Using a Digital Value Management System to Clean Up Your IT Framework Mess
Rick Lemieux – Co-Founder and Chief Product Officer of the DVMS Institute
The Framework Chaos in Modern Enterprises
Enterprises today often find themselves drowning in a “framework mess.” Over time, organizations adopted multiple governance, risk, compliance, and cybersecurity frameworks—NIST CSF, ISO 27001, ITIL, COBIT, COSO, GDPR, HIPAA, PCI-DSS, DORA, NIS2, and others. Each framework provides helpful guidance, but the accumulation of them creates silos, duplication, conflicting priorities, and compliance fatigue. Frameworks often become fragmented checklists managed in isolation by different departments instead of enabling resilience and value creation. This results in inefficiency, audit overload, gaps in protection, and a failure to connect cybersecurity and compliance investments with business performance outcomes.
Why Frameworks Alone Fall Short
Frameworks like the NIST Cybersecurity Framework (CSF) provide essential structure and outcomes for managing cybersecurity risks. However, the CSF itself is descriptive, not prescriptive; it explains what good outcomes look like but does not provide a method for integrating them into day-to-day business operations. This is where enterprises stumble—frameworks tell them what to do, regulators tell them what to prove, and auditors tell them what they missed. Without an integrative system to harmonize frameworks, organizations end up layering tool on top of tool, policy on top of policy, with little cohesion. The framework mess is not about the frameworks themselves, but about the lack of an overlay system that unifies them into a coherent, adaptive whole.
DVMS as an Overlay System
The Digital Value Management System (DVMS) addresses this challenge directly by functioning as an overlay rather than another framework. Unlike frameworks that describe outcomes, the DVMS provides a systems-based governance and assurance model that maps across existing standards and frameworks, exposing overlaps and gaps. By overlaying on top of what an organization already does, the DVMS ensures that every framework contributes to a single enterprise-wide goal: creating, protecting, and delivering digital business value. This approach eliminates duplication, clarifies accountability, and enables leaders to see the “whole system” instead of fragmented compliance silos.
Minimum Viable Capabilities for Order and Clarity
At the heart of the DVMS are seven Minimum Viable Capabilities (MVC): Govern, Assure, Plan, Design, Change, Execute, and Innovate. These capabilities are the universal “containers” into which all framework requirements can be mapped. For example, NIST CSF’s GOVERN and IDENTIFY outcomes map directly into DVMS Govern and Plan; ISO 27001’s information security controls fall under Assure and Execute; ITIL’s service design aligns with Plan and Design. By standardizing on these universal capabilities, enterprises gain a consistent language and structure that cuts across frameworks, regulations, and standards. Instead of multiple disconnected compliance programs, the DVMS provides a single organizing principle for all assurance efforts.
Strategy-Risk: Unifying Value Creation and Protection
One of the key reasons enterprises end up in framework chaos is the artificial separation of business strategy from risk management. The DVMS resolves this by introducing the concept of “strategy-risk”—the idea that strategy and risk are inseparable, like two sides of the same coin. This shift allows organizations to integrate cybersecurity and compliance into strategic planning, rather than bolting them on afterward. Every framework requirement is therefore reframed as a component of protecting and enabling value. By embedding strategy-risk thinking, the DVMS aligns frameworks with enterprise goals, ensuring that protection is not just about avoiding penalties but sustaining trust, resilience, and performance.
Systems Thinking: Seeing the Whole, Not the Hole
Framework messes thrive in siloed environments where departments interpret and implement frameworks independently. The DVMS applies systems thinking to break down these silos and expose interdependencies. Using models such as the DVMS Z-X Model and the 3D Knowledge Model, the system forces leaders and teams to examine how governance, culture, technology, and process all interact. This holistic lens enables enterprises to identify duplication (e.g., multiple departments running separate risk registers), close gaps (e.g., no owner for supply chain risk), and streamline assurance activities across the enterprise. Instead of reactive compliance, organizations gain proactive resilience.
Cultural Alignment and Accountability
Another source of framework failure is cultural misalignment. Policies exist on paper, but employees see cybersecurity and compliance as “someone else’s job.” The DVMS directly addresses culture by making it a central element of its overlay model. Leadership accountability cascades from the boardroom through every layer of the organization, embedding governance, assurance, and resilience into daily decision-making. Framework requirements no longer sit isolated in technical manuals—they are normalized into the organizational culture. By tying culture to governance, the DVMS ensures that frameworks are lived rather than laminated.
