METHODIK
TCO Methodology in Portfolio Mode
How CertMap calculates the Total Cost of Ownership of a cybersecurity certification, and how bundle effects can shift a cert set's 5-year TCO by more than €5,000.
Last updated: 2026-04-30
TCO Methodology in Portfolio Mode
The Portfolio mode calculates what a combination of certifications truly costs over 1, 3, or 5 years. This article explains what flows into the total, which bundle effects CertMap accounts for, and where the Phase 1 simplifications are.
What TCO means here
CertMap breaks Total Cost of Ownership into two components:
Acquisition: one-time costs for the exam fee and mandatory training, due at first certification. Because these costs don't depend on the year count, they're identical across 1Y/3Y/5Y.
Maintenance: recurring costs over the chosen year count:
- AMF (Annual Maintenance Fee): annual membership fee (e.g., ISC2 charges 135 USD/year regardless of how many ISC2 certs you hold).
- CPE hours: Continuing Professional Education, optionally valued as money (see toggle).
- Renewal fees: for certs that aren't kept active through ongoing CPE but get reset on a fixed cycle (e.g., CompTIA renewal every 3 years).
The default view is out-of-pocket, what you actually have to wire as a holder. Via toggle, CPE can be counted as money (hours × hourly rate).
Bundle table
Vendors handle membership and CPE differently. A naive "calculate each cert separately" approach overestimates the total by €1,700–5,000 over 5 years as soon as you hold multiple certs from the same vendor. CertMap knows four bundle policies:
| Vendor | AMF shared | CPE/CE pool shared | Reasoning |
|---|---|---|---|
| ISC2 | ✓ | ✓ | One shared ISC2 membership (135 USD/year). 60 CPE hours/year count toward all ISC2 certs you hold (CISSP, CCSP, CSSLP). |
| CompTIA | - | ✓ | Each cert has its own renewal fees, but a CertMaster CE pool: CPE hours count for multiple certs. No AMF, renewal every 3 years. |
| ISACA | - | - | Each cert has its own CPE obligation (40h+/year) and its own AMF (45 USD/year member fee + 45 USD/year per cert). |
| GIAC | - | - | Each cert has its own 4-year renewal cycle with an independent renewal fee (429 USD per renewal). |
The getPortfolioMaintenance and getCertPortfolioContribution functions in src/services/cert/cost.ts implement these policies. With sharesAmf: true, the highest AMF is counted once per year, not summed. With sharesCpe: true, CPE hours of the cert with the highest requirement are taken once, not summed.
CPE hour valuation
The default hourly rate in Portfolio mode is €80/h. This is the lower band of fully-loaded employer cost for senior security personnel in the DACH region (typical daily rate €800–1,200, divided by 8h, calculated as full cost including social security and overhead).
Use the CPE-as-cost toggle to change the value. When active:
- The stacked bar shows CPE-valued time as an additional layer per cert/bundle.
- The total includes CPE × hourly rate.
When inactive:
- The stacked bar shows only out-of-pocket money (AMF, renewal, acquisition).
- The CPE bar still appears and shows hours, without the money translation.
Exchange rates
Phase 1 uses static exchange rates:
- 1 USD ≈ 0.92 EUR
- 1 GBP ≈ 1.17 EUR
These values live in src/services/cert/cost.ts (EUR_PER_USD, EUR_PER_GBP). Phase 2 will switch to the ECB reference rate with a daily cache and a UI hint on API failure. Until then: all non-EUR prices are converted at runtime, the TCO is reported purely in EUR.
Renewal calculation
For vendors with a renewal cycle (CompTIA, GIAC):
renewalsInPeriod = floor(years / cycleYears)
renewalCostInPeriod = renewalsInPeriod × renewalFee
Example CompTIA Security+ over 5 years with a 3-year cycle:
- floor(5 / 3) = 1 renewal
- 1 × 246 USD = 246 USD ≈ 226 EUR renewal fee
- The 5Y model accounts for 1 renewal event, not 1.67.
Example GIAC GCIH over 5 years with a 4-year cycle:
- floor(5 / 4) = 1 renewal
- 1 × 429 USD = 429 USD ≈ 395 EUR
For bundles with a shared renewal cycle (CompTIA pool), the longest renewal cycle is used, not the sum.
Known simplifications
CertMap does not model in Phase 1:
- Taxes: no VAT, no business-expense deductibility.
- Travel & lodging for exams, relevant for in-person Pearson VUE centers.
- Exam prep material: books, online courses, practice exams.
- Employer subsidies: many companies reimburse 50–100%, which drastically changes the out-of-pocket TCO.
These gaps are intentional. A complete model would create expectations we can't keep, taxes depend on employment status, employer subsidies on contract specifics, travel cost on exam region. Pragmatically: out-of-pocket gross in EUR over 1/3/5 years is the most transparent calculation that's reproducible for every user.
If you want a fully cost-accounting comparison between cert options, export the portfolio (Sprint M) and add the missing line items in Excel.
Related articles
- How does CertMap rate cybersecurity certifications?, Scoring methodology (substance × market strength).
- Personnel certification per ISO/IEC 17024, How does personnel certification differ from a course completion certificate?