Combination of IssuerRDN (set of fields that identify the issuer) and SerialNumber fields uniquely identifies the certificate as per RFC 5280.
The RFC doesn't define, what happens if the certificate is re-issued, but I would assume that the serial number is changed. The reason is that the new certificate would differ from the previous one and as such it must be identified uniquely.
Consequently for your task the better approach would be to
- validate the certificate chain completely to ensure integrity and authenticity of the certificate
- check issuer name
- check subject name
- check key usage field.
This will ensure that the certificate is valid and authorized for this company, and at the same time this algorithm saves you from the mistake of checking for exactly one certificate (this mistake can lead to trouble if the certificate is revoked for whatever reason and replaced with a new one).