What is the primary objective of **ISO 9001**?

**ISO 9001's primary objective is to specify requirements for a quality management system (QMS) enabling organizations to consistently provide products and services meeting customer and regulatory requirements while pursuing continual improvement.** It establishes a process-based framework across 10 clauses (4-10 auditable), rooted in the PDCA cycle and seven quality management principles: customer focus, leadership, engagement of people, process approach, improvement, evidence-based decision making, and relationship management. Applicable to any organization size or sector, it emphasizes risk-based thinking introduced in the 2015 edition, with over 1 million certifications worldwide demonstrating its role in enhancing efficiency and customer satisfaction.

Who is legally or professionally required to comply with **ISO 9001**?

**No organization is legally required to comply with ISO 9001, as certification is voluntary.** However, it is professionally mandated in many supply chains, government tenders, and regulated sectors like aerospace (AS9100) or medical devices (ISO 13485), where clients or contracts demand it for market access. With applicability to any size or type, over 1 million certified entities in 170+ countries adopt it to signal QMS maturity, though non-adoption risks exclusion from competitive bids without legal penalties.

Does **ISO 9001** require an external audit or third-party certification?

**ISO 9001 does not require external audit or third-party certification, which remains voluntary.** Compliance can be self-declared via internal audits, but certification by accredited bodies involves Stage 1 (documentation review) and Stage 2 (implementation verification), followed by annual surveillance and triennial recertification. As the only certifiable ISO 9000 standard, it boosts credibility, with over 1 million certificates issued.

How often should an assessment for **ISO 9001** be performed?

**ISO 9001 requires internal audits at planned intervals based on process importance, status, and risks, with no fixed frequency specified.** Management reviews occur at least annually, though quarterly is recommended for effectiveness. Externally, certified organizations undergo surveillance audits annually and recertification every three years, aligning with the PDCA cycle for continual evaluation.

What are the consequences of non-compliance with **ISO 9001**?

**Non-compliance with ISO 9001 carries no direct legal penalties, as it is voluntary, but results in certification suspension, withdrawal, or audit nonconformities.** Internal failures lead to operational risks like defects, customer dissatisfaction, and inefficiencies; professionally, it risks lost contracts, tenders, and market access in demanding sectors.

An **ISO 9001** be mapped to other international frameworks?

**Yes, ISO 9001 maps seamlessly to other frameworks via its Annex SL High-Level Structure, sharing clauses 4-10.** This enables integration with standards like ISO 14001 or ISO 45001, reducing audit duplication and supporting unified management systems across quality, environment, and safety.

What is the first step to begin implementing **ISO 9001**?

**The first step to implement ISO 9001 is conducting a gap analysis against Clauses 4-10 following purchase of the standard (CHF 155 for PDF).** This assesses current processes against requirements, identifying context, leadership gaps, and risks, typically via a seven-phase approach starting with executive commitment and context evaluation.

What is the primary objective of **EN 1090**?

**EN 1090 ensures controlled execution and conformity assessment of structural steel and aluminium components for CE marking under the Construction Products Regulation (CPR).** It comprises **EN 1090-1** for conformity assessment including certified **Factory Production Control (FPC)** and **Declaration of Performance (DoP)**, **EN 1090-2** for steel structures, and **EN 1090-3** for aluminium. Risk-based **Execution Classes (EXC1–EXC4)** scale requirements for welding, traceability, tolerances, and inspection based on consequence class (CC1–CC3), service category (SC1–SC2), and production category (PC1–PC2).

Who is legally or professionally required to comply with **EN 1090**?

**Manufacturers of load-bearing steel and aluminium structural components and kits for permanent incorporation in EU/EEA construction works must comply with EN 1090 to affix CE marking.** This includes fabricators supplying to buildings, bridges, stadia, and industrial structures. Compliance is mandatory under CPR for market placement; non-structural or non-metallic elements are excluded.

Oes **EN 1090** require an external audit or third-party certification?

**Yes, EN 1090-1 mandates certification of the Factory Production Control (FPC) system by a notified body via AVCP systems.** This involves initial inspection of the factory and FPC, issuance of a certificate enabling CE marking and DoP, followed by continuous surveillance audits to verify ongoing performance constancy.

How often should an assessment for **EN 1090** be performed?

**EN 1090 requires ongoing surveillance audits by the notified body after initial FPC certification, typically annually.** Frequency follows EN 1090-1 Table B.3, scaled by execution class (EXC) and prior audit results; internal audits support FPC maintenance, with changes triggering re-assessments.

What are the consequences of non-compliance with **EN 1090**?

