Project Name: Information Technology Risk Assessment

CHEROKEE NATION BUSINESSES, L.L.C.

REQUEST FOR PROPOSAL

PROJECT NAME: INFORMATION TECHNOLOGY RISK ASSESSMENT

RFP NUMBER 9454

DATED:3/18/12

TABLE OF CONTENTS

I.SOLICITATION TO BID

II.INSTRUCTIONS TO BIDDER

III. STATEMENT OF WORK AND SPECIFICATIONS

IV.BUSINESS RELATIONSHIP AFFIDAVIT

V.NON-COLLUSION AFFIDAVIT

VI.NOTICE OF AWARD

VII.CONTRACT AGREEMENT

VIII.NON-DISCLOSURE AGREEMENT

SECTION I

SOLICITATION TO BID

CHEROKEE NATION BUSINESSES, L.L.C.

PROJECT NAME: INFORMATION TECHNOLOGY RISK ASSESSMENT

PROJECT MANAGER: GARY ARMSTRONG

Sealed bids are being solicited by Cherokee Nation Businesses, L.L.C. (“CNB”) for furnishing all equipment, labor and materials to complete the work described in Section IV of the Contract Documents, Statement of Work and Specifications.

All proposals should be sent by express delivery, regular mail or hand delivery to CNB’s Catoosa Corporate office at the following address, to be received no later than3:00 PM CST on 3/25/13.

IF BY EXPRESS DELIVER OR REGULAR MAIL

Cherokee Nation Businesses, L.L.C.

Attn: Charla Vardeman

777 W. Cherokee Street

Catoosa, Oklahoma 74015

IF BY HAND DELIVERY

Cherokee Nation Businesses, L.L.C.

Corp. Bldg. 3

Attn: Charla Vardeman

1102 N. 193Rd East Avenue

Tulsa, Ok 74015

The bidder must supply all the information required by the Contract Documents.

SECTION II

INSTRUCTIONS TO BIDDER

1.00 DEFINITIONS

1.01The “Contract Documents” and “Contract” shall mean and shall include the Solicitation to Bid, Instructions to Bidder, Bid Schedule, Contract Agreement, Statement of Work and Specifications, and attachments, exhibits and all other documents attached hereto and thereto and incorporated by reference herein and therein, said accumulation of documents constituting the entire agreement.

1.02“Company” refers to Cherokee Nation Businesses, L.L.C.

1.03“Company Representative” refers to Cherokee Nation Businesses’ Project Manager as identified in Section I, Solicitation to Bid, or other authorized representative of Company as may be designated in writing.

1.04“Contractor” refers to the party contracting with the Company in the Contract Documents, acting directly or through agents, subcontractors, or employees.

1.05“Subcontractor” refers to the party contracting with the Contractor for any part of the Work required by the Contract Documents.

1.06“Work” includes all services to be performed or things to be furnished by the Contractor, or both services and things, as the context reasonably requires, including all supervision, labor, materials, supplies, tools, equipment, light, water, fuel, power, heat, transportation, or other facilities necessary for the discharge of all of Contractor’s obligations under the Contract Documents.

2.00DESCRIPTION OF WORK

2.01The Work to be performed is described in Section IV, Statement of Work and Specifications, of the enclosed Contract Documents.

3.00FAMILIARITY WITH CONTRACT DOCUMENTS AND PROPOSED WORK

3.01The bidder has the responsibility for examination of all Contract Documents, inspection of all work sites, and familiarization with all conditions concerning the Work. Failure or neglect of the bidder to discharge this responsibility will not excuse nonperformance.

3.02The bidder has the responsibility to estimate the time and quantities of work required to complete the Work. Failure or neglect of the bidder to discharge its responsibility will not excuse nonperformance.

4.00BIDDING INSTRUCTIONS

4.01The bidder shall make his bid by inserting the bidder's figure in the applicable blanks of the Bid Schedule, by initialing those inserted figures, by completing any forms, by executing the Contract Documents and by returning the entire Contract to the Company.

4.02The bidder must furnish with its bid, a completed, signed and notarized Business Relationship Affidavit, a copy of which is included in the Contract Documents as Section V.

4.03The bidder must furnish with its bid, a completed, signed and notarized Non-Collusion Affidavit, a copy of which is included in the Contract Documents as Section VI.

