Penetration Tests (pentests) should be a regularly scheduled activity. Pentests are an attempt to gain access to a system or network by a third party acting like a malicious party. Pentests simulate an attack by a malicious party that goes beyond simple vulnerability scans, rather they attack the configuration, design, implementation, and logic of the system, which cannot be tested through simple vulnerability scans.
New techniques and information combined with attacks in different aspects of the system makes every pentest unique and can find flaws not previously detected. This combined with possible new weaknesses means that each pentest may find something that was not previously seen.
If penetration testing is required, it is generally required to be performed annually. If the test includes only certain applications, such as your SaaS application, a separate test may be required for the organization’s network, as compromising this may lead to compromise of the application from the backend.