Cleaning Up Through the DVMS FastTrack™
Enterprises often struggle to fix their framework mess because the task feels overwhelming. The DVMS introduces a phased FastTrack™ approach: Initiate (getting ready), Basic Hygiene (stabilize), Expand (optimize), and Innovate (continually improve). Instead of attempting to harmonize every framework requirement simultaneously, organizations proceed iteratively, starting with foundational governance and assurance practices and layering in complexity over time. This phased approach prevents initiative fatigue, allows early wins, and ensures sustainable adoption. It provides the roadmap for turning chaotic compliance into coherent governance.
The CPD Model: Linking Frameworks to Value
The DVMS operationalizes its philosophy through the Create–Protect–Deliver (CPD) Model. This model treats value creation and value protection as concurrent, inseparable activities. Frameworks are therefore not endpoints in themselves but instruments for achieving CPD outcomes. For example, GDPR compliance is about avoiding fines and protecting customer trust in digital services. PCI-DSS is not just about passing audits but also about ensuring the delivery of secure payment value. The CPD Model reframes frameworks as enablers of business outcomes, shifting the mindset from compliance to value assurance.
A Practical Path for Enterprises
Cleaning up the framework mess does not mean discarding frameworks. Integrating them under a unifying overlay that harmonizes outcomes, closes gaps, and clarifies accountability. The DVMS provides that overlay by mapping all framework activities into universal capabilities, embedding them into culture, and aligning them with strategy-risk. Through its FastTrack phased approach and CPD operating model, enterprises gain a practical, scalable path for transforming fragmented frameworks into a coherent, adaptive governance system.
Conclusion: From Chaos to Coherence
Enterprises cannot avoid frameworks—they are essential for managing risk, assuring compliance, and sustaining trust. However, left unmanaged, frameworks multiply, overlap, and conflict, leaving organizations with inefficiency and exposure. The Digital Value Management System is the remedy to this problem. By functioning as an adaptive overlay, the DVMS cleans up the framework mess, integrates disparate requirements into a single value creation and protection system, and embeds governance into culture and strategy. The result is not just framework alignment, but enterprise-wide resilience, trust, and performance assurance—the outcomes that matter most in today’s volatile digital landscape.
About the Author
Rick Lemieux
Co-Founder and Chief Product Officer of the DVMS Institute
Rick has 40+ years of passion and experience creating solutions to give organizations a competitive edge in their service markets. In 2015, Rick was identified as one of the top five IT Entrepreneurs in the State of Rhode Island by the TECH 10 awards for developing innovative training and mentoring solutions for boards, senior executives, and operational stakeholders.
In today’s digitally driven economy, cyber disruptions are no longer an “if” but a “when.”
The DVMS Institute Certified Training Programs teach organizations how to transform their ITSM, GRC and Cybersecurity programs into an integrated Digital Value Management System® (DVMS) capable of powering adaptive governance, operational resilience, performance assurance, regulatory compliance, and trust across a complex digital supply chain.
The DVMS—driven by its MVC, CPD, 3D Knowledge, and FastTrack models integrates digital Strategy, Governance, Operations, and Culture into a single adaptive overlay system that continually sustains and advances digital business operations and performance.
By adopting a DVMS, organizations are positioned to:
- Maintain Operational Stability Amidst Constant Digital Disruption
- Deliver Digital Value and Trust Across A Digital Ecosystem
- Satisfy Critical Regulatory and Certification Requirements
- Leverage Cyber Resilience as a Competitive Advantage
DVMS Explainer Videos
- Architecture Video: David Moskowitz explains the DVMS System
- Case Study Video: Dr. Joseph Baugh Shares His DVMS Story.
- Overlay Model – What is an Overlay Model
- MVC ZX Model – Powers the CPD
- CPD Model – Powers DVMS Operations
- 3D Knowledge Model – Powers the DVMS Culture
- FastTrack Model – Enables A Phased DVMS Adoption
Digital Value Management System® is a registered trademark of the DVMS Institute LLC.
® DVMS Institute 2025 All Rights Reserved
