Top ICT tenders: Home Affairs locks down authentication, access control

Top ICT tenders: Home Affairs locks down authentication, access control


The successful bidder will develop and implement a multi-factor authentication system for the Department of Home Affairs. (Image source: 123RF)

The successful bidder will develop and implement a multi-factor authentication system for the Department of Home Affairs. (Image source: 123RF)

It’s not just road traffic that has slowed down due to school holidays, it’s also activity on National Treasury’s eTenders Portal as public sector attention favoured fast-turnaround requests for quotation. This means that after weeks of attractive tender opportunities, the ICT sector will have to make the most of more targeted requests.

The Department of Home Affairs (DHA) returns to the headlines this week as the State Information Technology Agency (SITA) invites proposals for the implementation of a multi-factor authentication and non-repudiation logical access control solution, including maintenance and support.

In its tender documentation, the agency explains the department deployed a biometric access control management system (BACM) in 2005 to enhance the of its systems, protect officials from identity abuse, and ensure authentication and no-repudiation on transactions performed on these systems. The system is currently integrated with the National Population Register (mainframe), Movement Control System (mainframe), Service Manager and other DHA systems.

“All users of the system require a smartcard, smartcard reader as well as a fingerprint scanner in order to access the department’s systems securely and to ensure only authorised officials have access to core DHA applications. This type of mechanism also ensures no user is able to access the systems using another official’s credentials, thus strengthening the security of the systems,” SITA says.

The successful bidder will be expected to develop and implement a multi-factor authentication and non-repudiation BACM system based on, but not limited to, smartcards/tokens, advanced and biometrics.

This system will legally bind a user to a transaction at the point of committing a sensitive transaction.

The system must also have the following capabilities:

  • Positively connect a physical person to a transaction with its non-reputation capabilities.
  • Digitally sign and time stamp transactions.
  • Detect when sensitive data or transactions are being amended using built-in intelligence.
  • Record activities by capturing the user details and the details of the transaction in a way that is admissible in a court of law.
  • Support open standards for authentication and authorisation.
  • Support the Identity Federation.
  • Support policy-based adaptive authentication that can provide a variety for options for multi-factor based step-up authentication.
  • Support fingerprint biometric modalities at a minimum.
  • Support forensic and business intelligence reporting and data mining.
  • Have public key infrastructure (PKI) solution to support the multi-factor authentication and non-repudiation.
  • Must allow the department to choose between PKI as a managed service or an on-premises PKI deployment.
  • Support crypto agility.
  • Support RFC 3161 time-stamping and transaction signing.
  • Support identity orchestration, thereby ensuring identities and user access policies are consistent.
  • Support other biometric modalities such as facial recognition, iris, etc.

The successful service provider will be expected to integrate the system with the department’s core systems such as National Population Register, Service Manager (smart ID and passport live capture system, biometric movement control system, eMCS/eVISA system), VISA adjudication system, movement control system and the automated biometric identification system and any other systems that the department identifies.

“There must be minimal configuration or customisation requirement on any of the DHA systems, such as mainframe to ensure integration happens with less impact to DHA server components,” says SITA.

On the user side, the provider will be expected to perform enrolment and onboarding of upwards of 6 000 users and provide online or offline training of all DHA IT and Learning Academy officials countrywide.

The terms of reference also state the bidder will be required to read the authentication and non-repudiation system data currently stored in the vault and produce forensic evidence within a prescribed period.

SITA will hold a non-compulsory briefing over Microsoft Teams on 20 July before submissions close on 5 August.

Other tenders that make this week’s top 10:

  • The Eastern Cape Department of Transport is calling for the supply and delivery of computer equipment, accessories and consumables for Government Fleet Management Services trading entity. The tender document specifies various notebooks; handheld mobile device terminals; rugged rubber boots for the mobile terminals; multi-slot cradle battery chargers; display monitors; book cover keyboards; multiport hubs; mice; backpacks; cabling; and various installation materials.
  • The City of Cape Town requires an eDiscovery solution for its ethics and forensic services department. The contract includes required training to effectively conduct forensic investigations with the assistance of eDiscovery processes which handle a variety of electronic evidence types. The solution must ultimately allow for a seamless end-to-end workflow for acquiring, analysing and reporting on digital evidence in compliance with industry best practices and legal standards, the metro says.

  • The city is also inviting bids for the provision of professional services for information systems, communication and technology services. The resource and skills requirements have been split into seven categories, specifically: business applications, distributed computing, ERP support centre, geographical information systems, infrastructure and applications as well as fixed networks and monitoring services, telecommunications and cyber security.

  • Mpumalanga’s Provincial Treasury wishes to appoint a service provider for the supply of internal audit software, including installation, configuration, customisation, training and software maintenance, technical and functional support. The provincial department explains support for its current audit management software ended 30 June 2026.

  • The Development Bank of Southern Africa is looking for an internet service provider (ISP) that can provide the Independent Power Producer Office with enterprise-grade data lines, VOIP and Mimecast e-mail archiving services. The institution states the IPP Office ICT department must be able to retain administrative control over the services delivered under this contract.