**Non-compliance with EN 1090 prevents lawful CE marking, risking market exclusion, product withdrawal, fines, and liability under CPR.** Notified bodies may suspend or withdraw FPC certificates for major non-conformities, publicizing status; structural failures expose manufacturers to civil claims and reputational damage.

An **EN 1090** be mapped to other international frameworks?

**EN 1090 integrates with standards like ISO 3834 for welding quality, but direct mappings to other frameworks are not prescribed.** It aligns operationally with ISO 9001 for FPC foundations and Eurocodes for design, focusing solely on execution and conformity for steel/aluminium structures.

What is the first step to begin implementing **EN 1090**?

**The first step is to perform a product scope self-assessment and determine Execution Class (EXC1–EXC4) based on consequence, service, and production categories.** Default to **EXC2** if unspecified, then conduct a gap analysis against FPC requirements before engaging a notified body.

ISO 9001 vs EN 1090

Standards Comparison

ISO 9001

Voluntary

2015

International standard for quality management systems

EN 1090

Mandatory

2009

EU harmonized standard for steel/aluminium structures execution

Quick Verdict

ISO 9001 provides voluntary QMS certification for global efficiency, while EN 1090 mandates CE marking for EU structural steel/aluminium via FPC. Companies adopt ISO 9001 for broad quality gains; EN 1090 for legal market access and compliance.

Quality Management

ISO 9001

ISO 9001:2015 Quality management systems – Requirements

Cost

€€€

Complexity

Medium

Implementation Time

6-12 months

Key Features

Risk-based thinking embedded throughout QMS
PDCA cycle drives continual improvement
Seven quality management principles foundation
High-Level Structure enables standard integration
Process approach applicable to all organizations

Structural Metalwork

EN 1090

EN 1090: Execution of steel and aluminium structures

Cost

€€€€

Complexity

High

Implementation Time

6-12 months

Key Features

Risk-based Execution Classes (EXC1-EXC4)
Factory Production Control (FPC) certification
Welding management via ISO 3834
Material traceability and NDT requirements
CE marking with Notified Body oversight

Detailed Analysis

A comprehensive look at the specific requirements, scope, and impact of each standard.

ISO 9001 Details

What It Is

ISO 9001:2015 is the international certification standard for quality management systems (QMS). It specifies requirements for organizations to consistently meet customer and regulatory needs through a process-based, risk-oriented framework using the PDCA cycle.

Key Components

10 clauses (4-10 auditable): context, leadership, planning, support, operation, evaluation, improvement.
Built on **seven quality principlescustomer focus, leadership, engagement, process approach, improvement, evidence-based decisions, relationships.
Annex SL High-Level Structure for integration; voluntary third-party certification with audits.

Why Organizations Use It

Enhances customer satisfaction, efficiency, risk management.
Boosts market access, reputation; over 1M certifications worldwide.
Drives cost savings, compliance; signals trust to stakeholders.

Implementation Overview

Gap analysis, process mapping, training, internal audits.
6-12 months typical; suits all sizes/sectors; certification via accredited bodies with surveillance.

EN 1090 Details

What It Is

EN 1090 is a family of European harmonized standards (EN 1090-1 for conformity assessment, EN 1090-2 for steel, EN 1090-3 for aluminium) governing execution and CE marking of structural components under the CPR. It ensures safe fabrication via a risk-based approach using Execution Classes (EXC1–EXC4) to scale controls by failure consequences.

Key Components

**Factory Production Control (FPC)Certified system for traceability, processes, inspections.
**Technical requirementsWelding (ISO 3834), materials, tolerances, corrosion, NDT.
**Conformity modelAVCP, DoP, Notified Body audits/surveillance.

Why Organizations Use It

Mandatory for EEA market access with CE marking.
Reduces liability, rework; enables high-risk projects.
Builds trust, competitive advantage via quality assurance.

Implementation Overview

Phased: gap analysis, FPC build, training, ITT/ITC, NB certification. For fabricators in EU/UK construction; scales by size/EXC.

