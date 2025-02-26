Honourable Chairperson

Honourable Chairperson and honourable members, it is always a pleasure to be given the opportunity to come and present before you. Today, we have come to present the final report on the independent investigation into the COVID SRD system.

This process emanated after we were confronted by the challenge presented by the Stellenbosch students, and this Committee requested us to respond to the issues raised, shed light on the SRD application process and system’s weaknesses, and determine if there were fraudulent interactions. The request related to testing the system’s vulnerability and penetration tests.

Chairperson and Honourable members, in response to the Committee’s recommendation, we indeed appointed a Task Team from DSD and SASSA to drive this work and to ensure that it is done professionally. We also appointed a service provider to conduct the investigation, including vulnerability and penetration tests.

Chairperson, you will remember that on 27 November 2024, we came here to present our preliminary report and also promised that once the final report was completed, we would come and table the report for your consideration.

Indeed, Honourable members, by 27 November 2024, there were still some outstanding activities that were not concluded at the time of tabling the preliminary report. These included:

Reviews of the Service Level Agreements between SASSA and the service provider

Risk Assessment

Interviews with the two students

Analysis of the SRD server

Once these were completed, an implementation plan from DSD and SASSA management was obtained.

Honourable members, as we may be aware, we live in a digital world which always poses some threats to our daily lives if not properly managed. This is a growing concern globally, impacting individuals, governments, and organizations. As digital transformation accelerates, so do the challenges of safeguarding personal data and ensuring the integrity of the systems we rely on. Unfortunately, this global issue has reached our shores, and we are seeing its negative impact in the very systems we use to serve the most vulnerable members of society.

I wish to assure the Committee and our fellow South Africans that the department and SASSA take any allegations of fraud and corruption in our systems very seriously. We understand that fraud in the system amounts to taking food out of the mouths of the poor, and this is unacceptable. As a result, we commit to ensuring we safeguard our systems and achieve our motto of paying the right grant to the right person every time – Njalo!

Chairperson, the overall conclusion of the draft and final report highlights significant vulnerabilities and weaknesses within the SRD grant system in particular.

As a department, we take these challenges very seriously, as the integrity of our systems and the protection of personal information are paramount. We recognize the weaknesses and concerns that have been raised, and we are committed to addressing them with the utmost urgency and diligence.

Chairperson, DSD and SASSA agree with the findings raised in the final report. As such, we have developed a management response with a detailed implementation plan that will be outlined here today as to how we will address the gaps identified in the report.

The final report detailed significant vulnerabilities and weaknesses within the SRD grant systems, and these will be included in the terms of reference for a full investigation of the social grants systems, as requested by your good selves.

Honourable members, we are grateful for the opportunity this challenge has been able to activate, as it has created alertness from the department and the Entity on the need to have regular upgrades of our systems. If cybercriminals can hack the Weather Service Agency, which does not keep any financial systems, in January this year, it shows the need to have regular checks and system upgrades. As the government talks about creating an integrated system, we need to be cognizant of the security risks to ensure the protection of systems.

Chairperson, with your permission, allow me to invite the team to do the presentation, followed by the SASSA management on the draft implementation plan.

I thank you.

