GRADUM
    Standards Comparison

    ISO 27001

    Voluntary
    2022

    International standard for information security management systems

    VS

    EN 1090

    Mandatory
    2009

    EU standard for execution and CE marking of steel/aluminium structures.

    Quick Verdict

    ISO 27001 provides voluntary ISMS certification for global infosec resilience, while EN 1090 mandates CE marking for EU structural steel/aluminium via FPC. Organizations adopt ISO 27001 for trust/competitive edge; EN 1090 for legal market access.

    Cybersecurity

    ISO 27001

    ISO/IEC 27001:2022

    Cost
    €€€€
    Complexity
    High
    Implementation Time
    6-12 months

    Key Features

    • Risk-based ISMS with PDCA cycle
    • 93 Annex A controls in four themes
    • Technology- and industry-agnostic framework
    • Internationally recognized certification standard
    • Continual improvement via audits and reviews
    Structural Metalwork

    EN 1090

    EN 1090: Execution of steel and aluminium structures

    Cost
    €€€€
    Complexity
    High
    Implementation Time
    6-12 months

    Key Features

    • Risk-based Execution Classes (EXC1-4) scaling requirements
    • Factory Production Control (FPC) certification by Notified Body
    • Mandatory CE marking and Declaration of Performance
    • Welding quality management via ISO 3834 alignment
    • Full materials and processes traceability

    Detailed Analysis

    A comprehensive look at the specific requirements, scope, and impact of each standard.

    ISO 27001 Details

    What It Is

    ISO/IEC 27001:2022 is the international certification standard for establishing, implementing, maintaining, and improving an Information Security Management System (ISMS). It uses a risk-based approach to manage confidentiality, integrity, and availability of information assets across any organization.

    Key Components

    • **Clauses 4-10Mandatory requirements for context, leadership, planning, support, operation, evaluation, and improvement.
    • **Annex A93 controls in four themes (Organizational: 37, People: 8, Physical: 14, Technological: 34).
    • Built on PDCA cycle for continual improvement.
    • Certification via accredited auditors (Stage 1/2, surveillance, recertification every 3 years).

    Why Organizations Use It

    • Mitigates breaches, reduces costs (e.g., 30% fewer incidents).
    • Meets regulatory/contractual needs (GDPR, NIS2 alignments).
    • Builds trust, wins bids (20-30% more in finance/tech).
    • Enhances resilience, insurance discounts.

    Implementation Overview

    • Phased: initiation, risk assessment, controls, audits (6-18 months).
    • Scalable for SMEs to enterprises, all industries.
    • Requires Statement of Applicability (SoA) justifying controls.

    EN 1090 Details

    What It Is

    EN 1090 is a harmonized European standard family (EN 1090-1, -2, -3) under the Construction Products Regulation (CPR). It governs the execution (fabrication/assembly) and conformity assessment of structural steel and aluminium components/kits for construction works. Primary purpose: ensure controlled technical requirements and CE marking eligibility via risk-based Execution Classes (EXC1-4).

    Key Components

    • **EN 1090-1Conformity assessment, Factory Production Control (FPC) certification, Declaration of Performance (DoP).
    • **EN 1090-2/-3Technical rules for steel/aluminium (materials, welding, tolerances, corrosion protection, NDT).
    • Core: ISO 3834 welding alignment, traceability, inspection scaled by EXC; third-party Notified Body certification/surveillance.

    Why Organizations Use It

    Mandatory for EU/EEA market access via CE marking; reduces liability, ensures safety. Benefits: risk-proportionate controls, rework reduction, market credibility, capability for high-risk projects.

    Implementation Overview

    Phased: gap analysis, FPC build, personnel quals (e.g., welding coordinator), ITT/ITC, NB certification, ongoing surveillance. Targets fabricators; 3-12 months typical; audits required.

    Key Differences

    Scope

    ISO 27001
    Information security management systems
    EN 1090
    Structural steel/aluminium execution

    Industry

    ISO 27001
    All industries worldwide
    EN 1090
    Construction/manufacturing EU/EEA

    Nature

    ISO 27001
    Voluntary certification standard
    EN 1090
    Mandatory for CE marking

    Testing

    ISO 27001
    Internal audits/management reviews
    EN 1090
    FPC certification/NDT surveillance

    Penalties

    ISO 27001
    Loss of certification/reputation
    EN 1090
    Market exclusion/legal fines

    Frequently Asked Questions

    Common questions about ISO 27001 and EN 1090

    ISO 27001 FAQ

    EN 1090 FAQ

    You Might also be Interested in These Articles...

    NIST 800-53 Private Sector ROI Reality Check: Isolating Control Family Impacts on 2024 Breach Costs

    NIST 800-53 Private Sector ROI Reality Check: Isolating Control Family Impacts on 2024 Breach Costs

    Discover NIST 800-53 ROI in private sector: control families like RA, SI, SR reduce median breach costs from $100K to under $50K. Get benchmarks to prioritize i

    NIST CSF 2.0 Deep Dive: Mastering the Updated Framework Core Functions

    NIST CSF 2.0 Deep Dive: Mastering the Updated Framework Core Functions

    Unpack NIST CSF 2.0's enhanced Core Functions: Govern, Identify, Protect, Detect, Respond, Recover. Get SME playbooks, governance shifts & strategies for cyber

    CIS Controls v8.1, Operationalized: Top 10 Reasons Compliance Monitoring Software Accelerates Real-World Implementation

    CIS Controls v8.1, Operationalized: Top 10 Reasons Compliance Monitoring Software Accelerates Real-World Implementation

    Operationalize CIS Controls v8.1 with compliance monitoring software. Turn checklists into dashboards, tickets, and audit-proof workflows. Top 10 reasons it acc

    Run Maturity Assessments with GRADUM

    Transform your compliance journey with our AI-powered assessment platform

    Assess your organization's maturity across multiple standards and regulations including ISO 27001, DORA, NIS2, NIST, GDPR, and hundreds more. Get actionable insights and track your progress with collaborative, AI-powered evaluations.

    100+ Standards & Regulations
    AI-Powered Insights
    Collaborative Assessments
    Actionable Recommendations

    Check out these other Gradum.io Standards Comparison Pages

    NIST 800-53 vs SAMA CSF

    Explore NIST 800-53 vs SAMA CSF: US federal controls meet Saudi finance framework. Key diffs, mappings, maturity models & strategies boost global compliance now.

    SAFe vs ISO 27032

    Compare SAFe vs ISO 27032: Scale agile enterprises with SAFe frameworks while securing cyberspace via ISO 27032 guidelines. Boost agility, compliance. Dive in now!

    WEEE vs C-TPAT

    Discover WEEE vs C-TPAT: EU e-waste directive meets US supply chain security. Unlock compliance strategies, risks & circular economy insights for global ops. Expert comparison now!