Cybersecurity and Physical Security Assessment
ID: ARFQ-0476-SOM2600000003-1
• State: West Virginia
Opportunity Assistant
Loading
Description
Background
The West Virginia School of Osteopathic Medicine (WVSOM) is issuing this Request for Proposal (RFP #WVSOM-571) to solicit proposals from qualified vendors for comprehensive cybersecurity and physical plant security assessment services. The goal of the contract is to establish a structured, recurring, and risk-based security assessment program that evaluates WVSOM's security posture, identifies material risks, tracks remediation progress, and measures maturity improvement over time. This engagement will focus on institutionally managed systems and employee-related access controls.
Work Details
The vendor will conduct a full-spectrum assessment of WVSOM’s cybersecurity posture and physical security environment. The assessment will include:
1. Comprehensive Assessments in years 1, 3, and 5, which will deliver:
- Executive Summary
- Detailed Technical Report
- NIST CSF maturity scorecard
- Prioritized 12-18 month remediation roadmap
- Technical readout session with IT leadership
- Executive presentation to the President's Cabinet
2. Targeted Reviews in years 2 and 4 that will include:
- Review of remediation progress from prior assessments
- Updated internal and external vulnerability scans
- Review of changes to infrastructure and incident response procedures.
3. Specific assessments including:
- Governance and Risk Management Assessment focusing on information security policies, workforce access governance, privileged access oversight, vendor access controls, onboarding/offboarding processes, and business continuity planning.
- Identity and Access Management Review evaluating identity controls for various accounts.
- Infrastructure and Network Security Assessment including vulnerability scanning of internet-facing systems.
- Microsoft 365 and Azure Administrative Security Review assessing configurations related to security.
- Physical Security Assessment reviewing physical controls protecting IT infrastructure.
Period of Performance
The contract will span five years with comprehensive assessments conducted in years 1, 3, and 5. Targeted reviews will occur in years 2 and 4.
Place of Performance
The services will be performed at the West Virginia School of Osteopathic Medicine located in Lewisburg, West Virginia.
Bidder Requirements
Vendors must have a minimum of five years of experience providing cybersecurity assessment services to higher education institutions or similarly regulated environments. They must demonstrate experience with at least three comparable engagements within the past five years. Proposed personnel must hold relevant industry certifications such as CISSP, CISM, OSCP, CEH, CISA or CompTIA Security+. Vendors must also comply with mandatory project requirements outlined in the RFP.
The West Virginia School of Osteopathic Medicine (WVSOM) is issuing this Request for Proposal (RFP #WVSOM-571) to solicit proposals from qualified vendors for comprehensive cybersecurity and physical plant security assessment services. The goal of the contract is to establish a structured, recurring, and risk-based security assessment program that evaluates WVSOM's security posture, identifies material risks, tracks remediation progress, and measures maturity improvement over time. This engagement will focus on institutionally managed systems and employee-related access controls.
Work Details
The vendor will conduct a full-spectrum assessment of WVSOM’s cybersecurity posture and physical security environment. The assessment will include:
1. Comprehensive Assessments in years 1, 3, and 5, which will deliver:
- Executive Summary
- Detailed Technical Report
- NIST CSF maturity scorecard
- Prioritized 12-18 month remediation roadmap
- Technical readout session with IT leadership
- Executive presentation to the President's Cabinet
2. Targeted Reviews in years 2 and 4 that will include:
- Review of remediation progress from prior assessments
- Updated internal and external vulnerability scans
- Review of changes to infrastructure and incident response procedures.
3. Specific assessments including:
- Governance and Risk Management Assessment focusing on information security policies, workforce access governance, privileged access oversight, vendor access controls, onboarding/offboarding processes, and business continuity planning.
- Identity and Access Management Review evaluating identity controls for various accounts.
- Infrastructure and Network Security Assessment including vulnerability scanning of internet-facing systems.
- Microsoft 365 and Azure Administrative Security Review assessing configurations related to security.
- Physical Security Assessment reviewing physical controls protecting IT infrastructure.
Period of Performance
The contract will span five years with comprehensive assessments conducted in years 1, 3, and 5. Targeted reviews will occur in years 2 and 4.
Place of Performance
The services will be performed at the West Virginia School of Osteopathic Medicine located in Lewisburg, West Virginia.
Bidder Requirements
Vendors must have a minimum of five years of experience providing cybersecurity assessment services to higher education institutions or similarly regulated environments. They must demonstrate experience with at least three comparable engagements within the past five years. Proposed personnel must hold relevant industry certifications such as CISSP, CISM, OSCP, CEH, CISA or CompTIA Security+. Vendors must also comply with mandatory project requirements outlined in the RFP.
Loading Map
Loading Map
Overview
Opportunity Type
Agency Request for Quote (ARFQ)
Opportunity ID
ARFQ-0476-SOM2600000003-1
Response Deadline
April 13, 2026
Past Due
Date Posted
March 9, 2026
Source
Source Notes
Source does not have a linkable page for this opportunity. To find the opportunity, go to the Source website listed above and search for the Opportunity ID.
Est. Value Range
Experimental
$500,000 - $1,500,000
(AI estimate)
Agency Distribution
High
On 3/9/26 WEST VIRGINIA SCHOOL OF OSTEOPATHIC MEDICINE in West Virginia issued Agency Request for Quote (ARFQ) Cybersecurity and Physical Security Assessment with ID ARFQ-0476-SOM2600000003-1 due 4/12/26.
Contacts
Documents
Posted documents for Cybersecurity and Physical Security Assessment
Opportunity Assistant
AI Analysis
AI Generate
Classifications
Opportunity Classification
Miscellaneous