After initial certification, ISO 27001 requires annual surveillance audits by the certification body to verify the ISMS continues to operate effectively. Surveillance audits are shorter than the full certification audit and focus on a sample of controls, any known nonconformities, and organizational changes. A full recertification audit occurs every three years.
Keep Exploring