ISO 27032
International guidelines for Internet cybersecurity collaboration
EN 1090
EU standard for execution of structural steel and aluminium.
Quick Verdict
ISO 27032 provides voluntary cybersecurity guidelines for internet risks across industries globally, while EN 1090 mandates CE marking and FPC for structural steel/aluminium in EU construction. Organizations adopt ISO 27032 for resilience; EN 1090 for legal market access.
ISO 27032
ISO/IEC 27032:2023 Cybersecurity – Guidelines for Internet Security
Key Features
- Multi-stakeholder collaboration across cyberspace ecosystems
- Guidelines bridging siloed security domains
- Risk assessment for Internet-specific threats
- Annex mapping to ISO 27002 controls
- Emphasis on detection and incident coordination
EN 1090
EN 1090 Execution of steel and aluminium structures
Key Features
- Risk-based Execution Classes (EXC1-EXC4)
- Factory Production Control (FPC) certification
- CE marking under CPR for market access
- Welding quality management via ISO 3834
- Material traceability and NDT inspection requirements
Detailed Analysis
A comprehensive look at the specific requirements, scope, and impact of each standard.
ISO 27032 Details
What It Is
ISO/IEC 27032:2023 is an international guidelines standard titled Cybersecurity – Guidelines for Internet Security. It provides non-certifiable guidance for managing Internet security risks in interconnected ecosystems, emphasizing multi-stakeholder collaboration. Its risk-based approach connects information security, network security, Internet security, and critical infrastructure protection.
Key Components
- Stakeholder roles and collaboration frameworks
- Risk assessment, threat modeling, incident management
- Controls mapped to ISO/IEC 27002 in Annex A (no fixed control count)
- Principles of trust, transparency, PDCA cycle
- Guidance-only model, integrates with ISO 27001 ISMS
Why Organizations Use It
- Reduces ecosystem risks, shortens incident dwell time
- Aids regulatory alignment (e.g., NIS2, GDPR intersections)
- Enhances resilience, stakeholder trust, competitive edge
- Streamlines vendor management, operational efficiency
Implementation Overview
Phased approach: gap analysis, risk prioritization, controls deployment, monitoring. Suited for all sizes/industries with online presence; no certification required, focuses on continuous improvement via audits and exercises. (178 words)
EN 1090 Details
What It Is
EN 1090 is a harmonized European standard family (EN 1090-1, -2, -3) under the Construction Products Regulation (CPR). It governs execution and conformity assessment of structural steel and aluminium components for construction works. Primary purpose: ensure safe fabrication, assembly, and CE marking via risk-based Execution Classes (EXC1–EXC4).
Key Components
- **EN 1090-1Conformity assessment, Factory Production Control (FPC) certification.
- **EN 1090-2/-3Technical rules for steel/aluminium (welding, tolerances, corrosion protection).
- Core pillars: material traceability, welding (ISO 3834), inspection/NDT, tolerances.
- Notified Body certification with ongoing surveillance.
Why Organizations Use It
Mandatory for EU/EEA market access via CE marking; reduces liability, ensures compliance. Benefits: risk mitigation, quality consistency, competitive tenders. Builds stakeholder trust through traceability and certified capability.
Implementation Overview
Phased: gap analysis, FPC design, personnel training (welding coordinators), NB audits. Applies to fabricators globally targeting Europe; 6-12 months typical, scales with EXC and size.
Key Differences
| Aspect | ISO 27032 | EN 1090 |
|---|---|---|
| Scope | Internet cybersecurity guidelines in cyberspace | Steel/aluminium structural components execution |
| Industry | All sectors with online presence, global | Construction/fabrication, EU/EEA market |
| Nature | Voluntary informative guidance, non-certifiable | Harmonized standard, mandatory CE marking |
| Testing | Risk assessments, internal audits, exercises | FPC certification, NB audits, surveillance |
| Penalties | No legal penalties, reputational risk | Market exclusion, fines, legal liability |
Scope
Industry
Nature
Testing
Penalties
Frequently Asked Questions
Common questions about ISO 27032 and EN 1090
ISO 27032 FAQ
EN 1090 FAQ
You Might also be Interested in These Articles...
The Panoramic View: How Integrated Compliance Monitoring Creates Unprecedented Organizational Visibility and Adaptability
Gain unprecedented organizational visibility with integrated compliance monitoring. Automate real-time alerts, ensure GDPR & SOC 2 adherence, reduce risks, and
Singapore PDPA Implementation Guide: Mastering Part 6A Breach Notification Thresholds and Timelines from Primary Statute
Master Singapore PDPA Part 6A breach notifications: statutory thresholds (risk of significant harm), 72-hour timelines, checklists, templates & frameworks. Comp
Measuring NIST CSF 2.0 Success: KPIs, Dashboards, and Continuous Improvement Using Tiers & Profiles
Transform NIST CSF 2.0 into quantifiable success: Define board-ready KPIs for Functions, build Profile dashboards, track Tier progression. Prove ROI amid cyber
Run Maturity Assessments with GRADUM
Transform your compliance journey with our AI-powered assessment platform
Assess your organization's maturity across multiple standards and regulations including ISO 27001, DORA, NIS2, NIST, GDPR, and hundreds more. Get actionable insights and track your progress with collaborative, AI-powered evaluations.
Check out these other Gradum.io Standards Comparison Pages
ISO 9001 vs SOX
Compare ISO 9001 vs SOX: Global QMS standard for quality excellence vs US financial controls law. Learn key differences, benefits & strategies to boost compliance, efficiency & trust now!
HIPAA vs Basel III
Compare HIPAA vs Basel III: Decode healthcare PHI privacy/security rules vs banking capital/liquidity standards. Boost compliance, cut risks—expert insights await!
K-PIPA vs WCAG
Compare K-PIPA vs WCAG: Master South Korea's consent-driven privacy law & global accessibility standards (POUR, AA). Ensure compliance, cut fines, build trust. Dive in now.