DVMS as a Journey and Not a Big Bang – Assurance Mandate Series – Part 5
David Nichols – Co-Founder and Executive Director of the DVMS Institute
The Myth of the Big Bang
While the universe may have started with the “Big Bang,” The DVMS Journey does not.
Executives are accustomed to thinking in terms of transformation: announce the program, fund the project, deploy the tool, and with one decisive move, the problem is solved. It has a beginning, middle, and end. But resilience doesn’t work that way. You cannot “install” it. No single project, framework, or initiative can guarantee that your organization can withstand disruption, recover quickly, and continue delivering value under pressure.
Resilience isn’t built in a single moment. It’s developed gradually through a system that consistently matures and strengthens over time. That’s what the Digital Value Management System® (DVMS) stands for: not a one-time setup, but an ongoing process.
The Problem with Compliance Artifacts
Part of the challenge is that organizations have been conditioned to view governance in a certain way. Compliance models treat maturity as a final goal: obtain certification, check the boxes, produce the report, and you’re done. However, we’ve known for years that compliance doesn’t guarantee security, and it certainly doesn’t imply operational resilience.
Compliance artifacts, certificates, audits, and dashboards have their role. They establish a baseline of accountability and reassure regulators and customers that minimum standards are being met. However, artifacts are snapshots, not trajectories. They can show you where you’ve been, but not where you’re going. Resilience, by contrast, is about momentum. It’s about whether your organization is stronger today than yesterday, and whether tomorrow you’ll be able to adapt faster than the disruption you face.
This is why artifacts alone cannot define resilience. They are static, while resilience is dynamic. Artifacts may show you’ve met a requirement; they cannot demonstrate that you are evolving in step with reality, which is why DVMS should be seen as a journey. It doesn’t guarantee perfection from the start. It guarantees progress, visible, measurable, continuous progress — toward true resilience.
Why DVMS Is a Journey
DVMS changes the organizational frame of reference. It is not another framework to layer on top of the pile. It is a system that continually connects governance intent, operational performance, and assurance evidence in the face of volatility, uncertainty, complexity, and ambiguity.
Because DVMS is systemic, it cannot be reduced to a single project. Instead, it develops alongside the organization. It begins by linking intent with a few key workflows. It grows by providing assurance evidence in the most critical areas. Over time, it makes resilience the normal operating state of the enterprise.
The goal isn’t to “achieve” DVMS as if it were a milestone to be reached. The goal is to walk the path of resilience as a continuous discipline. Think of it as a continual strengthening of your organizational DNA.
The Stages of the DVMS Journey
Every journey begins small, with its first step. The mistake leaders often make is assuming that if they cannot do everything at once, they should wait. In truth, the journey to resilience is built through progressive steps, each producing value along the way.
There is never a perfect moment to take that first step. Leaders must understand that the only place to start this journey is right where they are now. This is where you put on your big boy or girl pants, buckle your seatbelt, and demonstrate clarity and purpose in adopting this new paradigm.
- Stage 1: Awareness and Intent
Leadership reframes governance. Instead of asking whether the organization is compliant, they ask what resilience looks like in terms of protecting and delivering business value. Intent is clarified and owned at the top. - Stage 2: Early Integration
Rather than overhauling everything at once, DVMS is overlaid onto a handful of existing frameworks and workflows. The goal is to generate the first round of evidence, proof that resilience can be demonstrated in practice. - Stage 3: Evidence and Expansion
As capability and credibility grow, the system expands, shifting from retrospective reports to real-time insights. Governance, cyber, and operations begin speaking a shared language, and culture starts reinforcing the change. - Stage 4: Continuous Assurance
DVMS becomes the operating system of governance. Intent, performance, and assurance are continuously aligned. The organization proves resilience on demand, not just at audit time.
This truly measures progress: not how many controls are documented, but how consistently evidence of resilience can be demonstrated.
DVMS in Practice: Small Steps, Real Outcomes
Organizations don’t need to start with major reforms to see the benefits of DVMS. Even small implementations can change the conversation at the leadership level. By applying DVMS to incident response, a board can move beyond just reviewing patch counts or compliance charts and instead see evidence of recovery performance, proving how quickly the organization can restore service and maintain customer trust.
By adopting DVMS, an organization that previously relied on certification as its primary success metric can start demonstrating resilience in its supply chain or service delivery. While the certificate would still hold importance, it would no longer define success. Instead, evidence would.
