Network Penetration Testing and Monitoring for SAA
Rubina Data
In plain English
South African Airways is seeking quotations for network penetration testing and active exploit monitoring services. Bidders must comply with internationally recognised cybersecurity standards and provide all required documentation.
Always check the official documentDescription
South African Airways (SAA) is seeking a service provider for network penetration testing and ongoing active exploit monitoring. The work involves internal and external security assessments, real-time detection of malicious activity, and continuous monitoring of zero-day vulnerabilities for at least 2,200 user endpoints. The service must align with ISO 27001, NIST, and CIS standards. Bidders must provide a detailed implementation timeline, with a preference for onboarding within four weeks. The contract requires monthly and quarterly reporting, including expert remediation advice. The tender is issued by SAA, and the closing date for submissions is 19 June 2026 at 16:00. Bidders must demonstrate at least eight years of experience in the aviation or financial sectors and provide three client testimonials.
What you need to qualify
- Tax clearance — A valid SARS tax compliance status (PIN) showing your tax affairs are in order.
- B-BBEE certificate — A B-BBEE certificate or sworn affidavit confirming your contribution level.
- Other registration — An industry registration the tender requires (e.g. PSIRA, NHBRC, a professional or trade licence).
Full requirements
- Valid Tax Clearance Certificate
- ISO/IEC 27001 or NIST cybersecurity certification required
- Relevant industry certifications: OSSTMM, OWASP, or PTES
- Evidence of three managed service engagements in relevant sectors
- Five security professionals with OSCP or related certifications
- Valid B-BBEE status documentation
- Must not be on Register for Tender Defaulters or Restricted Suppliers
Contact & how to apply
Name: Rubina Data
Email: RubinaData@flysaa.com
Phone: 011-978-2155
How to apply: Submit your application via email to Tenders@flysaa.com. Ensure that the total file size does not exceed 2MB per email. If files are larger, you may send them in multiple parts or provide a secure, accessible downloadable link.
Related tenders
Provision of Cyber Security Services for SACAA.
The South African Civil Aviation Authority (SACAA) seeks a service provider for Cyber Security Monitoring and Managed Detection and Response services over three years. The project will be based at SACAA offices in Centurion, utilizing Trend Micro technologies for a 24/7/365 Cyber Risk Operations Center. Deliverables include threat detection, incident response, platform administration, cyber risk scoring, and security awareness training. The scope includes monitoring cloud and on-premise environments, such as Azure infrastructure. All administrative staff must be based in South Africa. The tender closes on 24 June 2026.
Global Inventory Freight Forwarding Management
South African Airways (SAA) seeks proposals for managing and distributing global inventory freight forwarding. The service includes coordinating inventory movement across domestic, regional, and international locations, including major hubs like London, Beijing, and New York. Key deliverables are transport management, end-to-end freight forwarding, and shipment optimization. Bidders must have at least five years of experience in global shipping logistics and provide a real-time track-and-trace system. The contract involves managing logistics for various service locations, with the tender closing on 18 June 2026.
Enterprise Vulnerability Scanning Solution Provider Appointment
The SABC seeks a service provider for licensing, implementation, maintenance, and support of an enterprise vulnerability scanning management solution for 5 years. The solution must include flexible scanning options, a unified endpoint agent, dynamic asset discovery, and live dashboards. The provider will supply license subscriptions, implementation, maintenance, and support.
Panel for ICT Infrastructure Supply and Maintenance
SASSETA seeks two service providers to supply, deliver, configure, support, and maintain its ICT infrastructure, including servers, switches, firewalls, and mobile UPS units. The contract runs until March 31, 2030, with a possible five-year extension. Services are provided on an ad-hoc basis, primarily outside regular working hours.
Internal Audit Service Review for High-Value Tenders
The Passenger Rail Agency of South Africa (PRASA) seeks a service provider to conduct internal audit reviews for high-value tenders on an 'as and when' basis. The scope includes reviewing procurement planning, tender advertisements, bid evaluations, and risk oversight. The service provider must prepare audit reports, capture evidence on the Teammate system, and ensure all audit staff are qualified. The project involves approximately 1,000 hours of work in Johannesburg, with a final report including management comments and action plans. The closing date is 18 June 2026.
Provision of National Physical Security for Transnet.
Transnet Property seeks a service provider for national physical security services over twelve months across five regions: Inland, Northern, KwaZulu-Natal, Western Cape, and Eastern Cape. The scope includes 24/7 access control, security personnel deployment, dog handlers, and security equipment provision. Deliverables include monthly and incident reporting, quarterly risk assessments, and emergency response services. The tender is issued by Transnet SOC Limited with a virtual briefing on 19 June 2026 and a submission deadline of 01 July 2026.