2. / Training & Certification
  3. / ISO/IEC 27034
  4. / ISO/IEC 27034 Application Security Foundation

ISO/IEC 27034 Application Security Foundation

The ISO/IEC 27034 Foundation training course provides participants with an understanding of the fundamental principles of application security and the requirements of ISO/IEC 27034. The course covers key domains, including the concepts and scope of application security, as well as organizational and application-level planning, application security controls, and monitoring of security controls. 

Participants will also learn how to verify and align application security practices with organizational objectives and regulatory requirements , including how to tailor an Application Normative Framework (ANF) to define the necessary security controls and processes that help each application meet its Targeted Level of Trust (TLT).

Why Should You Attend?

The ISO/IEC 27034 Foundation training course enables participants to understand the fundamental concepts and principles of application security, as well as the structure, components, and requirements of ISO/IEC 27034. This course is designed to prepare professionals to support the implementation and maintenance of application security throughout the software life cycle.

By attending this course, participants will learn how ISO/IEC 27034 aligns with other standards, understand key security principles such as confidentiality, integrity, and availability, and gain insight into the roles involved in managing the Organization Normative Framework (ONF) and Application Normative Framework (ANF). 

Who Should Attend?

This training course is intended for:

  • Individuals involved in application security or IT governance
  • Professionals seeking to gain knowledge about ISO/IEC 27034 and its application
  • Individuals involved in the implementation, management, or improvement of application security
  • IT professionals, developers, or managers responsible for safeguarding applications

Learning Objectives

By the end of this training course, participants will be able to:

  • Describe the structure, scope, and components of the ISO/IEC 27034 series and understand how it aligns with and complements other standards and frameworks
  • Identify and explain key concepts and principles such as confidentiality, integrity, availability, threats, vulnerabilities, and risks, and understand their relevance in securing applications throughout their life cycle
  • Explain the roles and responsibilities in establishing and maintaining the Organization Normative Framework (ONF) and Application Normative Framework (ANF)
  • Describe the processes for validating application security requirements, assessing security risks, verifying security controls, and using KPIs to support continual improvement of application security practices

Educational Approach

  • This training course includes essay-type exercises and multiple-choice quizzes, helping participants understand application security concepts and processes.
  • Participants are strongly encouraged to interact with one another, exchange ideas, and actively participate in discussions during the training.
  • The quiz structure within the course closely mirrors that of the certification exam, ensuring participants are well-prepared.

PECB offers various training course delivery formats, from traditional classroom settings to modern, technology-driven solutions. To learn more about these formats, please click here.

Prerequisites 

There are no prerequisites to participate in this training course.

More Details

Course agenda

  • Day 1: Introduction to application security and ISO/IEC 27034

    Day 2: Implementation and verification of application security controls

Examination

  • The “PECB ISO/IEC 27034 Foundation” exam fully meets all the PECB Examination and Certification Program (ECP) requirements. It covers the following competency domains:

    Domain 1: Fundamental principles and concepts of application security

    Domain 2: Organizational and application security planning, implementation, and monitoring

    For specific information about the exam type, languages available, and other details, please visit the List of PECB Exams and Exam Rules and Policies.

Certification

  • After passing the exam, you can apply for the credential shown in the table below. The certificate requirements for PECB ISO/IEC 27034 Foundation are:

    Designation Exam Professional experience MS audit/assessment experience ASMS project experience Other requirements
    PECB Certificate Holder in ISO/IEC 27034 Foundation Pass the PECB ISO/IEC 27034 Foundation Exam None None None Signing the PECB Code of Ethics

     

General Information
    • Certificate and examination fees are included in the price of the training course.
    • Participants will receive more than 200 pages of comprehensive training materials, including practical examples, exercises, and quizzes.
    • Participants who have attended the training course will receive an attestation of course completion worth 14 CPD (Continuing Professional Development) credits.
    • Candidates who have completed the training course with one of our partners and failed the first exam attempt are eligible to retake the exam for free within a 12-month period from the date the coupon code is received because the fee paid for the training course includes a first exam attempt and one retake. Otherwise, retake fees apply.

    For more information, please get in touch with us at support@pecb.com or visit www.pecb.com.

SUBSCRIBE TO OUR NEWSLETTER

Subscribe
Help Center

Training & Certification

Resources

Network

Examination

Certification

Company

Terms, Conditions, and Policies | Privacy Statement | Cookie Preferences

© 2025 Professional Evaluation and Certification Board. All rights reserved.

Scroll to Top