These are not revolutionary changes. They are evolutionary. Small steps turn into new habits. Habits become norms. And resilience becomes apparent in ways it hasn’t been before.
The Executive Question
For boards and executives, the critical question has changed. It is no longer: “When will we be compliant?” That was yesterday’s measure. Today’s measure is far more demanding: “Where are we on the journey from artifacts to assurance?”
Compliance will always matter, but it is not the finish line; it is the starting point. Passing an audit, earning a certificate, or scoring well on a maturity model may satisfy regulators and reassure stakeholders in the short term, but these artifacts are backward-looking. They prove what you did yesterday, not what you can withstand tomorrow.
If your governance story still relies on certifications, audit scores, or analyst rankings, you are focused on appearances. These can indicate alignment with frameworks, but they don’t prove resilience. They provide comfort without genuine confidence.
Governing with confidence requires more than just belief: it needs proof. Proof that your systems are dynamic and can adapt to changing conditions. Evidence that your team will act responsibly in the event of disruption. Proof that your culture promotes escalation, transparency, and accountability instead of silence or delay.
This is what boards and executives must demand. Not reports designed to look impressive, but proof that operational resilience is real. Only then can leaders move beyond the illusion of compliance to the assurance of performance.
Closing the Gap
Resilience is not created in binders, audits, or one-time projects. It is built through a journey that integrates governance, resilience, and assurance into a living system. That fact is important because I’m not asking you to buy a framework, or the latest silver bullet framework, or even a unicorn (although the latter is probably more helpful than the framework or silver bullet).
DVMS provides the system that ensures you are capable of creating, protecting, and delivering value to your stakeholders, and that you can prove it in real-time.
For boards and executives, the choice is stark. You can stay in the compliance comfort zone and hope for luck, or you can embark on a journey toward assured resilience, knowing that you are well-prepared.
Luck runs out. Systems endure. The journey to resilience begins with a single step — and every step matters.
👉 This marks the end of the Assurance Mandate Series. Over five articles, we’ve examined why boards and executives need to go beyond relying on frameworks and compliance artifacts to build confidence through evidence-based resilience. The Digital Value Management System® provides a way to make that transition concrete. You provide the leadership.
About the Author
Dave is the Executive Director of the DVMS Institute.
Dave spent his “formative years” on US Navy submarines. There, he learned complex systems, functioning in high-performance teams, and what it takes to be an exceptional leader. He took those skills into civilian life and built a successful career leading high-performance teams in software development and information service delivery.
Digital Value Management System® (DVMS)
The DVMS is an adaptive, culture-enabled governance overlay designed to help organizations of any size, scale, or complexity transition from static, paper-based governance models to a living, evidence-based system of Governance, Resilience, Assurance, and Accountability (GRAA).
At its core, the DVMS is a simple but powerful integration of:
-
Governance Intent – shared expectations and accountabilities.
-
Operational Capability – how the business actually performs
-
Assurance Evidence – proof that intended outcomes are being achieved
Rather than adding more complexity, a DVMS integrates fragmented frameworks and practices such as NIST CSF, GRC, ITSM, DevOps, and AI into a unified overlay system that enables leaders and regulators to see, in real time, whether the digital business is working as intended—and whether the risks that matter most are being managed proactively.
Through its MVC, CPD, 3D Knowledge, and FastTrack Models, a DVMS turns this integration into three distinctive capabilities:
A Governance Overlay that replaces fragmentation with unity. The DVMS provides organizations with a structured way to connect strategy with day-to-day execution. Leaders gain a consistent mechanism to direct, measure, and validate performance—across every system responsible for digital value.
A Behavioral Engine that drives high-trust, high-velocity decision-making. The DVMS embeds decision models and behavioral patterns that help teams think clearly and act confidently, even in uncertain situations. It is engineered to reduce friction, prevent blame-based cultures, and strengthen organizational reliability.
A Learning System that makes culture measurable, adaptable, and scalable. Culture becomes a managed asset—not an abstract concept. The DVMS provides a repeatable way to observe behavior, collect evidence, learn from outcomes, and evolve faster than threats, disruptions, or market shifts.
DVMS Organizational Benefits
Instead of replacing existing operational frameworks, the DVMS elevates them—connecting and contextualizing their data into actionable intelligence that validates performance and exposes the reasons behind unmet outcomes.
