Cybersecurity Services for PRASA.
PRASA
In plain English
PRASA is seeking a service provider for a comprehensive cybersecurity assessment and strategy development. Eligible bidders must be suitably qualified service providers with expertise in cybersecurity.
Always check the official documentDescription
The Passenger Rail Agency of South Africa (PRASA) is inviting bids for a comprehensive cybersecurity project. The service provider will perform an Enterprise Cybersecurity Maturity Assessment, security architecture reviews, and vulnerability testing. The scope includes testing IT and OT integration, assessing three operational sites, and creating a three-year cybersecurity strategy. Additionally, the provider must implement an automated Governance, Risk, and Compliance (GRC) platform. The project will take place over 12 months, consisting of a six-month delivery phase and a six-month support phase. The work will be conducted at PRASA facilities, with specific focus on critical rail infrastructure. Bidders must provide a team of experts, including a project manager and specialists in penetration testing, cloud security, and industrial control systems. The project aims to strengthen PRASA's digital defenses and align them with international cybersecurity standards.
What you need to qualify
- CSD registration — Registration on the Central Supplier Database — required to do business with government.
- Tax clearance — A valid SARS tax compliance status (PIN) showing your tax affairs are in order.
- B-BBEE certificate — A B-BBEE certificate or sworn affidavit confirming your contribution level.
Full requirements
- Valid ISO/IEC 27001:2022 certification
- Key personnel must hold relevant OT/ICS cybersecurity certifications
- Valid Public Liability and Professional Indemnity insurance
- Registered on National Treasury Central Supplier Database (CSD)
- Valid Tax Compliance Status (TCS) PIN
- Valid B-BBEE certificate or sworn affidavit
- Proof of SSA vetting for Lead Consultant
- Official OEM partnership or reseller status documentation
Contact & how to apply
Name: Annah Hlaele
Email: annah.hlaele@prasa.com
Phone: 012-748-7528
How to apply: Applications must be submitted via hand delivery in a sealed envelope to Ms. Annah Hlaele at the Reception Area, Umjantshi Building, 30 Wolmarans Street, Johannesburg (opposite the Gautrain Station).
Related tenders
Panel of Internal Audit Service Providers for PRASA.
The Passenger Rail Agency of South Africa (PRASA) seeks service providers for a panel to deliver internal audit services on an 'as and when needed' basis over three years. The scope includes general internal audits, IT audits, and advisory services on governance and risk management, based in Johannesburg. A compulsory briefing session is on 17 July 2026 at Umjantshi House, Braamfontein. Submissions close on 13 August 2026 at 12:00 midday. Bidders must show technical capacity through qualifications and experience to support PRASA's internal capacity with co-sourced audit support.
OHSE Agent Services for Aerial Fibre Network in Gauteng
The Passenger Rail Agency of South Africa (PRASA) seeks bids for Occupational Health, Safety, and Environmental (OHSE) Agent services for the supply, installation, and rehabilitation of an aerial optic fibre network in Gauteng. The services will cover various PRASA facilities, including depots and ticket offices, on an 'as and when required' basis. Responsibilities include drafting safety specifications, managing permits, conducting audits, and ensuring compliance with safety standards. The contract requires a professional Construction Health and Safety Agent and Officer. The tender closes on 10 July 2026 at 12:00.
Provision of GRC System Software for The Presidency.
The Presidency requires a service provider to supply and implement a Governance, Risk and Compliance (GRC) software system in Pretoria over five years. Responsibilities include system configuration, data migration, user manual provision, and setup of risk management and compliance modules. The provider must offer reporting dashboards, on-site and annual staff training, ongoing incident support, and host the solution in a secure cloud environment. Bidders need 10 years of GRC experience, and the project manager must have an NQF level 7 qualification in IT or Project Management.
Supply and Install Integrated Cybersecurity Solution (36 Months)
The uMzimkhulu Local Municipality invites bids for the supply, delivery, and installation of a fully integrated cybersecurity solution for a 36-month contract. The project includes 24/7 security operations, threat hunting, incident management, vulnerability management, and annual penetration testing. The service provider must handle cybersecurity governance and provide regular service level agreement reporting. All work must meet high security standards to protect municipal digital infrastructure.
Professional Services for Security Equipment Installation at Airports.
Airports Company South Africa (ACSA) seeks bids for professional engineering services to install security access control equipment at eight airports, including ORTIA and CTIA, over 24 months. The project involves designing and installing surveillance cameras, X-ray machines, metal detectors, and vehicle recognition systems. The successful bidder will manage multidisciplinary teams to complete the project lifecycle from planning to commissioning, ensuring high-security standards for airport environments.
Dark Web Monitoring and Digital Risk Detection Solution.
Sasria SOC Limited seeks bids for a SaaS-based platform to monitor the dark, deep, and open web for cyber threats, brand abuse, and data exposure. The 36-month contract includes system configuration, integration with security tools, and role-based training. The provider must offer technical documentation and support, comply with POPIA, and meet cybersecurity certification requirements. Work is based in Johannesburg.