DVMS as a Journey and Not a Big Bang – Assurance Mandate Series – Part 5
David Nichols – Co-Founder and Executive Director of the DVMS Institute
The Myth of the Big Bang
While the universe may have started with the “Big Bang,” The DVMS Journey does not.
Executives are accustomed to thinking in terms of transformation: announce the program, fund the project, deploy the tool, and with one decisive move, the problem is solved. It has a beginning, middle, and end. But resilience doesn’t work that way. You cannot “install” it. No single project, framework, or initiative can guarantee that your organization can withstand disruption, recover quickly, and continue delivering value under pressure.
Resilience isn’t built in a single moment. It’s developed gradually through a system that consistently matures and strengthens over time. That’s what the Digital Value Management System® (DVMS) stands for: not a one-time setup, but an ongoing process.
The Problem with Compliance Artifacts
Part of the challenge is that organizations have been conditioned to view governance in a certain way. Compliance models treat maturity as a final goal: obtain certification, check the boxes, produce the report, and you’re done. However, we’ve known for years that compliance doesn’t guarantee security, and it certainly doesn’t imply operational resilience.
Compliance artifacts, certificates, audits, and dashboards have their role. They establish a baseline of accountability and reassure regulators and customers that minimum standards are being met. However, artifacts are snapshots, not trajectories. They can show you where you’ve been, but not where you’re going. Resilience, by contrast, is about momentum. It’s about whether your organization is stronger today than yesterday, and whether tomorrow you’ll be able to adapt faster than the disruption you face.
This is why artifacts alone cannot define resilience. They are static, while resilience is dynamic. Artifacts may show you’ve met a requirement; they cannot demonstrate that you are evolving in step with reality, which is why DVMS should be seen as a journey. It doesn’t guarantee perfection from the start. It guarantees progress, visible, measurable, continuous progress — toward true resilience.
Why DVMS Is a Journey
DVMS changes the organizational frame of reference. It is not another framework to layer on top of the pile. It is a system that continually connects governance intent, operational performance, and assurance evidence in the face of volatility, uncertainty, complexity, and ambiguity.
Because DVMS is systemic, it cannot be reduced to a single project. Instead, it develops alongside the organization. It begins by linking intent with a few key workflows. It grows by providing assurance evidence in the most critical areas. Over time, it makes resilience the normal operating state of the enterprise.
The goal isn’t to “achieve” DVMS as if it were a milestone to be reached. The goal is to walk the path of resilience as a continuous discipline. Think of it as a continual strengthening of your organizational DNA.
The Stages of the DVMS Journey
Every journey begins small, with its first step. The mistake leaders often make is assuming that if they cannot do everything at once, they should wait. In truth, the journey to resilience is built through progressive steps, each producing value along the way.
There is never a perfect moment to take that first step. Leaders must understand that the only place to start this journey is right where they are now. This is where you put on your big boy or girl pants, buckle your seatbelt, and demonstrate clarity and purpose in adopting this new paradigm.
- Stage 1: Awareness and Intent
Leadership reframes governance. Instead of asking whether the organization is compliant, they ask what resilience looks like in terms of protecting and delivering business value. Intent is clarified and owned at the top. - Stage 2: Early Integration
Rather than overhauling everything at once, DVMS is overlaid onto a handful of existing frameworks and workflows. The goal is to generate the first round of evidence, proof that resilience can be demonstrated in practice. - Stage 3: Evidence and Expansion
As capability and credibility grow, the system expands, shifting from retrospective reports to real-time insights. Governance, cyber, and operations begin speaking a shared language, and culture starts reinforcing the change. - Stage 4: Continuous Assurance
DVMS becomes the operating system of governance. Intent, performance, and assurance are continuously aligned. The organization proves resilience on demand, not just at audit time.
This truly measures progress: not how many controls are documented, but how consistently evidence of resilience can be demonstrated.
DVMS in Practice: Small Steps, Real Outcomes
Organizations don’t need to start with major reforms to see the benefits of DVMS. Even small implementations can change the conversation at the leadership level. By applying DVMS to incident response, a board can move beyond just reviewing patch counts or compliance charts and instead see evidence of recovery performance, proving how quickly the organization can restore service and maintain customer trust.
By adopting DVMS, an organization that previously relied on certification as its primary success metric can start demonstrating resilience in its supply chain or service delivery. While the certificate would still hold importance, it would no longer define success. Instead, evidence would.
These are not revolutionary changes. They are evolutionary. Small steps turn into new habits. Habits become norms. And resilience becomes apparent in ways it hasn’t been before.
The Executive Question
For boards and executives, the critical question has changed. It is no longer: “When will we be compliant?” That was yesterday’s measure. Today’s measure is far more demanding: “Where are we on the journey from artifacts to assurance?”
Compliance will always matter, but it is not the finish line; it is the starting point. Passing an audit, earning a certificate, or scoring well on a maturity model may satisfy regulators and reassure stakeholders in the short term, but these artifacts are backward-looking. They prove what you did yesterday, not what you can withstand tomorrow.
If your governance story still relies on certifications, audit scores, or analyst rankings, you are focused on appearances. These can indicate alignment with frameworks, but they don’t prove resilience. They provide comfort without genuine confidence.
Governing with confidence requires more than just belief: it needs proof. Proof that your systems are dynamic and can adapt to changing conditions. Evidence that your team will act responsibly in the event of disruption. Proof that your culture promotes escalation, transparency, and accountability instead of silence or delay.