  • Department of Transport requires a service provider for the procurement of hyperconverged infrastructure and implementation services. The department says it currently uses aging blade server infrastructure and the successful service provider will be expected to configure and migrate data onto the new hyperconverged infrastructure. The department will also, where necessary, contract the services of external IT service providers to deploy a private cloud infrastructure on-premises at its head office and its data centres in Pretoria and Centurion.

  • eThekwini Metropolitan Municipality wishes to appointment a service provider to provide support, maintenance and development/configuration on the JDE Enterprise One System. The metro says the current support and maintenance contract will end on 14 August and it requires support, maintenance and configuration/customisations of existing modules process on the Oracle JDE Enterprise One System, inclusive of all mSCOA functionality and processes.

  • The Independent Communications Authority of South Africa is looking for a service provider for the review and updating of its IT strategy. The regulator reveals that during the approval process of its 2024/25 IT strategy, concerns were raised that it was not forward-looking and not sufficiently aligned with the ICASA strategy. The recommendation was to appoint a service provider to review the draft IT strategy, engage with the relevant role players, and update the strategy to address these concerns.

  • Statistics South Africa is inviting bids for the appointment of a service provider to supply Veritas NetBackup infrastructure and support. The organisation notes that support for its existing infrastructure expired in March 2025 and is no longer supported by the original equipment manufacturer.

Department of Transport, Eastern Cape

A service provider is sought to supply and deliver computer equipment, accessories and consumables for the department’s Government Fleet Management Services trading entity.

Tender no: SCMU 10-GFMS – 26/27-0001
Information: Phila Solwandle, Tel:043-731-1140, E-mail: [email protected]
Closing date: 3 August 2026

­­Tags: hardware, computing, consumables, peripherals

City of Cape Town

The Western Cape metro is calling for an eDiscovery solution.

Non-compulsory briefing: 24 July – Microsoft Teams, Link
Tender no: 18S/2026/27
Information: SCM Office, E-mail: [email protected]
Closing date: 12 August 2026

­­Tags: software, eDiscovery

Bids are also invited for the provision of professional services for information systems, communication and technology services.

Non-compulsory briefing: 15 July – Microsoft Teams, Meeting ID: 344 970 895 832 844, Passcode: ns3k9jm2
Tender no: 9S/2026/27
Information: SCM Office, E-mail: [email protected]
Closing date: 12 August 2026

­­Tags: services, professional services

Provincial Treasury, Mpumalanga

The provincial finance department wishes to appoint a service provider for audit software for internal audit for five years, with an option to extend.

Tender no: TREA/028/26/MP
Information: A Bellim, Tel:013-766-4566, E-mail: [email protected]
Closing date: 3 August 2026

­­Tags: software, audit software

Development Bank of Southern Africa

THE DBSA is looking for an ISP that can provide the IPP office with data lines, VOIP and Mimecast services for three years.

Compulsory briefing: 17 July – Microsoft Teams
Tender no: RFP073/2026
Information: Nompumelelo Khumalo, Tel:011-313-3109, E-mail: [email protected]
Closing date: 31 July 2026

­­Tags: telecommunications, internet, internet service provider, ISP, voice over IP, VOIP, security

State Information Technology Agency

Proposals are invited for the implementation of a multi-factor authentication and non-repudiation logical access control solution, including maintenance and support for five years.

Non-compulsory briefing: 20 July – Microsoft Teams, Link
Tender no: RFP 3263-2026 [ERP NO: 438013]
Information: Muditambi Gangazhe, Tel:012-367-3781, E-mail: [email protected]
Closing date: 5 August 2026

­­Tags: software, multi-factor authentication, logical access control, services, support and maintenance, security

Department of Transport

The national department requires a service provider for the procurement of hyperconverged infrastructure and implementation services.

Compulsory briefing: 17 July
Tender no: DOT/06/2026/CS
Information: Nelisiwe Goodness Nyawo, Tel: 012-309-3291, E-mail: [email protected]
Closing date: 30 July 2026

­­Tags: hardware, hyperconverged infrastructure, services

eThekwini Metropolitan Municipality

The KwaZulu Natal metro wishes to appointment a service provider to supply support, maintenance and development/configuration on the JDE Enterprise One System for three years.

Tender no: 36537-1i
Information: Mduduzi Mdletshe, Tel: 031-322-1265, E-mail: [email protected]
Closing date: 7 August 2026

­­Tags: software, services, professional services, support and maintenance

Independent Communications Authority of South Africa

A service provider is sought for the review and updating of the agency’s IT strategy for six months on an 80/20 PPPFA 2000, Preferential Procurement Regulation: 2022.

Tender no: ICASA 25-2026
Information: Bid Administration Office, Tel:012-568-3139, E-mail: [email protected]
Closing date: 29 July 2026

­­Tags: services, professional services

Statistics South Africa

Stats SA is inviting bids for the appointment of a service provider/s to supply Veritas NetBackup infrastructure and support for 36 months.

Tender no: STATS SA 007/26
Information: Bid office, Tel: 012-310-8940, E-mail: [email protected]
Closing date: 29 July 2026

­­Tags: hardware, security, services, support and maintenance