GRADUM
    FeaturesMaturity ModelsFor CreatorsPricingBlogCompareSupport
    DashboardSign Up Free
    Blog/Compare/COBIT vs EN 1090
    Standards Comparison

    COBIT vs EN 1090

    COBIT

    Voluntary
    2019

    IT governance framework aligning strategy, risk, and value

    VS

    EN 1090

    Mandatory
    2009

    EU standard for steel and aluminium structural execution.

    Quick Verdict

    COBIT provides voluntary IT governance frameworks for enterprises worldwide, while EN 1090 mandates CE marking for structural steel/aluminium in EU construction. Companies adopt COBIT for risk-optimized IT value; EN 1090 for legal market access and compliance.

    IT Governance

    COBIT

    COBIT 2019 Governance and Management Objectives

    Cost
    €€€€
    Complexity
    High
    Implementation Time
    12-18 months

    Key Features

    • Tailorable via 11 design factors and workflow
    • 40 objectives across 5 domains (EDM-APO-BAI-DSS-MEA)
    • CMMI-based capability levels 0-5 for performance
    • Clear separation of governance from management
    • Goals cascade links stakeholders to metrics
    Structural Metalwork

    EN 1090

    EN 1090 Execution of steel and aluminium structures

    Cost
    €€€€
    Complexity
    High
    Implementation Time
    6-12 months

    Key Features

    • Factory Production Control (FPC) certification
    • Execution Classes (EXC1-4) risk scaling
    • CE marking and Declaration of Performance
    • Welding quality via ISO 3834 alignment
    • Material traceability and NDT requirements

    Detailed Analysis

    A comprehensive look at the specific requirements, scope, and impact of each standard.

    COBIT Details

    What It Is

    COBIT 2019 is ISACA's comprehensive framework for enterprise IT governance and management. It translates stakeholder needs into actionable objectives via a tailored governance system approach, emphasizing value creation, risk optimization, and resource use across the enterprise.

    Key Components

    • 40 governance/management objectives in 5 domains: EDM (governance), APO (strategy), BAI (delivery), DSS (operations), MEA (assurance).
    • 6 governance principles and 7 components (processes, structures, culture, etc.).
    • 11 design factors for tailoring; CMMI-based capability levels 0-5; no formal certification, but ISACA training (Foundation, Design & Implementation).

    Why Organizations Use It

    Supports compliance (SOX, GDPR alignments), risk reduction, digital transformation ROI, and board oversight. Builds stakeholder trust through measurable EGIT outcomes and interoperability with ITIL, ISO 27001, NIST.

    Implementation Overview

    Phased: assess gaps, design via toolkit, pilot objectives, build capabilities, monitor via MEA. Suited for large/regulated enterprises; voluntary, executive-sponsored programs with training essential. (178 words)

    EN 1090 Details

    What It Is

    EN 1090 is a harmonized European standard family (EN 1090-1, -2, -3) under the Construction Products Regulation (CPR). It governs conformity assessment and execution of structural steel and aluminium components for construction works. Primary purpose: ensure safe fabrication, assembly, and market placement via CE marking. Key approach: risk-based scaling through Execution Classes (EXC1–EXC4) linked to consequence, service, and production categories.

    Key Components

    • EN 1090-1: Conformity assessment, Factory Production Control (FPC) certification, Declaration of Performance (DoP).
    • EN 1090-2/-3: Technical rules for steel/aluminium (materials, welding, tolerances, corrosion protection, inspection/NDT).
    • Core principles: traceability, welding quality (ISO 3834), risk-proportional controls.
    • Certification model: Notified Body audits FPC with ongoing surveillance.

    Why Organizations Use It

    • Mandatory CE marking for EEA market access; non-compliance risks exclusion, fines.
    • Reduces liability via documented processes; enables high-risk projects.
    • Builds trust, competitive edge in tenders; operational efficiencies lower rework.

