AIUC-1 certification is valid for one year. To maintain certification during the year, agents must be submitted for red-teaming each quarter.
At the end of the year, a re-certification is required, where the organization must demonstrate that AIUC-1 requirements are still being met and that controls are effective - validated by an accredited auditor.
AIUC-1 evolves with the threat and regulatory landscape every quarter. At the start of your re-certification, you will receive guidance on how the standard has changed since your last audit - which requirements are new or updated, and what your organization needs to implement before auditor fieldwork. You will be certified against the latest version of the standard.
The process will start roughly two months before your existing certification expires.
The re-certification is substantially lighter than the initial first audit:
For organizations expanding the scope of their AIUC-1 certification, additional effort should naturally be expected to demonstrate controls of new agent systems included.