RFQ Number: RFQ GROIA002/2026

Role: Provision of Ict General Controls and Business Continuity Services
Issue Date: 6 January 2026
Closing Date: 23 January 2026
Period: 3 months

 

Objective:

Icebolethu Group is seeking to appoint suitably qualified and experienced bidders to assess, implement, and strengthen ICT general control frameworks and business continuity capabilities. This is in line with the Group’s commitment to governance, risk management, and internal control effectiveness.

 

Mandatory Compliance Requirements:

The following are compulsory compliance requirements that must be met by all prospective suppliers to be considered for the pricing evaluation:

 

Compliance Requirements and Returnable Documents:

• Company profile and project portfolio.
• CIPC registration certificate (COR 14.3)
• Valid Tax PIN
• VAT Registration
• Directors’ ID copies
• B-BBEE certificate or sworn affidavit
• Proof of Address (Not older than 3 months)
• Bank Account Confirmation Letter (Not older than 3 months)
• 3 Year Audited/ Reviewed Financial Statements
• Non-Disclosure Confidentiality Agreement (Annexure D)

 

Technical Requirements and Returnable Documents:

• Detailed methodology
• Reference Letters
• Project Team organogram
• Project Team’s CV’s and relevant certified qualifications
• Completed Pricing Schedule – Annexure B

 

Technical Scope:

The appointed service provider shall perform an integrated review and implementation support on the following domains:

 

ICT Policies and Procedures:

• Review and develop policies aligned with COBIT, ITIL, ISO/IEC 27001, and internal audit frameworks.
• Focus areas: Information security, change management, access control, backup, BCP, and DRP.
• Document and standardize procedures to align with internal control objectives.

 

Access to Programs and Data

• Assess access rights and segregation of duties across systems.
• Implement user access review processes and controls over privileged access.
• Recommend improvements aligned with risk and compliance requirements.

 

Program Changes and Development

• Review software change control protocols.
• Document the lifecycle for changes including approval, testing, deployment, and rollback procedures.
• Ensure traceability and audit trail for all program changes.

 

ICT Asset Management

• Verify the completeness and accuracy of the ICT asset register.
• Assist with asset tagging, lifecycle tracking, and reconciliation with finance records.
• Identify gaps or inconsistencies affecting IT assurance.

 

ICT Structure and Governance

• Evaluate the ICT organizational structure, including reporting lines and segregation of roles.
• Assess skills availability and capacity against internal audit expectations
• Recommend enhancements to governance oversight mechanisms

 

Incident Management and Helpdesk

• Assess Helpdesk operations, ticket logging systems, and escalation workflows.
• Evaluate turnaround time (TAT) against existing SLAs or operational benchmarks.
• Recommend controls for prioritization, escalation, and root cause analysis.

 

ICT Backups

• Review current backup policies and technologies.
• Ensure secure, automated, and tested backups for critical systems.
• Document RPO (Recovery Point Objective) and RTO (Recovery Time Objective) performance.

 

Facilities Infrastructure Developments

• Evaluate physical and environmental controls in data/server rooms.
• Recommend enhancements in cabling, air-conditioning, physical security, and server setup.
• Provide gap analysis and an implementation roadmap.

 

Backup Generators

• Assess adequacy of current generator capacity for ICT operations.
• Propose generator solutions (supply/upgrade) where gaps exist.

 

Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP)

• Review Business Continuity and Disaster Recovery Plan and identify gaps.
• Conduct Business Impact Analysis (BIA).
• Test BCP/DRP with scenario planning and training for relevant staff.

 

Expected Deliverables:

• Comprehensive ICT Policies & Procedures Manual
• Access Control Review Reports & Recommendations
• Change Management Audit Trail
• Updated ICT Asset Register with reconciliation findings
• ICT Governance Structure Assessment Report
• Helpdesk Performance Evaluation and SLA Matrix
• Backup Testing Reports and Strategy Document
• Infrastructure Audit and Upgrade Proposal
• Generator Assessment Report & Maintenance Plan
• Complete Business Continuity & Disaster Recovery Plan
• DRP/BCP Testing and Training Reports

 

Annexures: List of attachments

The following documents are included as part of this Request for Quotation (RFQ) package:

1. RFQ Document
   Main document outlining the scope, requirements, terms, and evaluation criteria.
2. Annexure A – Supplier Information
   Form to be completed with the supplier’s company details, registration, compliance information, and contact information.
3. Annexure B – Pricing Schedule
   Template for suppliers to indicate the regions/provinces they are able to service.
4. Annexure C – Returnable Documents Checklist
   Checklist to be completed and returned as mandatory part of RFQ submission.
5. Annexure D – Non-Disclosure Confidentiality Agreement
   

Download RFQ Form and Annexures

 

 

Clarification on enquiry documents:

Contact for Commercial Queries:	nosihle.maduna@icebolethu.co.za
Contact for Technical Queries:	Khaya.meslane@icebolethu.co.za
Procurement Contact Number:	060 919 6197
Clarification on enquiry documents:	Bidders are required to submit any requests for clarification no later than 72 hours prior to the closing date of this RFQ. Technical enquiries must be directed to: khaya.meslane@icebolethu.co.za Procurement process-related queries must be directed to: nosihle.maduna@icebolethu.co.za

 

Submission Guidelines:

• Bidders are required to submit their proposals on time and to the correct designated email address. Submissions that are late or sent to an incorrect address will be automatically disqualified and will not be considered for evaluation.
• Email submissions must be sent to: tenders@icebolethu.co.za
• To meet email size limits, compress documents or send them as an accessible link.

Deadline: at 17h00 (CAT)

Email subject line format: “RFQ GROIA002/2026 – Internal Audit RFQ Submission – [Your Company Name]”

 

Important:

• No late submissions will be accepted.
• No physical or hand-delivered proposals will be considered under any circumstances.