What is the primary objective of **ISO 37001**?

**ISO 37001 establishes requirements for an Anti-Bribery Management System (ABMS) to prevent, detect, and respond to bribery.** It follows the PDCA cycle across Clauses 4–10, requiring proportionate controls for bribery risks by the organization, personnel, and business associates, without guaranteeing bribery will never occur. Certification demonstrates reasonable measures aligned with anti-bribery laws.

Who is legally or professionally required to comply with **ISO 37001**?

**ISO 37001 applies voluntarily to any organization—public, private, or not-for-profit—regardless of size, type, or sector.** High-risk entities like multinationals in extractives, construction, or public procurement adopt it for evidentiary value in enforcement under FCPA or UK Bribery Act, with 99% of surveyed firms performing third-party due diligence.

Oes **ISO 37001** require an external audit or third-party certification?

**ISO 37001 certification is optional but involves accredited third-party audits via Stage 1 (documentation) and Stage 2 (effectiveness).** Certificates are issued for 3 years with annual surveillance audits every 12–24 months, amplifying evidentiary value for liability mitigation.

How often should an assessment for **ISO 37001** be performed?

**Bribery risk assessments under ISO 37001 must be conducted periodically and when significant changes occur.** Mature programs include onboarding (99% of firms), contract renewals, and independent reviews (56%), with internal audits at planned intervals and continual improvement per Clause 10.

What are the consequences of non-compliance with **ISO 37001**?

**Non-conformance with ISO 37001 risks certification denial, suspension, or withdrawal via major audit findings.** Operationally, it exposes organizations to full bribery liability, as certification provides no absolute immunity but may reduce penalties; up to 95% of cases involve third parties lacking controls.

An **ISO 37001** be mapped to other international frameworks?

**Yes, ISO 37001 aligns with the Harmonized Structure (HS) for integration with other ISO management systems.** Its PDCA architecture and Clause 4–10 map seamlessly to standards sharing HS, enabling unified audits, risk processes, and documentation without duplication.

What is the first step to begin implementing **ISO 37001**?

**The first step is determining organizational context and scope per Clause 4, including bribery risk assessment.** Conduct a gap analysis against Clauses 4–10, secure leadership commitment (Clause 5), and appoint an anti-bribery compliance function to ensure proportionate ABMS design.

What is the primary objective of **EN 1090**?

**EN 1090 ensures controlled execution and conformity assessment of structural steel and aluminium components for CE marking under the Construction Products Regulation (CPR).** It comprises **EN 1090-1** for conformity assessment via certified **Factory Production Control (FPC)** and **Declaration of Performance (DoP)**, **EN 1090-2** for steel technical requirements (welding, tolerances, inspection), and **EN 1090-3** for aluminium. Risk-based **Execution Classes (EXC1–EXC4)** scale controls based on **consequence class (CC1–CC3)**, **service category (SC1–SC2)**, and **production category (PC1–PC2)**.

Who is legally or professionally required to comply with **EN 1090**?

**Manufacturers of load-bearing steel and aluminium structural components and kits for permanent incorporation in EU construction works must comply with EN 1090 to affix CE marking.** This includes fabricators, welding shops, and suppliers to construction projects like buildings, bridges, and stadia. Compliance is mandatory for market placement in the EEA via certified **FPC** under **EN 1090-1**.

Oes **EN 1090** require an external audit or third-party certification?

**Yes, EN 1090 requires third-party certification of the Factory Production Control (FPC) system by a notified body under AVCP systems.** This involves initial inspection, **Initial Type Testing (ITT)** or **Type Calculation (ITC)** review, FPC certification, and ongoing surveillance audits to verify constancy of performance for CE marking.

How often should an assessment for **EN 1090** be performed?

**EN 1090 requires initial notified body certification followed by continuous surveillance audits, typically annually.** Frequency scales with **Execution Class (EXC)** per **EN 1090-1 Table B.3**, with higher EXC (e.g., EXC4) demanding more intensive monitoring of **FPC**, welding, and traceability.

What are the consequences of non-compliance with **EN 1090**?

**Non-compliance with EN 1090 prohibits CE marking, blocking EEA market access and risking product withdrawal, fines, or liability under CPR.** Notified bodies may suspend certificates for major non-conformities, publicizing status; structural failures expose manufacturers to civil claims and reputational damage.

An **EN 1090** be mapped to other international frameworks?

**No, EN 1090 FAQs focus solely on its standalone requirements as the harmonized CPR standard for structural metal components.** It defines unique **FPC**, **EXC**, and execution rules without direct mappings specified.

