We recommend to get a full security assessment at least once every 6-12 months.

However, you should keep your policies and vulnerability assessments updated at least once a year or when your infrastructure is updated with new nodes, services or assets.