EN 1090 vs APRA CPS 234
EN 1090
European standards for execution of steel and aluminium structures
APRA CPS 234
Australian prudential standard for information security capability
Quick Verdict
EN 1090 ensures CE-marked structural steel/aluminium compliance for EU construction, while APRA CPS 234 mandates information security resilience for Australian financial entities. Fabricators adopt EN 1090 for market access; banks/insurers use CPS 234 to meet regulatory oversight and avoid penalties.
EN 1090
EN 1090: Execution of steel and aluminium structures
Key Features
- Risk-based Execution Classes (EXC1-EXC4) scaling requirements
- Certified Factory Production Control (FPC) system mandatory
- Enables CE marking under EU Construction Products Regulation
- Integrates ISO 3834 for welding quality management
- Ensures full material and process traceability
APRA CPS 234
APRA Prudential Standard CPS 234 Information Security
Key Features
- Board ultimately responsible for information security
- Third-party managed assets fully in scope
- Systematic independent testing of controls required
- 72-hour notification for material incidents
- Risk-based asset classification by criticality
Detailed Analysis
A comprehensive look at the specific requirements, scope, and impact of each standard.
EN 1090 Details
What It Is
EN 1090 is a harmonized European standard series (EN 1090-1, -2, -3) for the execution and conformity assessment of structural steel and aluminium components. It serves as the primary framework under the EU Construction Products Regulation (CPR), enabling CE marking for load-bearing components in construction works. Its risk-based approach uses Execution Classes (EXC1-EXC4) to scale requirements based on failure consequences, service conditions, and production complexity.
Key Components
- **EN 1090-1Conformity assessment via Factory Production Control (FPC) certification by Notified Bodies.
- **EN 1090-2/-3Technical rules for steel/aluminium execution, covering materials, welding (ISO 3834 integration), tolerances, inspection, and corrosion protection.
- Core principles: traceability, qualified personnel, NDT inspection, and ongoing surveillance.
- Certification model: AVCP systems with initial audits and continuous monitoring.
Why Organizations Use It
Provides mandatory market access in EEA, reduces liability via proven processes, ensures weld quality consistency, and builds stakeholder trust. Strategic benefits include risk mitigation, rework reduction, and competitiveness in high-stakes projects like bridges and stadia.
Implementation Overview
Phased approach: gap analysis, FPC development, welding qualification, NB certification (3-12 months typical). Applies to fabricators of structural components; requires personnel training, digital traceability, and surveillance for steel/aluminium producers in Europe.
APRA CPS 234 Details
What It Is
APRA Prudential Standard CPS 234 (Information Security) is a binding prudential regulation from the Australian Prudential Regulation Authority, effective 1 July 2019. It mandates APRA-regulated entities—banks, insurers, super funds—to maintain an information security capability commensurate with threats, protecting confidentiality, integrity, and availability of information assets, including those managed by third parties. It employs a risk-based, proportionate approach focused on governance, controls, and assurance.
Key Components
- **Governance and rolesBoard ultimate accountability, defined responsibilities.
- **Core areasPolicy framework, asset classification by criticality/sensitivity, commensurate controls, incident response, systematic testing, third-party assessments.
- No fixed controls; built on CIA triad principles.
- Compliance via self-management, independent assurance, APRA notifications—no formal certification.
Why Organizations Use It
- Mandatory for regulated entities to avoid enforcement, penalties.
- Mitigates cyber risks, ensures operational resilience.
- Builds customer trust, enables partnerships, reduces costs.
- Provides competitive edge in security posture.
Implementation Overview
- Phased: gap analysis, governance setup, asset register, controls, testing, monitoring.
- Suits all sizes in APRA sectors (Australia).
- Involves internal audit, annual testing; 72-hour incident reporting to APRA. (178 words)
Key Differences
| Aspect | EN 1090 | APRA CPS 234 |
|---|---|---|
| Scope | Execution and conformity of steel/aluminium structures | Information security capability for financial entities |
| Industry | Construction, fabrication; EU/EEA market | Australian financial services (banks, insurers) |
| Nature | Harmonized technical standard; CE marking mandatory | Binding prudential regulation; APRA enforcement |
| Testing | FPC certification, surveillance audits by Notified Bodies | Systematic control testing, internal audit assurance |
| Penalties | Market exclusion, no CE marking, legal liability | Fines, supervisory actions, license restrictions |
Scope
Industry
Nature
Testing
Penalties
Frequently Asked Questions
Common questions about EN 1090 and APRA CPS 234
EN 1090 FAQ
APRA CPS 234 FAQ
You Might also be Interested in These Articles...
SOC 2 Audit Survival Guide: Auditor Questions, Red Flags, and Evidence Prep for First-Time Pass
Ace your SOC 2 audit with predicted auditor questions, model answers, red flags, and evidence checklists from CPA best practices & SignWell's journey. Reduce st
The NIS2 "FTE Trap": Why 5 Analysts for 24/7 Security is Actually 8 (and Why the Board Needs to Know)
Exposed: NIS2 FTE Trap math shows 5 analysts fail 24/7 coverage due to sickness, training, leave & 2026 churn. Line-by-line breakdown for compliance. Alert your
CIS Controls v8.1 for Cloud & SaaS: A Practical Safeguard Playbook for AWS/Azure/GCP and Microsoft 365
Turn CIS Controls v8.1 into a cloud-first playbook for AWS, Azure, GCP & Microsoft 365. Get actionable IaaS/PaaS/SaaS safeguards, automation patterns, evidence
Run Maturity Assessments with GRADUM
Transform your compliance journey with our AI-powered assessment platform
Assess your organization's maturity across multiple standards and regulations including ISO 27001, DORA, NIS2, NIST, GDPR, and hundreds more. Get actionable insights and track your progress with collaborative, AI-powered evaluations.
Explore More Comparisons
See how EN 1090 and APRA CPS 234 compare against other standards