Once certified, an ISO 27001 certified Information Security Management System (ISMS) must be audited annually to maintain certification. Internal Audits must be done each year by a third party, like ISO27001 Solutions, or internal personnel with an appropriate level of expertise who has not been instrumental in building or running the ISMS. Objectivity is the key here.
ISO 27001 certified organizations are also required to be on a three-year cycle of Surveillance and Recertification Audits by their certification body (the company that handed you your certificate). As an example, if you were certified in 2018 your audit schedule with your certification body would look something like this: