ISO/IEC 27034 Lead Application Security Auditor
Build the skill to audit application security programs based on ISO/IEC 27034, assessing governance, implementation and maintenance through structured audit methodologies aligned with ISO/IEC 17021-1 and ISO 19011.
Who is this course for?
- Application security auditors and audit team leaders
- IT and information security professionals managing application security
- Compliance consultants and assessment managers
- Audit team members preparing for ISO/IEC 27034 evaluations
What you'll gain
- The PECB Certified ISO/IEC 27034 Lead Auditor credential, recognised internationally
- The ability to lead ISO/IEC 27034 audits per ISO/IEC 17021-1 and ISO 19011
- Command of application security auditing of the ONF/ANF
- A specialised auditor profile in application security
Course programme
Day 1 · Foundational concepts and audit principles
- Application security and the ISO/IEC 27034 series
- Audit principles, ISO/IEC 17021-1 and ISO 19011
- Context and scope of the audit
Day 2 · Preparing the audit
- Audit planning and documentation review
- Preparing audit activities and the audit plan
- Working documents and sampling
Day 3 · Conducting the audit
- On-site activities and evidence collection
- Audit findings and nonconformities
- Communication during the audit
Day 4 · Closing the audit and managing an audit programme
- Audit conclusions and reporting
- Follow-up and closing the audit
- Managing an audit programme and competence
Day 5 · Certification exam
- Review and mock exam
- Official "PECB Certified ISO/IEC 27034 Lead Auditor" exam (3 hours)
Exam, credits & certification
Once you pass the exam, you can apply for the "PECB Certified ISO/IEC 27034 Lead Application Security Auditor" credential. The exam includes 2 attempts: the first plus a free retake, usable within the following 12 months. Passing first time is no longer a source of pressure. CPD credits correspond to the course level according to PECB. The exam duration is indicative; ask me for the exact details when you enrol.
Your trainer

Ricardo Coronel Lemus
More than 20 years in cybersecurity and compliance, today a vCISO and GRC consultant with real clients in France, Spain and Mexico. I don't approach these standards theoretically: I apply them day to day with real clients: that's what I bring to the coaching and exam preparation I offer.
Frequently asked questions
Do I need any prerequisites?
What language is the exam in?
What is the difference between Self-Study and Self-Study + Coaching?
What if I don't pass the exam?
Is it useful alongside ISO 27001 audits?
Ready to get certified as an application security auditor?
Choose your option above and enrol online. A question or need some advice? Write to me or book a call.