CryptoCurrency Security Standard (CCSS) certified systems are audited annually in order to maintain certification.
Because a CCSS audit is a point-in-time assessment, annual audits help verify that the system continues to meet the applicable requirements and certification level as the environment, infrastructure, personnel, and operational processes evolve over time.
In addition to the annual audit cycle, significant architectural or operational changes may require additional review or reassessment to determine whether the certified controls and security posture are still accurately represented.