This is what boards and executives must demand. Not reports designed to look impressive, but proof that operational resilience is real. Only then can leaders move beyond the illusion of compliance to the assurance of performance.
Closing the Gap
Resilience is not created in binders, audits, or one-time projects. It is built through a journey that integrates governance, resilience, and assurance into a living system. That fact is important because I’m not asking you to buy a framework, or the latest silver bullet framework, or even a unicorn (although the latter is probably more helpful than the framework or silver bullet).
DVMS provides the system that ensures you are capable of creating, protecting, and delivering value to your stakeholders, and that you can prove it in real-time.
For boards and executives, the choice is stark. You can stay in the compliance comfort zone and hope for luck, or you can embark on a journey toward assured resilience, knowing that you are well-prepared.
Luck runs out. Systems endure. The journey to resilience begins with a single step — and every step matters.
👉 This marks the end of the Assurance Mandate Series. Over five articles, we’ve examined why boards and executives need to go beyond relying on frameworks and compliance artifacts to build confidence through evidence-based resilience. The Digital Value Management System® provides a way to make that transition concrete. You provide the leadership.
About the Author
Dave is the Executive Director of the DVMS Institute.
Dave spent his “formative years” on US Navy submarines. There, he learned complex systems, functioning in high-performance teams, and what it takes to be an exceptional leader. He took those skills into civilian life and built a successful career leading high-performance teams in software development and information service delivery.
DVMS Institute – Building Cyber Operational Resilience Across Digital Supply Chains
The DVMS Institute’s Certified Training Solutions teach organizations how to transform the NIST Cybersecurity Framework or any other IT Framework or Standard Based System, into a unified, adaptive, and culture-driven Digital Value Management System® (DVMS)
The DVMS offers organizations a structured pathway for integrating Governance Intent, Operational Execution, and Assurance Evidence, enabling them to demonstrate measurable resilience, regulatory alignment, and stakeholder confidence in an ever-evolving digital landscape.
Through its MVC, CPD, 3D Knowledge, and FastTrack Models, the DVMS operationalizes a:
- Governance Overlay system that unifies strategy, assurance, and operations
- Behavioral Engine that transforms how organizations think, decide, and act in uncertainty
- Learning System that measures, adapts, and innovates over time.
DVMS White Papers
- The Assurance Mandate: Moving Beyond GRC to Evidence-Based Operational Resilience
- Assurance in Action: Turning Policy into Organizational Capability
- Governance By Assurance: A Systems Approach to Outcome-Based Regulation
DVMS Explainer Videos
- Architecture Video: David Moskowitz explains the DVMS System
- Case Study Video: Dr. Joseph Baugh Shares His DVMS Story.
- Overlay Model – What is an Overlay Model
- MVC ZX Model – Powers the CPD
- CPD Model – Powers DVMS Operations
- 3D Knowledge Model – Powers the DVMS Culture
- FastTrack Model – Enables A Phased DVMS Adoption
DVMS Institute Certified Training Programs
DVMS Cyber Resilience Awareness Training
The DVMS Cyber Resilience Awareness training provides all employees with a comprehensive understanding of the fundamentals of digital business, its associated risks, the NISTCSF, and their role in protecting organizational digital value. This investment fosters a culture that is prepared to transform systemic cyber risks into operational resilience.
NISTCSF Foundation Certification Training
The DVMS NISTCSF Foundation certification training course provides ITSM, GRC, Cybersecurity, and Business professionals with a detailed understanding of the NIST Cybersecurity Framework and its role as an integrated, adaptive, and culture-driven governance and assurance management system that drives resilient, compliant, and trusted digital outcomes.
DVMS Practitioner Certification Training
The Digital Value Management System® (DVMS) Practitioner certification training course provides ITSM, GRC, Cybersecurity, and Business professionals a detailed understanding of how to transform systemic cyber risk into operational resilience by uniting Fragmented Frameworks and Standards, such as NIST, ITSM, GRC, and ISO, into a holistic, adaptive, and culture-driven Governance, Assurance, and Accountability overlay system that keeps your digital business resilient, no matter the disruption.
DVMS Organizational Benefits
The DVMS doesn’t replace existing frameworks—it connects, contextualizes, and amplifies them, transforming compliance requirements into actionable intelligence that drives and ensures sustained digital operations and performance.
By adopting a DVMS, organizations are positioned to:
- Maintain Operational Stability Amidst Constant Digital Disruption
- Deliver Digital Value and Trust Across A Digital Ecosystem
- Satisfy Critical Regulatory and Certification Requirements
- Leverage Cyber Resilience as a Competitive Advantage
DVMS Leadership Benefits
For the CEO, the DVMS provides a clear line of sight between digital operations, business performance, and strategic outcomes—turning governance and resilience into enablers of growth and innovation rather than cost centers.
For the Board of Directors, the DVMS provides ongoing assurance that the organization’s digital assets, operations, and ecosystem are governed, protected, and resilient—supported by evidence-based reporting that directly links operational integrity to enterprise value and stakeholder trust.
For the CIO, the DVMS provides a structured way to align technology investments and operations with measurable business outcomes.
For the CRO, the DVMS provides a way to embed risk and resilience directly into operational processes, turning risk management into a driver of performance and adaptability.
For the CISO, the DVMS provides a continuous assurance mechanism that demonstrates cyber resilience and digital trust across the enterprise and its supply chain.
For Internal and External Auditors, the DVMS provides verifiable proof that the enterprise can maintain operational continuity under stress.
Digital Value Management System® is a registered trademark of the DVMS Institute LLC.
® DVMS Institute 2025 All Rights Reserved
