GRADUM
    Standards Comparison

    EN 1090

    Mandatory
    2009

    European standard for steel/aluminium structural execution and CE marking

    VS

    SAMA CSF

    Mandatory
    2017

    Saudi regulatory framework for financial cybersecurity.

    Quick Verdict

    EN 1090 ensures CE-marked structural steel/aluminium compliance for EU construction, while SAMA CSF mandates cybersecurity maturity for Saudi financial institutions. Fabricators adopt EN 1090 for market access; banks use SAMA CSF for regulatory resilience and threat defense.

    Structural Metalwork

    EN 1090

    EN 1090 Execution of steel and aluminium structures

    Cost
    €€€€
    Complexity
    High
    Implementation Time
    6-12 months

    Key Features

    • Enables mandatory CE marking via FPC certification
    • Risk-based Execution Classes (EXC1-4) scaling controls
    • Factory Production Control with notified body surveillance
    • Technical rules for welding, tolerances, corrosion protection
    • Declaration of Performance for structural components
    Cybersecurity

    SAMA CSF

    SAMA Cyber Security Framework Version 1.0

    Cost
    €€€€
    Complexity
    High
    Implementation Time
    6-12 months

    Key Features

    • Six-level maturity model with Level 3 baseline
    • Four domains including third-party cybersecurity
    • Principle-based controls across 114+ subcontrols
    • Board oversight and independent CISO mandate
    • Alignment with NIST, ISO 27001, PCI-DSS

    Detailed Analysis

    A comprehensive look at the specific requirements, scope, and impact of each standard.

    EN 1090 Details

    What It Is

    EN 1090 is a harmonized European standard family (EN 1090-1/2/3) for execution and conformity assessment of steel and aluminium structural components under the Construction Products Regulation (CPR). It enables CE marking through a risk-based framework scaling requirements via Execution Classes (EXC1-4).

    Key Components

    • **EN 1090-1Conformity assessment, Factory Production Control (FPC) certification by notified bodies.
    • **EN 1090-2/3Technical rules for steel/aluminium (welding per ISO 3834, tolerances, corrosion protection, NDT).
    • Core: Traceability, personnel qualification, Declaration of Performance (DoP), ongoing surveillance.

    Why Organizations Use It

    • Mandatory for EU market access of load-bearing components.
    • Reduces liability, ensures safety via risk-proportional controls.
    • Builds trust, enables high-risk projects (bridges, stadia), competitive edge through certification.

    Implementation Overview

    Phased: gap analysis, FPC build, welding quals, NB certification (3-12 months). Applies to fabricators EU-wide; requires audits, training, digital traceability.

    SAMA CSF Details

    What It Is

    The Saudi Arabian Monetary Authority Cyber Security Framework (SAMA CSF), Version 1.0 (May 2017), is a mandatory regulatory framework for SAMA-regulated financial institutions in Saudi Arabia, including banks, insurers, and finance companies. It adopts a principle-based, risk-oriented approach with a maturity model to ensure detection, resistance, response, and recovery from cyber threats, focusing on information assets' confidentiality, integrity, and availability.

    Key Components

    • Four main **domainsCyber Security Leadership & Governance, Risk Management & Compliance, Operations & Technology, Third-Party Cyber Security.
    • Numerous subdomains with principles, objectives, and control considerations (114+ subcontrols).
    • Six-level maturity model (0: Non-existent to 5: Adaptive), baseline at Level 3.
    • Aligned with NIST CSF, ISO 27001, PCI-DSS; self-assessment via questionnaire, SAMA audits.

    Why Organizations Use It

    • Mandatory compliance avoids fines, audits, operational halts.
    • Enhances resilience, efficiency, reduces incidents; strategic edge in partnerships.
    • Builds stakeholder trust, supports Vision 2030 digital growth.

    Implementation Overview

    • **Phased roadmapInitiation/gap analysis, risk assessment, design/deployment, operate/audit.
    • Applies to all sizes in Saudi finance; iterative self-assessments, no external certification.

    Key Differences

    Scope

    EN 1090
    Execution and conformity of steel/aluminium structures
    SAMA CSF
    Cybersecurity governance, risk, operations, third-party

    Industry

    EN 1090
    Construction, fabrication (EU/EEA)
    SAMA CSF
    Financial sector (Saudi Arabia only)

    Nature

    EN 1090
    Harmonized technical standard, CE marking mandatory
    SAMA CSF
    Mandatory regulatory framework, maturity-based compliance

    Testing

    EN 1090
    FPC certification, notified body audits/surveillance
    SAMA CSF
    Self-assessments, SAMA audits, maturity level reviews

    Penalties

    EN 1090
    Market exclusion, no CE marking, legal liability
    SAMA CSF
    Fines, license suspension, supervisory actions

    Frequently Asked Questions

    Common questions about EN 1090 and SAMA CSF

    EN 1090 FAQ

    SAMA CSF FAQ

    You Might also be Interested in These Articles...

    Singapore PDPA Implementation Guide: Mastering Part 6A Breach Notification Thresholds and Timelines from Primary Statute

    Singapore PDPA Implementation Guide: Mastering Part 6A Breach Notification Thresholds and Timelines from Primary Statute

    Master Singapore PDPA Part 6A breach notifications: statutory thresholds (risk of significant harm), 72-hour timelines, checklists, templates & frameworks. Comp

    The Panoramic View: How Integrated Compliance Monitoring Creates Unprecedented Organizational Visibility and Adaptability

    The Panoramic View: How Integrated Compliance Monitoring Creates Unprecedented Organizational Visibility and Adaptability

    Gain unprecedented organizational visibility with integrated compliance monitoring. Automate real-time alerts, ensure GDPR & SOC 2 adherence, reduce risks, and

    Real-World ISO 27701 Success: Synthesized Case Studies, Metrics, and Lessons for Privacy Resilience

    Real-World ISO 27701 Success: Synthesized Case Studies, Metrics, and Lessons for Privacy Resilience

    Real-world ISO 27701 success from Tribeca, Kocho: DSAR efficiency gains, risk score reductions, certification ROI. Synthesized metrics prove privacy resilience

    Run Maturity Assessments with GRADUM

    Transform your compliance journey with our AI-powered assessment platform

    Assess your organization's maturity across multiple standards and regulations including ISO 27001, DORA, NIS2, NIST, GDPR, and hundreds more. Get actionable insights and track your progress with collaborative, AI-powered evaluations.

    100+ Standards & Regulations
    AI-Powered Insights
    Collaborative Assessments
    Actionable Recommendations

    Check out these other Gradum.io Standards Comparison Pages

    APPI vs COBIT

    Compare APPI vs COBIT: Japan's privacy law meets IT governance framework. Unlock compliance strategies, risks & phased implementation for global data mastery. Dive in!

    NIS2 vs CSA

    Discover NIS2 vs CSA: Compare scopes, risk mgmt, reporting & fines. Master EU cyber compliance, avoid €10M penalties—read now!

    PIPL vs EPA

    Discover PIPL vs EPA: China's data privacy powerhouse meets US environmental regs. Key diffs, compliance strategies, risks & wins for global biz. Dive in now!