How a Digital Value Management System® (DVMS) Delivers the Outcomes of ISO 31000
Rick Lemieux – Co-Founder and Chief Product Officer of the DVMS Institute
Introduction: ISO 31000 and the DVMS
ISO 31000 is the international benchmark for effective risk management, offering principles and guidelines for integrating risk into all aspects of an organization. At its core, ISO 31000 emphasizes a proactive, structured, and value-based approach to risk management, principles mirrored in the Digital Value Management System (DVMS). The DVMS overlays existing organizational structures with a system of capabilities to ensure that digital business value is created, protected, and delivered efficiently and securely.
Through its layered architecture—the Z-X Model, the CPD Model (Create, Protect, Deliver), the 3D Knowledge Model, and the principle of strategy-risk—the DVMS effectively operationalizes ISO 31000’s principles, establishing an enterprise-wide capability for managing uncertainty in complex, digitally driven environments.
Establishing Context and Integration
One of ISO 31000’s first principles is establishing context. The DVMS aligns with this by insisting on a thorough understanding of organizational purpose, structure, and digital dependencies before addressing risk. The DVMS Z-X Model introduces the seven minimum viable capabilities—Govern, Assure, Plan, Design, Change, Execute, and Innovate—each of which helps articulate the organizational context from a risk-informed perspective.
The DVMS also promotes integration across all levels of the organization. Rather than relegating risk to a single silo (e.g., the IT or compliance department), it defines risk management as a distributed responsibility. Regardless of role, every stakeholder becomes part of the risk-aware culture, a key element called for in ISO 31000’s emphasis on integrated and inclusive risk management.
Strategy-Risk: Unifying Strategic Planning and Risk
ISO 31000 emphasizes aligning risk management with organizational strategy. DVMS achieves this by treating strategy and risk as a single, inseparable construct called “strategy-risk”. In this model, creating digital business value inherently involves understanding and mitigating the risks that could jeopardize it.
This is operationalized through the CPD Model, which fuses value creation, protection, and delivery into a continuous, adaptive system. Instead of creating value and bolting on protections afterward, organizations using the DVMS do so concurrently, treating protection as intrinsic to the value itself. This approach ensures that decision-making around strategy inherently considers the risk implications and opportunities, directly supporting ISO 31000’s mandate to embed risk management into strategic planning.
Leadership and Accountability
ISO 31000 states that leadership and commitment from the top are crucial. DVMS operationalizes this by making leadership accountability a foundational requirement. Governance, as defined in the DVMS Z-X Model, sets the tone for enterprise risk behavior, establishes policy, and cascades intent through all layers of the organization.
Moreover, leadership is not just about policy creation but cultural stewardship. DVMS identifies organizational culture as both a potential enabler and barrier to resilience. Leaders create policies and model and reinforce behaviors that promote cross-functional trust, learning, and adaptation, mirroring ISO 31000’s expectations for leadership to instill values and principles that guide risk-aware behavior.
Structured and Systematic Risk Management
ISO 31000 calls for a structured and comprehensive approach. DVMS addresses this through its overlay design and structured phases of adoption (Initiate, Basic Hygiene, Expand, and Innovate). These phases ensure that organizations stabilize existing capabilities before expanding or innovating, ensuring risk decisions are always rooted in clear context and measurable progress.
The DVMS FastTrack approach encourages iterative progress and experimentation. It offers a controlled pathway that prevents organizations from trying to do everything at once—a crucial practical reflection of ISO 31000’s call for systematic, iterative improvement.
Informed Decision-Making Through Data and Measurement
Effective risk management requires data to guide decisions. ISO 31000 emphasizes the importance of timely, accurate, and relevant information. DVMS meets this by embedding performance and outcome measurement into all of its layers, particularly through the Goal-Question-Metric (GQM) and the customized QO-QM (Question Outcome–Question Metric) models.
These models turn strategic intent into measurable outcomes by aligning operational activities with business goals. They help organizations understand whether value is being created and protected in ways that align with strategic outcomes, allowing continuous reassessment and refinement—thereby upholding ISO 31000’s requirement for a feedback-rich environment.
