No products in the cart.
The PECB Certified ISO/IEC 27034 Lead Auditor training course provides participants with the skills and knowledge to audit application security processes based on ISO/IEC 27034 series.
Participants will learn to assess how application security is governed, implemented, and maintained, focusing on key ISO/IEC 27034 concepts such as the Organizational Normative Framework (ONF), Application Normative Framework (ANF), and Application Security Controls (ASCs). The course draws on auditing principles from ISO 19011 and ISO/IEC 17021-1 to support a structured approach to auditing application security. These standards are used as guidance rather than for certification, as ISO/IEC 27034 itself is not a certifiable standard.
Through practical exercises and scenario-based activities, participants will build competence in conducting application security audits in various organizational contexts.
Why Should You Attend?
As application security threats grow increasingly complex, organizations must ensure that all applications, whether internally developed, outsourced, or commercially purchased, are properly secured throughout their lifecycle. ISO/IEC 27034 provides structured guidance for achieving this.
By attending this course, participants will gain the skills to plan, manage, and report on audit activities; evaluate an organization’s ONF, its processes, and components associated with application security, the application security management process (ASMP), and the application’s level of trust.
This training is ideal for professionals seeking to enhance their auditing capabilities, contribute to organizational compliance, and support the ongoing development of application security practices.
Who Should Attend?
This training course is intended for:
- Auditors seeking to perform and lead audits of application security processes
- Information security and IT professionals responsible for application security governance
- Consultants and managers involved in application security compliance assessments
- Members of audit teams and individuals preparing for ISO/IEC 27034 application security audit
Learning Objectives
By the end of this training course, participants will be able to:
- Explain the fundamental concepts and principles of application security based on ISO/IEC 27034
- Interpret the ISO/IEC 27034 guidelines for application security from the perspective of an auditor
- Evaluate the application security conformity to ISO/IEC 27034 guidelines, in accordance with the fundamental audit concepts and principles
- Plan, conduct, and close an ISO/IEC 27034 compliance audit, in accordance with ISO/IEC 17021-1 requirements, ISO 19011 guidelines, and other best practices of auditing
- Manage an ISO/IEC 27034 audit program
Educational Approach
- This training course includes essay-type exercises, multiple-choice quizzes, examples and best practices used in application security.
- Participants are strongly encouraged to interact with one another, exchange ideas, and actively participate in discussions.
- The quiz structure within the course closely mirrors that of the certification exam, ensuring participants are well-prepared for the exam.
PECB offers various training course delivery formats, from traditional classroom settings to modern, technology-driven solutions. To learn more about these formats, please click here.
Prerequisites
Participants who attend this course must be familiar with application security concepts and have in-depth knowledge of application security principles.
Course Agenda
- Day 1: Introduction to application security and the ISO/IEC 27034 family of standards
- Day 2: Initiating and preparing an application security audit
- Day 3: Conducting on-site application security audit
- Day 4: Reporting, completing, and following-up on the audit
- Day 5: Certification exam
Examination
- The “PECB ISO/IEC 27034 Lead Auditor” exam fully meets the PECB Examination and Certification Program (ECP) requirements. It covers the following competency domains:
- Domain 1: Fundamental principles and concepts of application security
- Domain 2: Application security audit concepts and principles
- Domain 3: Initiating an application security audit
- Domain 4: Preparing an ISO/IEC 27034 audit
- Domain 5: Conducting an ISO/IEC 27034 audit
- Domain 6: Audit closure and follow-up for application security
For specific information about the exam type, languages available, and other details, please visit the List of PECB Exams and Exam Rules and Policies.
Certification
After passing the exam, you can apply for one of the credentials in the table below. You will receive a certificate once you fulfill all the requirements of the selected credential.
The certification requirements for PECB ISO/IEC 27034 Lead Auditor are:
| Credential | Exam | Professional experience | MS audit/assessment experience | Other requirements |
| PECB Certified ISO/IEC 27034 Provisional Application Security Auditor | PECB Certified ISO/IEC 27034 Lead Auditor Exam or equivalent | None | None | Signing the PECB Code of Ethics |
| PECB Certified ISO/IEC 27034 Application Security Auditor | PECB Certified ISO/IEC 27034 Lead Auditor Exam or equivalent | Two years: One year of work experience in Application Security | Audit activities: a total of 200 hours | Signing the PECB Code of Ethics |
| PECB Certified ISO/IEC 27034 Lead Application Security Auditor | PECB Certified ISO/IEC 27034 Lead Auditor Exam or equivalent | Five years: Two years of work experience in Application Security | Audit activities: a total of 300 hours | Signing the PECB Code of Ethics |
| PECB Certified ISO/IEC 27034 Senior Lead Application Security Auditor | PECB Certified ISO/IEC 27034 Lead Auditor Exam or equivalent | Ten years: Seven years of work experience in Application Security | Audit activities: a total of 1,000 hours | Signing the PECB Code of Ethics |
The application security audit activities should follow best practices and include the following:
- Planning an audit
- Preparing audit working papers or test plans
- Reviewing documented information
- Conducting opening and closing meetings
- Conducting audit interviews
- Collecting and analyzing audit evidence
- Documenting nonconformities
- Preparing audit reports
- Following up on nonconformities
- Leading an audit team
- Managing an audit program
For more information about the PECB certification process, please refer to Certification Rules and Policies.
General Information
- Certificate and examination fees are included in the price of the training course.
- Participants will receive more than 450 pages of comprehensive training materials, including practical examples, exercises, and quizzes.
- Participants who have attended the training course will receive an attestation of course completion worth 31 CPD (Continuing Professional Development) credits.
- Candidates who have completed the training course with one of our partners and failed the first exam attempt are eligible to retake the exam for free within a 12-month period from the date the coupon code is received because the fee paid for the training course includes a first exam attempt and one retake. Otherwise, retake fees apply.
