Recertification is the periodic review of existing access rights to verify they are still appropriate. Employees change departments, take on new responsibilities, or leave the organisation — without recertification, excessive privileges accumulate over time (privilege creep). Typical intervals are six or twelve months. During recertification you, as a manager, confirm or revoke each permission held by your team members. In an ISMS, recertification is an access-management control aligned with ISO 27001 Annex A 5.18.