ISO 31000
International guidelines for enterprise risk management
EN 1090
EU standard for steel and aluminium structural execution.
Quick Verdict
ISO 31000 provides voluntary risk management guidelines for all organizations worldwide, enhancing decision-making. EN 1090 mandates CE marking for EU structural steel/aluminium via certified FPC. Companies adopt ISO 31000 for resilience, EN 1090 for legal market access.
ISO 31000
ISO 31000:2018 Risk management — Guidelines
Key Features
- Defines risk as effect of uncertainty on objectives
- Eight principles guiding integrated risk management
- Framework embedding risk into governance and operations
- Iterative six-step risk management process
- Non-certifiable guidelines for any organization
EN 1090
EN 1090: Execution of steel and aluminium structures
Key Features
- Risk-based Execution Classes (EXC1-EXC4)
- Factory Production Control (FPC) certification
- CE marking and Declaration of Performance
- Welding quality via ISO 3834 alignment
- Material traceability and NDT inspection
Detailed Analysis
A comprehensive look at the specific requirements, scope, and impact of each standard.
ISO 31000 Details
What It Is
ISO 31000:2018, Risk management — Guidelines is a non-certifiable international standard providing principles-based guidance for systematic risk management. Its primary purpose is to help organizations of any size or sector manage uncertainty affecting objectives, using an integrated, iterative approach.
Key Components
- **Three pillarsEight principles (e.g., integrated, customized, dynamic), framework (leadership, design, implementation, evaluation, improvement), and process (communication, scope/context/criteria, assessment, treatment, monitoring/review, recording/reporting).
- No fixed controls; flexible, PDCA-aligned model.
- Non-certifiable guidelines emphasizing leadership accountability.
Why Organizations Use It
- Enhances decision-making, value creation/protection, resilience.
- Builds stakeholder trust, supports governance, reduces losses.
- Aligns with regulations indirectly; competitive edge via better risk intelligence.
Implementation Overview
- Phased roadmap: leadership alignment, gap analysis, pilot, scale, monitor.
- Applies universally; involves policy, training, tools like GRC platforms.
- No certification; internal assurance via audits, reviews.
EN 1090 Details
What It Is
EN 1090 is the harmonized European standard family for execution of steel and aluminium structures. It provides technical requirements and conformity assessment under the EU Construction Products Regulation (CPR), enabling CE marking for load-bearing components. Its risk-based approach uses Execution Classes (EXC1-EXC4) to scale requirements by failure consequences, service, and production categories.
Key Components
- **EN 1090-1Conformity assessment, Factory Production Control (FPC), Declaration of Performance (DoP).
- **EN 1090-2/-3Technical rules for steel/aluminium (materials, welding, tolerances, corrosion protection, inspection/NDT).
- Core principles: Traceability, welding quality (ISO 3834), risk-scaled controls.
- **Certification modelNotified Body audits FPC with ongoing surveillance.
Why Organizations Use It
- Mandatory for EU market access via CE marking.
- Reduces liability, ensures safety, cuts rework via disciplined processes.
- Builds trust, enables high-risk projects (bridges, stadia).
Implementation Overview
Phased: Gap analysis, FPC development, welding qualification, NB certification. Applies to fabricators in construction; 6-12 months typical for medium firms, with audits/surveillance.
Key Differences
| Aspect | ISO 31000 | EN 1090 |
|---|---|---|
| Scope | Enterprise risk management guidelines | Structural steel/aluminium execution & conformity |
| Industry | All sectors worldwide, any organization | Construction, steel/aluminium fabrication, EU-focused |
| Nature | Voluntary non-certifiable guidelines | Mandatory harmonized standard for CE marking |
| Testing | Internal monitoring, reviews, no certification | Notified Body FPC certification, surveillance audits |
| Penalties | No legal penalties, internal consequences only | Market exclusion, fines, legal liability without CE |
Scope
Industry
Nature
Testing
Penalties
Frequently Asked Questions
Common questions about ISO 31000 and EN 1090
ISO 31000 FAQ
EN 1090 FAQ
You Might also be Interested in These Articles...
From Reactive Gatekeeper to Proactive Strategist: How Compliance Software Reshapes the Compliance Professional's Day
Discover how compliance software automates monitoring, delivers real-time insights, and transforms compliance pros from reactive gatekeepers to proactive strate
CMMC Level 3 Implementation Guide: Integrating NIST SP 800-172 Enhanced Controls for APT Defense
Step-by-step CMMC Level 3 guide for DIB contractors. Implement 24 NIST SP 800-172 controls on Level 2. Prep for DIBCAC, C3PAO scoping & 180-day POA&Ms. Boost cy
Top 10 SOC 2 Mistakes Startups Make (and Fixes with Automation)
Avoid top 10 SOC 2 mistakes like scope creep & evidence gaps. See fail/pass visuals, client quotes, Vanta/Drata automation fixes for bootstrapped startups. Quic
Run Maturity Assessments with GRADUM
Transform your compliance journey with our AI-powered assessment platform
Assess your organization's maturity across multiple standards and regulations including ISO 27001, DORA, NIS2, NIST, GDPR, and hundreds more. Get actionable insights and track your progress with collaborative, AI-powered evaluations.
Check out these other Gradum.io Standards Comparison Pages
NIST 800-53 vs BRC
Discover NIST 800-53 vs BRC: Contrast federal cyber controls, RMF baselines, and tailoring with HACCP food safety, site standards, and grading. Master compliance now!
HIPAA vs NIST 800-53
Compare HIPAA vs NIST 800-53: Key differences in privacy, security rules & compliance for healthcare. Align frameworks, master risk management & safeguard ePHI—read now!
OSHA vs MLPS 2.0 (Multi-Level Protection Scheme)
Explore OSHA vs MLPS 2.0: US workplace safety meets China's cybersecurity scheme. Uncover gaps, strategies & implementation for global compliance mastery. Dive in now!