ISO 27034 Lead Application Security Auditor
The PECB Certified ISO/IEC 27034 Lead Auditor training course provides participants with the skills and knowledge to audit application security processes based on ISO/IEC 27034 series.
Participants will learn to assess how application security is governed, implemented, and maintained, focusing on key ISO/IEC 27034 concepts such as the Organizational Normative Framework (ONF), Application Normative Framework (ANF), and Application Security Controls (ASCs). The course draws on auditing principles from ISO 19011 and ISO/IEC 17021-1 to support a structured approach to auditing application security. These standards are used as guidance rather than for certification, as ISO/IEC 27034 itself is not a certifiable standard.
Through practical exercises and scenario-based activities, participants will build competence in conducting application security audits in various organizational contexts.
Why Should You Attend?
As application security threats grow increasingly complex, organizations must ensure that all applications, whether internally developed, outsourced, or commercially purchased, are properly secured throughout their lifecycle. ISO/IEC 27034 provides structured guidance for achieving this.
By attending this course, participants will gain the skills to plan, manage, and report on audit activities; evaluate an organization’s ONF, its processes, and components associated with application security, the application security management process (ASMP), and the application’s level of trust.
This training is ideal for professionals seeking to enhance their auditing capabilities, contribute to organizational compliance, and support the ongoing development of application security practices.
Who Can Attend?
This training course is intended for:
- Auditors seeking to perform and lead audits of application security processes
- Information security and IT professionals responsible for application security governance
- Consultants and managers involved in application security compliance assessments
- Members of audit teams and individuals preparing for ISO/IEC 27034 application security audit
Learning Objectives
By the end of this training course, participants will be able to:
- Explain the fundamental concepts and principles of application security based on ISO/IEC 27034
- Interpret the ISO/IEC 27034 guidelines for application security from the perspective of an auditor
- Evaluate the application security conformity to ISO/IEC 27034 guidelines, in accordance with the fundamental audit concepts and principles
- Plan, conduct, and close an ISO/IEC 27034 compliance audit, in accordance with ISO/IEC 17021-1 requirements, ISO 19011 guidelines, and other best practices of auditing
- Manage an ISO/IEC 27034 audit program
Educational Approach
- This training course contains various activities such as exercises, multiple-choice quizzes, real-life scenarios, and best practices used in the implementation of application security.
- Participants are encouraged to communicate with each other and engage in discussions when completing quizzes and exercises.
- The quizzes are structured to reflect the style and format of the certification exam.
Prerequisites
Participants who attend this course must be familiar with application security concepts and have in-depth knowledge of application security principles.
More details
- Day 1: Introduction to application security and the ISO/IEC 27034 family of standards
- Day 2: Initiating and preparing an application security audit
- Day 3: Conducting on-site application security audit
- Day 4: Reporting, completing, and following-up on the audit
- Day 5: Certification exam
The “PECB ISO/IEC 27034 Lead Auditor” exam fully meets the PECB Examination and Certification Program (ECP) requirements. It covers the following competency domains:
- Domain 1: Fundamental principles and concepts of application security
- Domain 2: Application security audit concepts and principles
- Domain 3: Initiating an application security audit
- Domain 4: Preparing an ISO/IEC 27034 audit
- Domain 5: Conducting an ISO/IEC 27034 audit
- Domain 6: Audit closure and follow-up for application security
For specific information about the exam type, languages available, and other details, please visit the List of PECB Exams and Exam Rules and Policies.
After passing the exam, you can apply for one of the credentials in the table below. You will receive a certificate once you fulfill all the requirements of the selected credential.
The certification requirements for PECB ISO/IEC 27034 Lead Auditor are:
| Credential | Exam | Professional experience | MS audit/assessment experience | Other requirements |
| PECB Certified ISO/IEC 27034 Provisional Application Security Auditor | PECB Certified ISO/IEC 27034 Lead Auditor Exam or equivalent | None | None | Signing the PECB Code of Ethics |
| PECB Certified ISO/IEC 27034 Application Security Auditor | PECB Certified ISO/IEC 27034 Lead Auditor Exam or equivalent | Two years: One years of work experience in Application Security | Audit activities: a total of 200 hours | Signing the PECB Code of Ethics |
| PECB Certified ISO/IEC 27034 Lead Application Security Auditor | PECB Certified ISO/IEC 27034 Lead Auditor Exam or equivalent | Five years: Two years of work experience in Application Security | Audit activities: a total of 300 hours | Signing the PECB Code of Ethics |
| PECB Certified ISO/IEC 27034 Senior Lead Application Security Auditor | PECB Certified ISO/IEC 27034 Lead Auditor Exam or equivalent | Ten years: Seven years of work experience in Application Security | Audit activities: a total of 1,000 hours | Signing the PECB Code of Ethics |
The application security audit activities should follow best practices and include the following:
- Planning an audit
- Preparing audit working papers or test plans
- Reviewing documented information
- Conducting opening and closing meetings
- Conducting audit interviews
- Collecting and analyzing audit evidence
- Documenting nonconformities
- Preparing audit reports
- Following up on nonconformities
- Leading an audit team
- Managing an audit program
For more information about the PECB certification process, please refer to Certification Rules and Policies.
Our training courses are available in several delivery formats to suit your needs. Please note that pricing varies depending on the selected format. Some options, such as live or in-person classes, may require a custom quote based on availability and logistics.
| Delivery Option | Self-paced | Virtual Class | In-Person Class | 4-hour package | Intra-Entreprise |
| Price | €899.- | €2199.- | €2499.- | €1299.- | On request |
- Certification and examination fees are included in the price of the training course
- Participants will be provided with the training course material containing over 450 pages of explanatory information, examples, best practices, exercises, and quizzes.
- An attestation of course completion worth 31 CPD (Continuing Professional Development) credits will be issued to the participants who have attended the training course.
- In case candidates fail the exam, they can retake it within 12 months following the initial attempt for free.
For additional information, please contact us.
By clicking on “Buy Now”, you give your explicit consent that the contract will take effect before the withdrawal period ends.(i.e. at the time of the purchase).
You might be interested in
-
Self-Paced
-
Beginner
-
Self-Paced
-
Expert
-
Self-Paced
-
Expert
-
Self-Paced
-
Expert
