URM will contact you with a reminder approximately a month before you have to recertify. You will then be required to pay an application fee again and complete a new application form.
This is due to the questions being periodically updated and so may be different from the previous year.
It is a good idea to keep a copy of your answers when you submit, to enable you to cut and paste the relevant parts from your previous submission.

NHS Cyber Security Open Letter: What Does it Mean for Suppliers?
URM’s blog explains the recent open letter to suppliers issued by the NHS, what it means, why it matters, and the practical steps you can take to prepare.
URM’s blog explores the importance of cyber resilience & the steps organisations can take to prepare for and mitigate the impact of a cyber incident.
URM’s blog explores common weaknesses in organisations’ security programmes, & outlines practical, cost-effective measures to reduce the likelihood of a breach
URM’s blog breaks down the new EU Cyber Resilience Act, what products/entities are in scope, the security requirements it imposes on organisations, and more.

