You are mentioning two types of audits: internal or first party audits and third party audits. Certification and surveillance audits are third party audits. After certification audit you organization will have two yearly surveillance audits and three years after certification your organization will have a re-certification audit.
About your organization’s internal audits there is one requirement, not included in ISO 9001:2015 but included in the contract with the certification body: at least once per year in one or more audits all ISO 9001:2015 clauses will be audited.
The following material will provide you information about surveillance audits
- Surveillance visits vs. certification audits - https://advisera.com/27001academy/knowledgebase/surveillance-visits-vs-certification-audits/
- What is an ISO 9001 surveillance audit? - https://advisera.com/9001academy/blog/2016/10/18/what-is-an-iso-9001-surveillance-audit/
- free online training ISO 9001:2015 Internal Auditor Course - https://advisera.com/training/iso-9001-internal-auditor-course/
- book - Discover ISO 9001:2015 Through Practical Examples - https://advisera.com/books/discover-iso-9001-2015-through-practical-examples/