What It Is

EN 1090 is a harmonized European standard family (EN 1090-1, -2, -3) for the execution and conformity assessment of structural steel and aluminium components under the Construction Products Regulation (CPR). Its primary purpose is ensuring safe fabrication, assembly, and market placement via CE marking. It employs a risk-based approach through Execution Classes (EXC1-EXC4), scaling requirements by failure consequences, service conditions, and production complexity.

Key Components

• **EN 1090-1Conformity assessment, Factory Production Control (FPC), Declaration of Performance (DoP).
• **EN 1090-2/-3Technical rules for steel/aluminium (welding, tolerances, corrosion protection, inspection/NDT).
• Core principles: traceability, welding per ISO 3834, Notified Body certification, ongoing surveillance.
• Compliance model: FPC certification enabling CE marking.

Why Organizations Use It

Mandated for EU market access; reduces liability, ensures quality. Benefits include risk mitigation, rework reduction, market credibility. Builds stakeholder trust via certified performance declarations.

Implementation Overview

Phased: gap analysis, FPC development, personnel training (welding coordinators), NB audits. Applies to fabricators in construction; 6-12 months typical, with surveillance. Targets steel/aluminium producers geographically in EEA.

What It Is

ISO/IEC 27701:2025 is the international standard extending ISO/IEC 27001 for a Privacy Information Management System (PIMS). It provides requirements and guidance for managing personally identifiable information (PII) lifecycle, emphasizing accountability, risk management, and alignment with privacy laws like GDPR using a risk-based PDCA approach.

Key Components

• Clauses 4–10 for management system (context, leadership, planning, operation, evaluation, improvement).
• Annex A (PII controllers) and Annex B (PII processors) with privacy-specific controls.
• Mappings to GDPR, ISO 27002, and others.
• Certification via accredited bodies, often integrated with ISO 27001 audits.

Why Organizations Use It

• Mitigates regulatory fines, breach risks, and vendor exclusions.
• Builds trust, enables procurement differentiation, harmonizes multi-jurisdiction compliance.
• Reduces data footprint costs, provides audit-ready evidence.

Implementation Overview

• Phased: discover/scope, design/plan, implement/operate, validate/improve.
• Activities: PII inventory, risk assessments (DPIAs), DSR processes, training, vendor contracts.
• Suits all sizes/industries handling PII; voluntary certification over 6–12 months.