandatory elements, and in addition, also the elements inherent in the type of document. The mandatory elements are:
1) issuer of the document;
2) date;
3) contents;
4) signatory or approver of the contents or a notation regarding the automatic approval by the authority.
(5) The composition of the elements of a document created by an authority shall be based on the data description of the respective document type if it is registered with the RIHA. Documents of the respective type and their web forms shall be prepared on the basis of the data description.
(6) The text of a document created by an authority shall be unambiguously understandable and as concise as possible, and shall conform to the Estonian Literary Standard.
(7) A document may be unsigned unless the requirement for a signature derives from legislation, provided that the authenticity, reliability and integrity of the document are ensured.
(8) An authority shall digitise a paper document received unless:
1) the document is not usable in a digitised form;
2) it is not expedient to digitise the document due to its volume or for an exceptional reason.
(9) An authority may return a digitised paper document to the person providing it or to the sender, or destroy it, if the transfer of information to an electronic medium took place in accordance with the procedure provided by archival rules and unless the requirement for preservation of the original derives from legislation.
(10) An authority shall store the documents with a retention period of over 10 years and, where possible, also other electronic documents in an archival format. Where needed, the authority shall also retain a version in another format.
(11) A document shall be retained together with the metadata describing the document, its relationships and history of management. The metadata of a document shall conform to the document management metadata list registered with the RIHA, and with the data description of the document type.
(12) While establishing a restriction on access to a document, an authority shall take account of the classifier of the bases of the restriction on access registered with the RIHA.
(13) An authority shall publish an electronic text document and a digitised copy of the paper document without any restrictions on access in PDF format or in any other human-readable format independent of application software via the document register.
(14) A state authority may transfer the electronic documents with a retention period of over 10 years which do not have archival value to the National Archives for storage. The National Archives shall ensure that the authority that transferred the documents shall have access to the documents. The expenses related to the transfer and storage of the documents shall be covered by the authority transferring the documents on the basis of expense standards established by the minister responsible for the area of archives.
(1) A coordinator or another competent authority may issue guidelines to specify the provisions of this Chapter. The coordinators and competent authorities may issue joint guidelines.
(2) If it is necessary to agree on a uniform response to a single case of application of legislation or guidelines, the council operating on the basis of subsection 5 (4) shall make a decision on the proposal of the coordinator. If a decision affects the work of local authorities and constitutional institutions, the representatives of these authorities shall be engaged in the preparation of the decision.
(3) The detailed arrangement of the information governance of an authority shall be provided for in the instruments and guidelines regulating the internal work procedure of the authority. The authority shall keep the instruments and guidelines up to date and support the conformity to the provided requirements by IT tools.
(1) An authority shall determine the posts or positions and the responsible structural units provided for in subsections 4 (1) and (3) not later than by 1 October 2017.
(2) An authority shall have the overview provided for in subsection 7 (1) not later than by 1 July 2018.
(3) An authority shall prepare and publish the list of services provided for in section 8 not later than by 1 July 2018.
(4) The Ministry of Economic Affairs and Communications shall devise the guidelines referred to in subsections 8 (2) and (4) not later than by 1 January 2018. An authority shall submit the quality indicators referred to in subsection 8 (4) for the first time not later than for the year following the year of issuing the guidelines.
(5) An authority shall ensure conformity to the requirements provided for in subsections 9 (2) and (3) not later than by 1 July 2019.
(6) An authority shall have the overview provided for in subsection 12 (1) not later than by 1 July 2018.
(7) An authority shall communicate information to persons in the manner provided for in subsections 15 (1) and (2) not later than from 1 January 2019.
(8) An authority shall disclose the electronic text documents without any restrictions on access in the formats set out in subsection 16 (13) not later than from 1 July 2018.
(9) An authority shall bring the instruments and guidelines regulating its internal work procedures into compliance with the requirements of this Regulation not later than by 1 July 2018.
(10) The guidelines of the Ministry of Economic Affairs and Communications issued under subsection 542 (1) of Regulation No. 80 of the Government of the Republic, dated 26 February 2001, Uniform Principles for Records Management Procedures, shall be observed until the guidelines are renewed or repealed.
(11) The Ministry of Economic Affairs and Communications shall review the guidelines set out in subsection (10) not later than by 1 January 2018, and shall renew or repeal them where necessary. Upon renewal of the guidelines, they can be joined with the guidelines of another coordinator or competent authority, or the administration of the renewed guidelines can be assigned to another coordinator or competent authority.
(12) The document management council operating within the Ministry of Economic Affairs and Communications and formed under subsection 542 (11) of Regulation No. 80 of the Government of the Republic, dated 26 February 2001, Uniform Principles for Records Management Procedures, shall continue operating as a council supporting the development of document management and conversion to information governance in accordance with the procedure provided for in subsections 5 (4) and (5) until it is no longer necessary.
The text of section 39 of Regulation No. 181 of the Government of the Republic, dated 22 December 2011, Archival Rules, shall be reworded as follows:
“Public archives shall apply the requirements of sections 32 to 36 of this Regulation to ensuring of access to all documents transferred to the public archives, except organisation of access to electronic documents with a retention period of over 10 years which do not have archival value and which have been transferred by state authorities to the National Archives for storage.”.
Subsection 5 (1) of Regulation No. 417 of the Government of the Republic, dated 19 December 2001, Statutes of the Estonian Unemployment Insurance Fund, shall be reworded as follows:
“(1) The information of the Unemployment Insurance Fund shall be managed in accordance with the Archives Act and legislation established on the basis thereof.”
Subsection 3 (1) of Regulation No. 204 of the Government of the Republic, dated 25 June 2002, Statutes of the Guarantee Fund, shall be reworded as follows:
“(1) The information of the Fund shall be managed in accordance with the Archives Act and legislation established on the basis thereof.”
The text of section 47 of Regulation No. 262 of the Government of the Republic, dated 20 December 2007, Procedure for Protection of State Secrets and Classified Information of Foreign States, shall be reworded as follows:
“Registration of a classified medium shall be based on the Public Information Act, and legislation and guidelines enacted under the Public Information Act and the Archives Act with the specifications provided for in this Regulation.”
Regulation No. 80 of the Government of the Republic, dated 26 February 2001, Uniform Principles for Records Management Procedures, shall be repealed.
Kadri Simson
Minister of Economic Affairs and Communications in the capacity of Prime Minister
Urve Palo
Minister of Entrepreneurship and Information Technology
Aivar Rahno
Head of Sessions Department of the Government Office in the capacity of State Secretary