COBIT
IT governance framework aligning strategy, risk, and value
EN 1090
EU standard for steel and aluminium structural execution.
Quick Verdict
COBIT provides voluntary IT governance frameworks for enterprises worldwide, while EN 1090 mandates CE marking for structural steel/aluminium in EU construction. Companies adopt COBIT for risk-optimized IT value; EN 1090 for legal market access and compliance.
COBIT
COBIT 2019 Governance and Management Objectives
Key Features
- Tailorable via 11 design factors and workflow
- 40 objectives across 5 domains (EDM-APO-BAI-DSS-MEA)
- CMMI-based capability levels 0-5 for performance
- Clear separation of governance from management
- Goals cascade links stakeholders to metrics
EN 1090
EN 1090 Execution of steel and aluminium structures
Key Features
- Factory Production Control (FPC) certification
- Execution Classes (EXC1-4) risk scaling
- CE marking and Declaration of Performance
- Welding quality via ISO 3834 alignment
- Material traceability and NDT requirements
Detailed Analysis
A comprehensive look at the specific requirements, scope, and impact of each standard.
COBIT Details
What It Is
COBIT 2019 is ISACA's comprehensive framework for enterprise IT governance and management. It translates stakeholder needs into actionable objectives via a tailored governance system approach, emphasizing value creation, risk optimization, and resource use across the enterprise.
Key Components
- 40 governance/management objectives in 5 domains: EDM (governance), APO (strategy), BAI (delivery), DSS (operations), MEA (assurance).
- 6 governance principles and 7 components (processes, structures, culture, etc.).
- 11 design factors for tailoring; CMMI-based capability levels 0-5; no formal certification, but ISACA training (Foundation, Design & Implementation).
Why Organizations Use It
Supports compliance (SOX, GDPR alignments), risk reduction, digital transformation ROI, and board oversight. Builds stakeholder trust through measurable EGIT outcomes and interoperability with ITIL, ISO 27001, NIST.
Implementation Overview
Phased: assess gaps, design via toolkit, pilot objectives, build capabilities, monitor via MEA. Suited for large/regulated enterprises; voluntary, executive-sponsored programs with training essential. (178 words)
EN 1090 Details
What It Is
EN 1090 is a harmonized European standard family (EN 1090-1, -2, -3) under the Construction Products Regulation (CPR). It governs conformity assessment and execution of structural steel and aluminium components for construction works. Primary purpose: ensure safe fabrication, assembly, and market placement via CE marking. Key approach: risk-based scaling through Execution Classes (EXC1–EXC4) linked to consequence, service, and production categories.
Key Components
- **EN 1090-1Conformity assessment, Factory Production Control (FPC) certification, Declaration of Performance (DoP).
- **EN 1090-2/-3Technical rules for steel/aluminium (materials, welding, tolerances, corrosion protection, inspection/NDT).
- Core principles: traceability, welding quality (ISO 3834), risk-proportional controls.
- Certification model: Notified Body audits FPC with ongoing surveillance.
Why Organizations Use It
- Mandatory CE marking for EEA market access; non-compliance risks exclusion, fines.
- Reduces liability via documented processes; enables high-risk projects.
- Builds trust, competitive edge in tenders; operational efficiencies lower rework.
Implementation Overview
Phased: gap analysis, FPC design, personnel quals, NB certification (3–12 months). Applies to fabricators in construction; requires welding coordinators, audits. (178 words)
Key Differences
| Aspect | COBIT | EN 1090 |
|---|---|---|
| Scope | Enterprise IT governance and management | Structural steel/aluminium fabrication execution |
| Industry | All industries worldwide | Construction/metal fabrication in EU/EEA |
| Nature | Voluntary governance framework | Mandatory harmonized standard for CE marking |
| Testing | Capability/maturity assessments | FPC certification and surveillance audits |
| Penalties | Loss of certification/credibility | Market exclusion, fines, legal liability |
Scope
Industry
Nature
Testing
Penalties
Frequently Asked Questions
Common questions about COBIT and EN 1090
COBIT FAQ
EN 1090 FAQ
You Might also be Interested in These Articles...
CIS Controls v8.1 for Cloud & Kubernetes: A Practical Implementation Playbook (AWS/Azure/GCP + IaC)
Translate CIS Controls v8.1 to cloud-native: Kubernetes patterns for IAM, logging, vuln mgmt, hardening on AWS, Azure, GCP + IaC. Practical playbook for teams.
Unpacking the True Cost: A Guide to Calculating TCO for Modern Compliance Monitoring Software
Unpack the true Total Cost of Ownership (TCO) for compliance monitoring software. Factor in licenses, implementation, training, maintenance, and ROI savings for
Beyond Reactive: Transforming Compliance into Real-Time Threat Prevention
Discover how modern compliance monitoring tools leverage continuous, real-time oversight and automated alerts to shift organizations from reactive problem-solving to proactive threat detection and prevention, safeguarding against emerging risks before they escalate.
Run Maturity Assessments with GRADUM
Transform your compliance journey with our AI-powered assessment platform
Assess your organization's maturity across multiple standards and regulations including ISO 27001, DORA, NIS2, NIST, GDPR, and hundreds more. Get actionable insights and track your progress with collaborative, AI-powered evaluations.
Check out these other Gradum.io Standards Comparison Pages
GLBA vs MAS TRM
Discover GLBA vs MAS TRM: Compare US financial privacy/safeguards rules with Singapore's tech risk guidelines. Key insights for global compliance, security strategies.
RoHS vs GDPR UK
Compare RoHS vs GDPR UK: Decode hazardous substances bans & data privacy rules for EEE makers. Ensure EU/UK compliance, avoid fines—expert insights await!
WELL vs ISO 27701
Compare WELL vs ISO 27701: Health certification (Bronze-Platinum, 10 concepts) vs privacy PIMS. Boost ESG, compliance & wellness—discover key differences now!