What is the first step to begin implementing **EN 1090**?

**The first step is to determine the Execution Class (EXC1–EXC4) for products using the CC/SC/PC matrix and conduct a gap analysis against EN 1090-1 FPC requirements.** Appoint a **Responsible Welding Coordinator (rWC)** and engage a notified body early for scope confirmation.

ISO 37001 vs EN 1090

Standards Comparison

ISO 37001

Voluntary

2025

International standard for anti-bribery management systems

EN 1090

Mandatory

2009

EU standard for steel and aluminium structural execution

Quick Verdict

ISO 37001 provides voluntary anti-bribery management for global organizations, mitigating corruption risks through certification. EN 1090 mandates CE marking for EU structural steel/aluminium, ensuring safety via FPC. Companies adopt ISO 37001 for ethics/trust; EN 1090 for legal market access.

Anti-Bribery/Compliance

ISO 37001

ISO 37001:2025 Anti-bribery management systems

Cost

€€€

Complexity

High

Implementation Time

6-12 months

Key Features

Risk-based anti-bribery management system framework
Mandatory third-party due diligence and monitoring
Leadership commitment and anti-bribery culture requirements
PDCA cycle for continuous improvement and audits
Internationally certifiable standard with HS structure

Structural Metalwork

EN 1090

EN 1090: Execution of steel and aluminium structures

Cost

€€€€

Complexity

High

Implementation Time

6-12 months

Key Features

Factory Production Control (FPC) certification required
Execution Classes (EXC1-4) for risk-based requirements
CE marking mandatory for EU market access
Welding quality management via ISO 3834 alignment
Full material and process traceability enforced

Detailed Analysis

A comprehensive look at the specific requirements, scope, and impact of each standard.

ISO 37001 Details

What It Is

ISO 37001:2025 Anti-bribery management systems is an international certifiable standard for establishing, implementing, and improving an Anti-Bribery Management System (ABMS). It applies to all organization types and sizes, focusing on preventing, detecting, and responding to bribery risks through a risk-based, proportionate approach using the Harmonized Structure (HS) and PDCA cycle.

Key Components

**Clauses 4-10Context, leadership, planning, support, operation, evaluation, improvement.
Core controls: Policy, risk assessment, due diligence, financial/non-financial controls, training, reporting.
**Third-party focusDue diligence, commitments from business associates.
Certifiable via accredited bodies with Stage 1/2 audits and surveillance.

Why Organizations Use It

Mitigates legal risks (e.g., FCPA, UK Bribery Act) as evidentiary due diligence.
Builds stakeholder trust, reputational assurance, ESG alignment.
Delivers 15% compliance cost reductions, operational efficiencies.
Enables market access, competitive tenders.

Implementation Overview

Phased: Gap analysis, risk assessment, controls design, training, audits. Scalable for SMEs/multinationals; 6-12 months typical. Integrates with ISO 9001/27001; transition to 2025 by Feb 2027.

EN 1090 Details

What It Is

EN 1090 is the European harmonized standard family (EN 1090-1, -2, -3) for execution and conformity assessment of steel and aluminium structural components. It implements the EU Construction Products Regulation (CPR), enabling CE marking. Primary purpose: ensure controlled fabrication, welding, inspection, and traceability for load-bearing components in construction. Key approach: risk-based scaling via Execution Classes (EXC1–EXC4).

Key Components

EN 1090-1Factory Production Control (FPC)**, Declaration of Performance (DoP), AVCP systems with Notified Body certification.
**EN 1090-2/-3Technical rules for steel/aluminium (materials, welding per ISO 3834, tolerances, corrosion protection, NDT).
Core principles: traceability, qualified personnel, inspection regimes.
Compliance model: third-party FPC certification and ongoing surveillance.

Why Organizations Use It

Mandatory CE marking for EU market access; non-compliance risks exclusion, fines.
Reduces defects, rework; enhances liability control.
Builds trust with clients, enables high-risk projects.

Implementation Overview

Phased: gap analysis, FPC build, welding qualification, NB audit.
Applies to fabricators in construction; scales by size/EXC.
Requires Notified Body certification; 3–12 months typical.

