ISO/IEC 27034 is the international standard series for Application Security (AppSec) — providing a framework for integrating security into the complete application development, deployment, and operational lifecycle. The series covers overview and concepts (27034-1), organisation normative framework (ONF, 27034-2), application security management process (27034-3), application security validation (27034-4), protocols and application security controls data structure (27034-5), case studies (27034-6), and application security assurance prediction (27034-7).

ISO 27034's core concept is the Application Security Control (ASC) — a documented security measure with associated activities at specific lifecycle stages. The Organisational Normative Framework (ONF) is the organisation-level repository of ASCs, security requirements, and business context. Each application has an Application Normative Framework (ANF) — a tailored subset of the ONF defining which controls apply to that specific application. This structured approach enables scalable, consistent application security across large development portfolios.

🏠 ISO 27001 Integration: ISO 27034 is the application security implementation guide for ISO 27001 Annex A control A.8.25 (Secure Development Lifecycle). Organisations with ISO 27001 certification use ISO 27034 to demonstrate mature, systematic application security management.