Dynamic and Adaptive Risk Management
The ISO 31000 standard stresses that risk management must be dynamic, iterative, and responsive to change. This is one of the DVMS’s strongest alignments. At the heart of the DVMS is a systems-thinking model that views the organization as a complex adaptive system. This means DVMS doesn’t just expect change—it is designed to thrive within it.
DVMS methodology embeds practices like red teaming, scenario planning, and probing for system vulnerabilities. By continuously adapting through feedback loops and mental model revisions, organizations using DVMS are empowered to anticipate emerging risks and adapt operations accordingly, precisely what ISO 31000 calls for.
Human and Cultural Factors
ISO 31000 highlights the influence of human and cultural factors. DVMS addresses this through deep cultural integration. It uses models like the cultural web (symbols, power structures, rituals, etc.) to understand and influence the behaviors and beliefs that drive risk-related decisions.
By promoting a culture of inquiry, encouraging collaborative learning, and holding leaders accountable for setting cultural tone, DVMS ensures that cybersecurity and resilience become part of an organization’s DNA, not just a checklist.
Continuous Improvement
Finally, ISO 31000 emphasizes the need for ongoing improvement. In DVMS, continual innovation is not a “nice to have”—it is embedded in its seventh core capability. Innovation in the DVMS context includes not just technology but policies, processes, training, and even mindsets. The CPD Model’s dynamic feedback loops ensure that the system constantly scans for value gaps, stakeholder feedback, and emerging risks.
This ensures a proactive—not reactive—stance toward improvement, aligning perfectly with ISO 31000’s principle that risk management must continually improve based on lessons learned, performance evaluation, and contextual shifts.
Conclusion
The DVMS and ISO 31000 share a common objective: to enable organizations to manage uncertainty in a way that supports sustained success and resilience. The DVMS takes ISO 31000 from principle to practice by embedding risk management into strategic intent, cultural behavior, operational performance, and innovation.
Through its layered models, systems thinking, and actionable measurement frameworks, DVMS enables organizations to meet and often exceed the outcomes called for by ISO 31000. It transforms risk from a compliance concern into a value enabler, shaping organizations that survive change and thrive on the edge of it.
About the Author
Rick Lemieux
Co-Founder and Chief Product Officer of the DVMS Institute
Rick has 40+ years of passion and experience creating solutions to give organizations a competitive edge in their service markets. In 2015, Rick was identified as one of the top five IT Entrepreneurs in the State of Rhode Island by the TECH 10 awards for developing innovative training and mentoring solutions for boards, senior executives, and operational stakeholders.
In today’s digitally driven economy, cyber disruptions are no longer an “if” but a “when.”
The DVMS Institute’s Certified Training Programs teach organizations the skills to build a Holistic and Culture-Aligned Overlay System capable of coordinating Adaptive, Governance, Resilience, and Assurance actions across a Complex Digital Ecosystem.
Achieving true cyber resilience across a complex digital ecosystem requires seamless alignment between organizational Strategy, Governance, and Operations, underpinned by a culture dedicated to sustaining and continuously innovating organizational digital value.
The DVMS positions cyber resilience as a strategic, enterprise-wide capability powered by the Institute’s CPD, Z-X, and 3D Knowledge models.
This systems-based approach to cyber operational resilience demands active engagement from all members of the Digital Ecosystem, with each member playing a distinct role in proactively identifying and mitigating the systemic risks that threaten digital business operations.
This adaptive, forward-looking approach to Governance, Resilience, and Assurance (GRA) positions businesses to:
- Maintain Operational Stability Amidst Constant Digital Disruption
- Drive Agility and Trust Across Your Digital Ecosystem
- Satisfy Critical Regulatory and Certification Requirements
- Leverage Cyber Resilience as a Competitive Advantage
DVMS Explainer Videos
- Architecture Video: David Moskowitz explains the DVMS System
- Case Study Video: Dr. Joseph Baugh Shares His DVMS Story.
- Overlay Model – What is an Overlay Model
- ZX Model – The MVC’s that power operational resilience
- CPD Model – Adaptable governance and assurance
- 3D Knowledge Model – Enabling holistic organizational learning
- FastTrack Model – A phased approach to cyber resilience
Digital Value Management System® is a registered trademark of the DVMS Institute LLC.
® DVMS Institute 2025 All Rights Reserved