Key Differences

Aspect	ISO 9001	EN 1090
Scope	Quality management systems for all organizations	Execution and conformity of steel/aluminium structures
Industry	All sectors worldwide, any size	Construction, steel/aluminium fabrication, EU-focused
Nature	Voluntary certifiable QMS standard	Mandatory for CE marking under CPR regulation
Testing	Internal audits, management reviews, certification audits	FPC certification, ITT/ITC, notified body surveillance
Penalties	Loss of certification, market disadvantage	Market exclusion, fines, legal liability

Scope

ISO 9001

Quality management systems for all organizations

EN 1090

Execution and conformity of steel/aluminium structures

Industry

ISO 9001

All sectors worldwide, any size

EN 1090

Construction, steel/aluminium fabrication, EU-focused

Nature

ISO 9001

Voluntary certifiable QMS standard

EN 1090

Mandatory for CE marking under CPR regulation

Testing

ISO 9001

Internal audits, management reviews, certification audits

EN 1090

FPC certification, ITT/ITC, notified body surveillance

Penalties

ISO 9001

Loss of certification, market disadvantage

EN 1090

Market exclusion, fines, legal liability

Frequently Asked Questions

Common questions about ISO 9001 and EN 1090

ISO 9001 FAQ

EN 1090 FAQ

You Might also be Interested in These Articles...

The DORA 'Hot Seat' Blueprint: Preparing Leadership and the Management Body for Regulatory Interviews

Prepare your Board & Management Body for DORA audits. Master the human element: demonstrate active oversight & accountability in regulatory interviews. Get the

CIS Controls v8.1 for Cloud & SaaS: A Practical Safeguard Playbook for AWS/Azure/GCP and Microsoft 365

Turn CIS Controls v8.1 into a cloud-first playbook for AWS, Azure, GCP & Microsoft 365. Get actionable IaaS/PaaS/SaaS safeguards, automation patterns, evidence

ISO 27701 Implementation Roadmap: Step-by-Step Guide for Extending Your ISO 27001 ISMS to PIMS

Extend ISO 27001 ISMS to ISO 27701 PIMS with this step-by-step roadmap. Master role-specific controls, avoid pitfalls, meet certification evidence needs for pri

Run Maturity Assessments with GRADUM

Transform your compliance journey with our AI-powered assessment platform

Assess your organization's maturity across multiple standards and regulations including ISO 27001, DORA, NIS2, NIST, GDPR, and hundreds more. Get actionable insights and track your progress with collaborative, AI-powered evaluations.

100+ Standards & Regulations

AI-Powered Insights

Collaborative Assessments

Actionable Recommendations

Check out these other Gradum.io Standards Comparison Pages

AS9100 vs 23 NYCRR 500

Compare AS9100 vs 23 NYCRR 500: Aerospace QMS mastery meets NYDFS cybersecurity mandates. Unlock risk strategies, compliance roadmaps, and implementation wins now.

CMMC vs HIPAA

CMMC vs HIPAA: Compare DoD cybersecurity levels & healthcare PHI safeguards. Key NIST controls, compliance strategies for FCI/CUI protection. Expert insights—get compliant now!

ISO 27032 vs BREEAM

ISO 27032 vs BREEAM: Cybersecurity guidelines for Internet threats meet sustainable building certification. Compare scopes, boost resilience, compliance & value—explore key differences now!

ISO 9001

EN 1090

Quick Verdict

ISO 9001

Key Features

EN 1090

Key Features

Detailed Analysis

ISO 9001 Details

What It Is

Key Components

Why Organizations Use It

Implementation Overview

EN 1090 Details

What It Is

Key Components

Why Organizations Use It

Implementation Overview

Key Differences

Scope

Industry

Nature

Testing

Penalties

Frequently Asked Questions

ISO 9001 FAQ

What is the primary objective of ISO 9001?

Who is legally or professionally required to comply with ISO 9001?

Does ISO 9001 require an external audit or third-party certification?

How often should an assessment for ISO 9001 be performed?

What are the consequences of non-compliance with ISO 9001?

An ISO 9001 be mapped to other international frameworks?

What is the first step to begin implementing ISO 9001?

EN 1090 FAQ

What is the primary objective of EN 1090?

Who is legally or professionally required to comply with EN 1090?

Oes EN 1090 require an external audit or third-party certification?

How often should an assessment for EN 1090 be performed?

What are the consequences of non-compliance with EN 1090?

An EN 1090 be mapped to other international frameworks?

What is the first step to begin implementing EN 1090?

You Might also be Interested in These Articles...

The DORA 'Hot Seat' Blueprint: Preparing Leadership and the Management Body for Regulatory Interviews

CIS Controls v8.1 for Cloud & SaaS: A Practical Safeguard Playbook for AWS/Azure/GCP and Microsoft 365

ISO 27701 Implementation Roadmap: Step-by-Step Guide for Extending Your ISO 27001 ISMS to PIMS

Run Maturity Assessments with GRADUM

Check out these other Gradum.io Standards Comparison Pages

AS9100 vs 23 NYCRR 500

CMMC vs HIPAA

ISO 27032 vs BREEAM