The ISO 27034-2 standard aims to enable an organisation to align or integrate its organisation normative framework (ONF) with its enterprise architecture and/or information security management system (ISMS) requirements, to ensure the security of its applications.
It should be noted that implementing an ISO 27001-compliant ISMS is not a requirement for implementing this standard.
The ISO 27034 standard provides concepts, principles, frameworks, components and processes to help organisations seamlessly integrate security throughout the lifecycle of their applications.
This part of ISO 27034 defines the processes required to manage the security of applications in the organisation, and introduces security-related elements of applications and the process for auditing the organisation normative framework (ONF).
It is aimed at a general audience as well as managers, members of the ONF committee, the ONF development team, domain experts and auditors.