    Implementation Overview

    Phased: gap analysis, FPC design, personnel quals, NB certification (3–12 months). Applies to fabricators in construction; requires welding coordinators, audits. (178 words)

    Key Differences

    AspectCOBITEN 1090
    ScopeEnterprise IT governance and managementStructural steel/aluminium fabrication execution
    IndustryAll industries worldwideConstruction/metal fabrication in EU/EEA
    NatureVoluntary governance frameworkMandatory harmonized standard for CE marking
    TestingCapability/maturity assessmentsFPC certification and surveillance audits
    PenaltiesLoss of certification/credibilityMarket exclusion, fines, legal liability

    Scope

    COBIT
    Enterprise IT governance and management
    EN 1090
    Structural steel/aluminium fabrication execution

    Industry

    COBIT
    All industries worldwide
    EN 1090
    Construction/metal fabrication in EU/EEA

    Nature

    COBIT
    Voluntary governance framework
    EN 1090
    Mandatory harmonized standard for CE marking

    Testing

    COBIT
    Capability/maturity assessments
    EN 1090
    FPC certification and surveillance audits

    Penalties

    COBIT
    Loss of certification/credibility
    EN 1090
    Market exclusion, fines, legal liability

    Frequently Asked Questions

    Common questions about COBIT and EN 1090

    COBIT FAQ

    EN 1090 FAQ

    You Might also be Interested in These Articles...

    Top 5 Reasons Automation Tools Like Vanta Slash SOC 2 Type 2 Timelines from Months to Weeks

    Top 5 Reasons Automation Tools Like Vanta Slash SOC 2 Type 2 Timelines from Months to Weeks

    Automation tools like Vanta cut SOC 2 Type 2 prep from 6 months to 6 weeks, saving 70% costs. See SignWell examples, AWS/Okta/GitHub integrations. CISOs: Get fi

    SOC 2 for Fintech Startups: First 5 Steps to Compliance with Confidentiality Criterion Infographic

    SOC 2 for Fintech Startups: First 5 Steps to Compliance with Confidentiality Criterion Infographic

    First 5 steps to SOC 2 compliance with Confidentiality for fintech SaaS. Infographic maps controls to risks like encryption & TPRM. Integrates GLBA/PCI DSS over

    DORA Third-Party Risk Management: A Consultant’s Guide to Mapping Critical ICT Service Providers in 2026

    DORA Third-Party Risk Management: A Consultant’s Guide to Mapping Critical ICT Service Providers in 2026

    Navigate DORA's complex third-party risk pillar. Step-by-step consultant guide to identify critical ICT providers, remediate Article 30 contracts, and build the

    Run Maturity Assessments with GRADUM

    Transform your compliance journey with our AI-powered assessment platform

    Assess your organization's maturity across multiple standards and regulations including ISO 27001, DORA, NIS2, NIST, GDPR, and hundreds more. Get actionable insights and track your progress with collaborative, AI-powered evaluations.

    100+ Standards & Regulations
    AI-Powered Insights
    Collaborative Assessments
    Actionable Recommendations

    Explore More Comparisons

    See how COBIT and EN 1090 compare against other standards

    Other COBIT Comparisons

    • WCAG vs COBIT
    • COBIT vs SQF
    • COBIT vs CAA
    • OSHA vs COBIT
    • ENERGY STAR vs COBIT

    Other EN 1090 Comparisons

    • TOGAF vs EN 1090
    • ISO 20000 vs EN 1090
    • SAFe vs EN 1090
    • ITIL vs EN 1090
    • CMMI vs EN 1090
    GRADUM

    Transform your assessment process with collaborative, AI-powered maturity evaluations that deliver actionable insights.

    Navigation

    FeaturesMaturity ModelsFor CreatorsPricing

    Legal

    Terms and ConditionsPrivacy PolicyImprintCopyright PolicyCookie Policy

    © 2026 Gradum. All Rights Reserved