By adopting a DVMS, organizations are positioned to:
- Maintain Operational Stability Amidst Constant Digital Disruption
- Deliver Digital Value and Trust Across A Digital Ecosystem
- Satisfy Critical Regulatory and Certification Requirements
- Leverage Cyber Resilience as a Competitive Advantage
DVMS Leadership Benefits
The Digital Value Management System (DVMS) provides leaders with a unified, evidence-based approach to governing and enhancing their digital enterprise, aligning with regulatory requirements and stakeholder expectations.
For the CEO, the DVMS provides a clear line of sight between digital operations, business performance, and strategic outcomes—turning governance and resilience into enablers of growth and innovation rather than cost centers.
For the Board of Directors, the DVMS provides ongoing assurance that the organization’s digital assets, operations, and ecosystem are governed, protected, and resilient—supported by evidence-based reporting that directly links operational integrity to enterprise value and stakeholder trust.
For the CIO, CRO, CISO, and Auditors: an integrated, adaptive, and culture-driven governance and assurance management system that enhances digital business performance, resilience, trust, and accountability
DVMS White Papers
The three whitepapers below present a coherent progression that shifts organizations from compliance-driven thinking to a modern system of Governance, Resilience, Assurance, and Accountability (GRAA). Collectively, the three papers define a comprehensive system for building and governing resilient digital enterprises, grounded in evidence rather than assumptions.
The Assurance Mandate Paper sets the stage by showing why traditional GRC artifacts provide only reassurance—not evidence—and calls boards to demand forward-looking proof that their organizations can continue to create, protect, and deliver value under stress.
The Assurance in Action Paper elevates the conversation from leadership intent to managerial execution, demonstrating how the DVMS operationalizes resilience by translating outcomes into Minimum Viable Capabilities, connecting frameworks through the Create–Protect–Deliver model, and generating measurable assurance evidence that managers can use to demonstrate real performance rather than activity.
The Governing by Assurance Paper elevates the approach to the policy and regulatory level, showing how DVMS functions as a learning overlay system that links governance intent, operational capability, and verifiable evidence into a continuous loop—enabling regulators, agencies, and enterprises to govern by outcomes rather than checklists and to prove capability with measurable, auditable performance data.
DVMS Cyber Resilience Certified Training Programs
DVMS Cyber Resilience Awareness Training
The DVMS Cyber Resilience Awareness course and its accompanying body of knowledge publication educate all employees on the fundamentals of digital business, its associated risks, the NIST Cybersecurity Framework, and their role within a shared model of governance, resilience, assurance, and accountability for creating, protecting, and delivering digital value.
This investment fosters a culture that is prepared to operate within a system capable of transforming systemic cyber risks into operational resilience.
DVMS NISTCSF Foundation Certification Training
The DVMS NISTCSF Foundation certification training course and its accompanying body of knowledge publications provide ITSM, GRC, Cybersecurity, and Business professionals with a detailed understanding of the NIST Cybersecurity Framework and its role in a shared model of governance, resilience, assurance, and accountability for creating, protecting, and delivering digital value.
This investment fosters IT, GRC, Cybersecurity, and Business professionals with the skills to operate within a system capable of transforming systemic cyber risks into operational resilience.
DVMS Cyber Resilience Practitioner Certification Training
The DVMS Practitioner certification training course and its accompanying body of knowledge publications teach ITSM, GRC, Cybersecurity, and Business practitioners how to elevate investments in ITSM, GRC, Cybersecurity, and AI business systems by integrating them into a unified governance, resilience, assurance, and accountability system designed to proactively identify and mitigate the cyber risks that could disrupt operations, erode resilience, or diminish client trust.
This investment fosters IT, GRC, Cybersecurity, and Business practitioners with the skills to assess, design, implement, operationalize, and continually innovate a Digital Value Management System® program that operationalizes a shared model of governance, resilience, assurance, and accountability for creating, protecting, and delivering digital value.
Company Brochures and Presentation
Explainer Videos
- DVMS Architecture Video: David Moskowitz explains the DVMS System
- DVMS Case Study Video: Dr. Joseph Baugh Shares His DVMS Story.
- DVMS Overlay Model – What is an Overlay Model
- DVMS MVC ZX Model – Powers the CPD
- DVMS CPD Model – Powers DVMS Operations
- DVMS 3D Knowledge Model – Powers the DVMS Culture
- DVMS FastTrack Model – Enables A Phased DVMS Adoption
Digital Value Management System® is a registered trademark of the DVMS Institute LLC.
® DVMS Institute 2025 All Rights Reserved
