GRADUM
    Standards Comparison

    EN 1090

    Mandatory
    2009

    European standard for execution of structural steel and aluminium

    VS

    ISO 27701

    Voluntary
    2019

    International standard for privacy information management systems.

    Quick Verdict

    EN 1090 mandates CE marking for structural steel/aluminium in EU construction via FPC and execution classes, while ISO 27701 certifies voluntary PIMS for global PII privacy governance. Fabricators need EN 1090 for market access; data handlers adopt 27701 for compliance proof.

    Structural Metalwork

    EN 1090

    EN 1090 Execution of steel and aluminium structures

    Cost
    €€€€
    Complexity
    High
    Implementation Time
    6-12 months

    Key Features

    • Risk-based Execution Classes (EXC1-EXC4) scaling controls
    • Factory Production Control (FPC) certification by Notified Body
    • CE marking for structural steel and aluminium components
    • Welding quality management aligned with ISO 3834
    • Full traceability from materials to finished structures
    Privacy Management

    ISO 27701

    ISO/IEC 27701:2025 Privacy Information Management

    Cost
    €€€
    Complexity
    High
    Implementation Time
    6-12 months

    Key Features

    • Establishes Privacy Information Management System (PIMS)
    • PII controller and processor specific controls (Annex A/B)
    • Risk-based PDCA cycle with DPIAs
    • Mappings to GDPR and ISO 27001/27002
    • Data subject rights and vendor management processes

    Detailed Analysis

    A comprehensive look at the specific requirements, scope, and impact of each standard.

    EN 1090 Details

    What It Is

    EN 1090 is a harmonized European standard family (EN 1090-1, -2, -3) for the execution and conformity assessment of structural steel and aluminium components under the Construction Products Regulation (CPR). Its primary purpose is ensuring safe fabrication, assembly, and market placement via CE marking. It employs a risk-based approach through Execution Classes (EXC1-EXC4), scaling requirements by failure consequences, service conditions, and production complexity.

    Key Components

    • **EN 1090-1Conformity assessment, Factory Production Control (FPC), Declaration of Performance (DoP).
    • **EN 1090-2/-3Technical rules for steel/aluminium (welding, tolerances, corrosion protection, inspection/NDT).
    • Core principles: traceability, welding per ISO 3834, Notified Body certification, ongoing surveillance.
    • Compliance model: FPC certification enabling CE marking.

    Why Organizations Use It

    Mandated for EU market access; reduces liability, ensures quality. Benefits include risk mitigation, rework reduction, market credibility. Builds stakeholder trust via certified performance declarations.

    Implementation Overview

    Phased: gap analysis, FPC development, personnel training (welding coordinators), NB audits. Applies to fabricators in construction; 6-12 months typical, with surveillance. Targets steel/aluminium producers geographically in EEA.

    ISO 27701 Details

    What It Is

    ISO/IEC 27701:2025 is the international standard extending ISO/IEC 27001 for a Privacy Information Management System (PIMS). It provides requirements and guidance for managing personally identifiable information (PII) lifecycle, emphasizing accountability, risk management, and alignment with privacy laws like GDPR using a risk-based PDCA approach.

    Key Components

    • Clauses 4–10 for management system (context, leadership, planning, operation, evaluation, improvement).
    • Annex A (PII controllers) and Annex B (PII processors) with privacy-specific controls.
    • Mappings to GDPR, ISO 27002, and others.
    • Certification via accredited bodies, often integrated with ISO 27001 audits.

    Why Organizations Use It

    • Mitigates regulatory fines, breach risks, and vendor exclusions.
    • Builds trust, enables procurement differentiation, harmonizes multi-jurisdiction compliance.
    • Reduces data footprint costs, provides audit-ready evidence.

    Implementation Overview

    • Phased: discover/scope, design/plan, implement/operate, validate/improve.
    • Activities: PII inventory, risk assessments (DPIAs), DSR processes, training, vendor contracts.
    • Suits all sizes/industries handling PII; voluntary certification over 6–12 months.

    Key Differences

    Scope

    EN 1090
    Structural steel/aluminium execution & conformity
    ISO 27701
    Privacy Information Management System (PIMS)

    Industry

    EN 1090
    Construction, fabrication (EU/EEA focus)
    ISO 27701
    All PII-processing sectors worldwide

    Nature

    EN 1090
    Harmonized standard enabling CE marking
    ISO 27701
    Voluntary PIMS certification standard

    Testing

    EN 1090
    FPC certification, surveillance audits by Notified Bodies
    ISO 27701
    Internal audits, certification body surveillance

    Penalties

    EN 1090
    Market exclusion, no CE marking
    ISO 27701
    Loss of certification, no legal penalties

    Frequently Asked Questions

    Common questions about EN 1090 and ISO 27701

    EN 1090 FAQ

    ISO 27701 FAQ

    You Might also be Interested in These Articles...

    NIST 800-53 Private Sector ROI Reality Check: Isolating Control Family Impacts on 2024 Breach Costs

    NIST 800-53 Private Sector ROI Reality Check: Isolating Control Family Impacts on 2024 Breach Costs

    Discover NIST 800-53 ROI in private sector: control families like RA, SI, SR reduce median breach costs from $100K to under $50K. Get benchmarks to prioritize i

    ISO 27701 Implementation Roadmap: Extending Your ISMS to PIMS in 12 Months or Less

    ISO 27701 Implementation Roadmap: Extending Your ISMS to PIMS in 12 Months or Less

    Extend ISO 27001 ISMS to ISO 27701 PIMS in 12 months with our phased roadmap. Templates, checklists & infographics for RoPA, DSARs & audit-ready privacy complia

    ISO 27701 2025 Update: Navigating Standalone Certification Myths, Audit Realities, and a 90-Day PIMS Launch Plan

    ISO 27701 2025 Update: Navigating Standalone Certification Myths, Audit Realities, and a 90-Day PIMS Launch Plan

    Debunk ISO 27701 2025 standalone certification myths vs ISO 27001. Get a 90-day PIMS launch roadmap, checklists & audit prep to certify faster amid global priva

    Run Maturity Assessments with GRADUM

    Transform your compliance journey with our AI-powered assessment platform

    Assess your organization's maturity across multiple standards and regulations including ISO 27001, DORA, NIS2, NIST, GDPR, and hundreds more. Get actionable insights and track your progress with collaborative, AI-powered evaluations.

    100+ Standards & Regulations
    AI-Powered Insights
    Collaborative Assessments
    Actionable Recommendations

    Check out these other Gradum.io Standards Comparison Pages

    EPA vs COPPA

    Discover EPA vs COPPA: Compare environmental regs & child privacy laws. Master compliance, penalties, enforcement risks & strategies for business success now!

    ISO 27032 vs ISO 31000

    ISO 27032 vs ISO 31000: Cybersecurity for Internet threats meets enterprise risk management. Align strategies, boost resilience, ensure compliance—discover key differences now!

    CMMC vs FDA 21 CFR Part 11

    Decode CMMC vs FDA 21 CFR Part 11: Compare DoD cybersecurity tiers (NIST 800-171) with FDA e-records rules. Key diffs in scoping, validation, audit trails & signatures. Streamline compliance for defense/pharma now!