The audits and associated costs needed to gain and maintain ISO 27001 certification

Once certified, an ISO 27001 certified Information Security Management System (ISMS) must be audited annually to maintain certification. Internal Audits must be done each year by a third party, like ISO27001 Solutions, or internal personnel with an appropriate level of expertise who has not been instrumental in building or running the ISMS