1 - Regarding changes to ISO27001 and 27002 - I see that the last update to ISO27001 was a 2013 revision, and the one prior to that was published in 2005. Can you advise if updates are done on a specific schedule, or on an as needed basis?
Answer: The review of an ISO standard generally starts 5 years after its release, and this process takes up to 3 years to release a new version. Of course if an industry or community presents a justifiable request this time between reviews may change, but the duration of the review process remains within the 3 years time frame.
2 - Can you advise me how re-certification is achieved?
Answer: For the certification body, the re-certification process is the same as the certification one, the certification auditor will go through all the certification scope during the audit, to verify if all requirements of the standard, as well as the requirements defined by the organization, are in place and working as expected.
For the organization, when the recertification involves the release of a new version of the standard, the re-certification process starts with a gap analysis between the old and the new versions of the standard, so you can identify what has changed and which actions should be done to comply with the new requirements.
After the new requirements are implemented, you have to ensure they are properly operated, controlled and that they achieve the expected results, through internal audit and management review, so you can have the necessary evidences that the new requirements are all properly implemented, and that identified problems are handled through corrective actions.