Key rotation is the periodic replacement of cryptographic keys on a defined schedule or triggered by an event such as a suspected compromise. Rotation limits the window during which a compromised key can cause damage. Typical intervals depend on the key type: TLS certificates are renewed annually, symmetric database keys more frequently depending on classification. You should automate the rotation process to avoid human error. In an ISMS, key rotation is defined in the cryptography policy and tracked in the cryptography register.