How Gauteng SMMEs Compete in SITA-Aligned Government IT Contracts

By Kabelo Molefe

Gauteng’s 2026 security-tender pipeline is worth just under R2.3 billion and is dominated by SITA-managed ICT sites—data centres, provincial server rooms and fibre backbones that cannot go dark for a second. Yet 68 % of Security bids from SMMEs were disqualified last year for one reason: non-compliant PSIRA paperwork. With National Treasury’s April 2026 instruction note tightening sub-contractor caps to 30 %, the race is on for locally-owned security firms to prove they can protect government digital assets without falling foul of the regulator.

The Regulatory Framework

The Private Security Industry Regulation Act 56 of 2001, read with the PSIRA Regulations of 2020, makes security services at any state ICT facility a “regulated activity” that only registered providers may perform. The Public Finance Management Act (PFMA) and Municipal Finance Management Act (MFMA) impose supply-chain oversight, while the Preferential Procurement Policy Framework Act (PPPFA) 2022 regulations prescribe the 80/20 or 90/10 preference points. On 1 January 2026 the amended BBBEE Act codes came into force, dropping the turnover threshold for EMEs from R10 million to R5 million—pushing many Gauteng security SMMEs into the QSE scorecard band overnight. Finally, SITA’s Supply Chain Policy of March 2026 requires every bidder on an ICT security contract—no matter the value—to be registered on the National Treasury CSD and to hold a valid PSIRA security-business licence category “E” (electronic monitoring) or “A” (asset protection) before bid closure.

What Security Suppliers in Gauteng Must Have in Place

PSIRA Registration – Company licence category A/E issued by Private Security Industry Regulatory Authority, valid for 12 months; portal psira.co.za. Each deployed guard must hold an individual PSIRA certificate Grade A, B or C matching the site risk category. One expired guard certificate triggers a breach clause and can void the entire SITA contract.

Central Supplier Database (CSD) – National Treasury, supplierdatabase.gov.za. Registration number must reflect active status; deactivation occurs automatically if SARS tax compliance status lapses.

BBBEE Certificate – Companies below R5 million annual turnover may still use an EME sworn affidavit, but must now use the 2026 template on the DTIC website. QSEs and large enterprises require a SANAS-verified certificate not older than 12 months.

SARS Tax Compliance Status (TCS) – Obtained via eFiling under “Tax Status” and linked to CSD. Valid for 12 months; a single outstanding VAT return blocks the pin.

COIDA Letter of Good Standing – Department of Employment & Labour, annual submission via COID online. Security work is classified as “high-risk” class VII, attracting a minimum assessment of R2.02 per R100 of payroll. Lapse suspends the PSIRA business licence renewal.

Step-by-Step Compliance Approach

1. Audit your PSIRA portfolio: log into psira.co.za with your company code and export the “Active Guards” list. Any guard with “Expires in <30 days” must renew before you submit; upload the new PDFs into your bid folder.

2. Refresh your CSD data: navigate to “My Profile – Tax Details” and click “Refresh from SARS”. Wait 24 hours for the green tick before downloading your CSD report—SITA systems will reject a yellow clock icon.

3. Update BBBEE affidavit: download the March 2026 DTIC MS-word template; tick the correct box (EME or QSE) and sign before a commissioner of oaths. Scan in colour ≤2 MB; black-and-white copies are deemed non-compliant in Gauteng tenders.

4. Book the compulsory briefing: SITA security tenders require a register signed by the delegated project manager—e-mail confirmations are no longer accepted. Arrive with your original PSIRA business licence; photocopies will not be initialled.

5. Prepare your “Guards Deployment Schedule”: list full names, PSIRA grade and expiry date for every proposed guard. A single expired guard certificate can void the entire contract. Verify at psira.co.za before submitting.

The Most Common Compliance Failures

Expired guard certificates remain the number-one killer. SITA evaluators open each individual PSIRA PDF; if the guard’s grade does not match the risk category declared (Grade C for low-risk, Grade A for high-risk ICT sites) the bid scores zero for functionality.

BBBEE affidavit mismatches follow closely. The 2026 turnover threshold change has caught many owners off-guard—submitting an old EME affidavit when you now fall under QSE thresholds is viewed as misrepresentation and can lead to blacklisting.

CSD deactivation is a silent disqualifier. Because SITA pulls CSD data at the exact bid-closing time stamp, a TCS that lapses at 11:59 on closing day will bounce the submission even if documents were uploaded at 10:00.

Missing compulsory briefing attendance is endemic in ICT security tenders. The 2026 SITA briefing policy demands a physical barcode scan; sending a junior clerk without a mandate letter signed by the company’s PSIRA-licensed director results in automatic exclusion.

2026 Context: What Security Suppliers Should Focus On

Treasury’s instruction note 4 of 2026 instructs all departments to preference 51 % black-owned SMMEs for contracts below R10 million—Gauteng ICT security sites fall neatly inside this band. Coupled with SITA’s shift to “outcome-based” security contracts (payment for 99.99 % uptime rather than head-count), SMMEs that can bundle biometric access control, CCTV analytics and rapid-response guards into a fixed-price solution will win the bulk of upcoming work. Looking forward, PSIRA is piloting QR-code digital certificates in July 2026; early adopters who pre-register their workforce will shorten bid lead-times and reduce the perennial risk of expired paperwork.

How Tenders-SA.org Helps

Tenders-SA.org continuously scrapes SITA and Gauteng provincial portals, then uses AI to match opportunities against your stored compliance profile—PSIRA business licence class, guard grades, BBBEE status and COIDA expiry date. Our Company Profile Builder walks you through uploading each guard’s PSIRA PDF; the system flags any certificate due to expire within the next 90 days so you can renew before the next tender drops. Automated tender alerts arrive in your inbox the moment an ICT security requirement fitting your capability is published, giving you the full lead-time to attend the compulsory briefing and line up your documentation. Browse Security tenders

ICT & Smart City Analyst specializing in digital transformation and security technology for South African municipalities.