Key Differences

Aspect	ISO 37001	EN 1090
Scope	Anti-bribery management systems (ABMS)	Structural steel/aluminium execution & conformity
Industry	All sectors worldwide, any organization size	Construction/metal fabrication, EU/EEA market
Nature	Voluntary certifiable management standard	Mandatory harmonized standard for CE marking
Testing	Internal audits, management reviews, certification	FPC certification, surveillance audits, NDT
Penalties	Loss of certification, reputational damage	Market exclusion, fines, legal enforcement

Scope

ISO 37001

Anti-bribery management systems (ABMS)

EN 1090

Structural steel/aluminium execution & conformity

Industry

ISO 37001

All sectors worldwide, any organization size

EN 1090

Construction/metal fabrication, EU/EEA market

Nature

ISO 37001

Voluntary certifiable management standard

EN 1090

Mandatory harmonized standard for CE marking

Testing

ISO 37001

Internal audits, management reviews, certification

EN 1090

FPC certification, surveillance audits, NDT

Penalties

ISO 37001

Loss of certification, reputational damage

EN 1090

Market exclusion, fines, legal enforcement

Frequently Asked Questions

Common questions about ISO 37001 and EN 1090

ISO 37001 FAQ

EN 1090 FAQ

You Might also be Interested in These Articles...

NIST CSF 2.0: Key Enhancements and How They Address Evolving Cyber Threats

Explore NIST CSF 2.0 updates: Govern function, supply chain security, SME playbooks for ransomware & AI threats. Boost your cyber defenses now!

HITRUST CSF MyCSF Platform Mastery: Infograph of Evidence Tagging Workflows and Top 5 Maturity Tier Acceleration Takeaways

Master MyCSF platform with infographics on evidence tagging for 1,400+ HITRUST controls across 19 domains. Cut documentation by 30%, boost Measured/Managed tier

CMMC Level 3 Implementation Guide: Integrating NIST SP 800-172 Enhanced Controls for APT Defense

Step-by-step CMMC Level 3 guide for DIB contractors. Implement 24 NIST SP 800-172 controls on Level 2. Prep for DIBCAC, C3PAO scoping & 180-day POA&Ms. Boost cy

Run Maturity Assessments with GRADUM

Transform your compliance journey with our AI-powered assessment platform

Assess your organization's maturity across multiple standards and regulations including ISO 27001, DORA, NIS2, NIST, GDPR, and hundreds more. Get actionable insights and track your progress with collaborative, AI-powered evaluations.

100+ Standards & Regulations

AI-Powered Insights

Collaborative Assessments

Actionable Recommendations

Check out these other Gradum.io Standards Comparison Pages

RoHS vs UAE PDPL

Compare RoHS hazardous substance bans vs UAE PDPL data privacy rules. Unlock compliance strategies for electronics firms in global markets. Navigate risks now!

SQF vs ISO 27701

Compare SQF vs ISO 27701: SQF drives HACCP-based food safety & GMP excellence; ISO 27701 powers privacy management systems. Gain compliance edge—explore differences now!

ISA 95 vs AS9120B

Discover ISA 95 vs AS9120B: Compare manufacturing integration standards with aerospace QMS for distributors. Unlock key differences, benefits & implementation insights. Dive in now!

ISO 37001

EN 1090

Quick Verdict

ISO 37001

Key Features

EN 1090

Key Features

Detailed Analysis

ISO 37001 Details

What It Is

Key Components

Why Organizations Use It

Implementation Overview

EN 1090 Details

What It Is

Key Components

Why Organizations Use It

Implementation Overview

Key Differences

Scope

Industry

Nature

Testing

Penalties

Frequently Asked Questions

ISO 37001 FAQ

What is the primary objective of ISO 37001?

Who is legally or professionally required to comply with ISO 37001?

Oes ISO 37001 require an external audit or third-party certification?

How often should an assessment for ISO 37001 be performed?

What are the consequences of non-compliance with ISO 37001?

An ISO 37001 be mapped to other international frameworks?

What is the first step to begin implementing ISO 37001?

EN 1090 FAQ

What is the primary objective of EN 1090?

Who is legally or professionally required to comply with EN 1090?

Oes EN 1090 require an external audit or third-party certification?

How often should an assessment for EN 1090 be performed?

What are the consequences of non-compliance with EN 1090?

An EN 1090 be mapped to other international frameworks?

What is the first step to begin implementing EN 1090?

You Might also be Interested in These Articles...

NIST CSF 2.0: Key Enhancements and How They Address Evolving Cyber Threats

HITRUST CSF MyCSF Platform Mastery: Infograph of Evidence Tagging Workflows and Top 5 Maturity Tier Acceleration Takeaways

CMMC Level 3 Implementation Guide: Integrating NIST SP 800-172 Enhanced Controls for APT Defense

Run Maturity Assessments with GRADUM

Check out these other Gradum.io Standards Comparison Pages

RoHS vs UAE PDPL

SQF vs ISO 27701

ISA 95 vs AS9120B