ISO/IEC 17025:2017 & ISO/IEC 17020:2012 certification

To clarify your question, both ISO/IEC 17025 and ISO/IEC 17020 are conformity assessment standards, so an organization would be accredited, not certified against them – ISO 17025 for a laboratory, and ISO 17020 for an organization performing inspections. 

what do they need to do in order to maintain their certification?

As with all accreditations against international standards, the organization would need to maintain their own management system internally, continuously meet all the requirements, support their own quality objectives, manage risks and address opportunities for improvement. There are various monitoring and evaluation of trends that is required. For example, a laboratory must monitor its performance by comparing it’s results with other laboratories. To maintain accreditation status, organizations would be audited by their Accreditation Body at intervals (according to the accreditation cycle), to assess and peer review the extent to which they are maintaining the system. 

Is there a requirement to update to the latest iteration?

Yes indeed. A transition period is provided, usually three years after the revision publish date. During this time an organization must address, meet the new requirements and be assessed by the Accreditation Body. 

If so, how often do they need to do so?"

All ISO standards are reviewed every five years and revised if considered necessary. If they are revised, organizations are required to transition to the new revision. 

To maintain accreditation status, organizations would be audited by their Accreditation Body at intervals (according to the accreditation cycle), to assess and peer review the extent to which they are maintaining the system. What dictates the accreditation cycle?  What, if any, requirements are dictated by ILAC? 

What dictates the accreditation cycle?

It is ISO/IEC 17011 Conformity assessment — Requirements for accreditation bodies accrediting conformity assessment bodies that specifies the restriction and criteria for an accreditation body to determine the length of the accreditation cycle. Accreditation bodies must comply with ISO/IEC 17011:2017 and establish separate accreditation schemes (containing rules and processes) within their scope. For example an ISO 17025 scheme and an ISO 17020 scheme. Each scheme has an accreditation cycle which begins at the point of achieving initial accreditation or decision after full reassessment and continues for no more than five years. The criteria is that it must be of a suitable length so that the assessment program can cover sufficient assessments of relevant locations and activities, representative of the scope of accreditation. Typically this cycle is four years or five years for ISO 17025.

What, if any, requirements are dictated by ILAC?

ILAC’s role is to not to dictate or regulate but to develop and harmonize the accreditation practices of member accreditation bodies. They produce policy documents and guidelines which provide criteria or interpretation of accreditation criteria, applicable during assessment. For example with reference to the requirements for an assessment of an internal audit program., in ILAC G28:07/2018 Guideline for the Formulation of Scopes of Accreditation for Inspection Bodies (ISO 17020) ILAC state “The inspection body shall ensure that all requirements of ISO 17020 are covered by the internal audit program within the accreditation re-assessment cycle”.