GRADUM
    Standards Comparison

    EN 1090

    Mandatory
    2009

    European standard for execution of structural steel and aluminium

    VS

    NERC CIP

    Mandatory
    2006

    Mandatory standards for BES cybersecurity and reliability.

    Quick Verdict

    EN 1090 mandates CE marking for structural steel/aluminium in EU construction, ensuring execution quality via FPC certification. NERC CIP enforces cyber/physical security for North American grid operators through audits and fines. Fabricators choose EN 1090 for market access; utilities adopt CIP for reliability compliance.

    Structural Metalwork

    EN 1090

    EN 1090 Execution of steel and aluminium structures

    Cost
    €€€€
    Complexity
    High
    Implementation Time
    6-12 months

    Key Features

    • Mandates CE marking via certified Factory Production Control
    • Risk-based Execution Classes (EXC1-EXC4) scaling requirements
    • Technical rules for steel (EN 1090-2) and aluminium (EN 1090-3)
    • Requires ISO 3834-aligned welding coordination and qualifications
    • Ensures full material traceability, tolerances, and NDT inspection
    Critical Infrastructure Protection

    NERC CIP

    NERC Critical Infrastructure Protection Standards

    Cost
    €€€
    Complexity
    Medium
    Implementation Time
    18-24 months

    Key Features

    • Risk-based tiering of BES Cyber Systems
    • Electronic/physical security perimeters
    • 35-day patch evaluation cadence
    • Incident response and recovery plans
    • Supply chain risk management controls

    Detailed Analysis

    A comprehensive look at the specific requirements, scope, and impact of each standard.

    EN 1090 Details

    What It Is

    EN 1090 is the harmonized European standard family for execution and conformity assessment of steel and aluminium structural components under the Construction Products Regulation (CPR). It comprises EN 1090-1 (conformity assessment), EN 1090-2 (steel execution), and EN 1090-3 (aluminium). Primary purpose: ensure safe fabrication, assembly, and CE marking for load-bearing components in construction. Key approach: risk-based Execution Classes (EXC1-EXC4) scaling controls by consequence, service, and production categories.

    Key Components

    • **Factory Production Control (FPC)documented system for traceability, welding, inspection.
    • **Welding managementISO 3834 integration, qualified coordinators/personnel.
    • **Technical requirementsmaterials, tolerances, corrosion protection, NDT.
    • Certification model: Notified Body audits FPC, issues certificate enabling Declaration of Performance (DoP) and CE mark.

    Why Organizations Use It

    Mandated for EU market access; reduces liability, rework. Drives capability in welding/traceability; enhances competitiveness for high-risk projects like bridges/stadia.

    Implementation Overview

    Phased: gap analysis, FPC build, personnel training, NB certification (3-12 months). Applies to fabricators; requires ongoing surveillance.

    NERC CIP Details

    What It Is

    NERC CIP (North American Electric Reliability Corporation Critical Infrastructure Protection) are mandatory reliability standards for cybersecurity and physical protection of the Bulk Electric System (BES). They apply to high-voltage assets across the US, Canada, and parts of Mexico, using a risk-based, tiered approach categorizing systems as High, Medium, or Low Impact.

    Key Components

    • Core standards: CIP-002 (scoping), CIP-003 (governance), CIP-004 (personnel), CIP-005/006 (perimeters), CIP-007 (systems), CIP-008-010 (response/recovery/config), CIP-013 (supply chain), CIP-014/015 (physical/monitoring).
    • ~45 requirements across 15+ standards.
    • Built on BES reliability principles; enforced via audits, penalties by NERC/FERC.

    Why Organizations Use It

    • Legal mandate for BES owners/operators to prevent misoperation/instability.
    • Mitigates cyber/physical risks, reduces outages/fines.
    • Enhances resilience, insurance rates, stakeholder trust.

    Implementation Overview

    • Phased: scoping, controls, testing, audits.
    • Targets utilities/transmission entities; annual audits, 15-month reviews.

    Key Differences

    Scope

    EN 1090
    Structural steel/aluminium execution & conformity
    NERC CIP
    Cyber/physical security for Bulk Electric System

    Industry

    EN 1090
    Construction, fabrication (EU/EEA)
    NERC CIP
    Electric utilities (North America)

    Nature

    EN 1090
    Harmonized standard for CE marking
    NERC CIP
    Mandatory reliability standards enforced by FERC

    Testing

    EN 1090
    FPC certification, surveillance audits by Notified Bodies
    NERC CIP
    Annual audits, vulnerability assessments, incident drills

    Penalties

    EN 1090
    Market exclusion, no CE marking
    NERC CIP
    Fines up to $1M per violation, license suspension

    Frequently Asked Questions

    Common questions about EN 1090 and NERC CIP

    EN 1090 FAQ

    NERC CIP FAQ

    You Might also be Interested in These Articles...

    Top 10 SOC 2 Mistakes Startups Make (and Fixes with Automation)

    Top 10 SOC 2 Mistakes Startups Make (and Fixes with Automation)

    Avoid top 10 SOC 2 mistakes like scope creep & evidence gaps. See fail/pass visuals, client quotes, Vanta/Drata automation fixes for bootstrapped startups. Quic

    Real-World ISO 27701 Success: Synthesized Case Studies, Metrics, and Lessons for Privacy Resilience

    Real-World ISO 27701 Success: Synthesized Case Studies, Metrics, and Lessons for Privacy Resilience

    Real-world ISO 27701 success from Tribeca, Kocho: DSAR efficiency gains, risk score reductions, certification ROI. Synthesized metrics prove privacy resilience

    Measuring CIS Controls v8.1 in the Real World: KPIs, Dashboards, and Automated Evidence for Continuous Assurance

    Measuring CIS Controls v8.1 in the Real World: KPIs, Dashboards, and Automated Evidence for Continuous Assurance

    Master CIS Controls v8.1 measurement with essential KPIs, executive-ready dashboards, and automated evidence collection for continuous assurance. Make complianc

    Run Maturity Assessments with GRADUM

    Transform your compliance journey with our AI-powered assessment platform

    Assess your organization's maturity across multiple standards and regulations including ISO 27001, DORA, NIS2, NIST, GDPR, and hundreds more. Get actionable insights and track your progress with collaborative, AI-powered evaluations.

    100+ Standards & Regulations
    AI-Powered Insights
    Collaborative Assessments
    Actionable Recommendations

    Check out these other Gradum.io Standards Comparison Pages

    HITRUST CSF vs ISO 27701

    HITRUST CSF vs ISO 27701: Certifiable threat-adaptive framework (19 domains, maturity scoring) vs privacy PIMS on ISO 27001. Tailor compliance for regulated needs—discover key diffs now!

    ISO 27032 vs CIS Controls

    ISO 27032 vs CIS Controls: Collaborative Internet security guidelines meet 18 prioritized safeguards for cyber hygiene. Optimize resilience & compliance now!

    ISO 20000 vs BRC

    Discover ISO 20000 vs BRC: Compare IT service excellence with food safety standards. Gain key differences, benefits & implementation insights to choose wisely!