4.04Tribal Employment Rights Office, “TERO,” requirements apply including fee of ½ of 1% of total contract award. Successful bidder must complete TERO Labor Agreement and pay all applicable fees, including $25 per non- Indian employee working on this project per day if working on a Cherokee Nation location. Please refer to Cherokee Nation Legislative Act 30-12 dated 8/13/12 repealing and superseding Cherokee Nation law regarding Labor and Employment Rights Ordinance and Declaring an Emergency. The complete Act is available by contacting the TERO office at Tahlequah, 918-453-5000. TERO bidders are required to provide a copy, front and back, of their TERO certificate with return bid(s).

4.05The Bid Schedule must be completed in ink or by typewriter. The Bid Price on the Bid Schedule must be stated in words and figures, in case of a conflict words will take precedence. No alterations, additions or erasures shall be made on the Bid Schedule. Erroneous entries shall be lined out, initialed by the bidder and the correct entry inserted.

4.06All names on the Bid Schedule must be typed or printed below the signature.

4.07The Bid Schedule shall contain an acknowledgment of receipt of all Addenda (the numbers of which shall be filled in on the Bid Schedule).

4.08The address to which communications regarding the Bid Schedule are to be directed must be shown.

4.09Bids shall be submitted at the time and place indicated in the Solicitation to Bid and shall be enclosed in a sealed envelope, marked with the Project Title, Contract Number, Name and Address of the bidder, and accompanied by the other required documents. If the Bid is sent through the mail or other delivery system, the sealed envelope shall be enclosed in a separate envelope addressed to the Cherokee Nation Businesses, L.L.C., Attn: Charla Vardeman, with the notation “SEALED BID - DO NOT OPEN” on the face thereof.

5.00QUALIFICATION OF BIDDERS

5.01No bid will be accepted unless the bidder can, if requested, show to the satisfaction of the Company evidence of its experience and familiarity with work of the character specified. This may include, at the Company's option, evidence of similar work by his firm (or principal employees) that has been performed satisfactorily and completed during the past five (5) years.

5.02No bid will be accepted unless the bidder can show to the satisfaction of the Company evidence of his financial ability to perform the Work successfully and properly, to completion.

5.03If bidder has a parent company or relies on a parent company to obtain or fulfill any of the Work to be contracted, then Company has the right to required bidder's parent company to provide guarantee of bidder's proposal and the performance of any obligations arising under the Contract Documents.

5.04In the awarding of this Contract and the performance of these Contract Documents, Company and Contractor and its subcontractor(s) shall, to the greatest extent feasible, give preference to Indian organizations, Indian owned enterprises and individuals as certified by TERO. First preference shall be given to members of the Cherokee Nation and their businesses. Second preference shall be given to members of all other federally recognized tribes.

6.00INTERPRETATIONS

6.01All questions about the meaning or intent of the Contract Documents shall be submitted to the Company Representative in writing. Replies will be issued by Addenda to the RFP posting on the Cherokee Nation procurement website. Questions received less than two days prior to the date for opening of bids will not be answered. Only questions answered by formal written Addenda will be binding. Oral and other interpretations or clarifications will be without legal effect.

7.00CONTRACT TIME

7.01The number of days within which, or the date by which, the Work is to be completed (the “Contract Time”) is set forth in the Bid Schedule and will be included in the Contract Agreement.

7.02The Contract Time for the work to be performed is the essence of the Contract Agreement. Delays and extensions of time may be allowed in accordance with General Terms and Conditions attached to the Contract Agreement.

8.00LIQUIDATED DAMAGES

8.01Provisions for liquidated damages, if any, are set forth in the Contact Agreement.

9.00REJECTION OF BIDS

9.01Bids received more than ninety-six (96) hours, excluding Saturdays, Sundays and holidays, before the time set for opening of bids, as well as bids received after the time set for opening of bids, will not be considered.

9.02Company reserves the right to reject any and all bids when such rejection is in the best interest of Company. All bids are received subject to this stipulation and Company reserves the right to decide which bid shall be deemed lowest and best. A violation of any of the following provisions by the bidder shall be sufficient reason for rejecting his bid, or shall make any Contract between Company and the Contractor that is based on his bid; (i) null and void; divulging the information in said sealed bid to any person, other than those having a financial interest with him in said bid, until after bids have been opened; (ii) submission of a bid which is incomplete, unbalanced, obscure, incorrect, or which has conditional clauses, additions, or irregularities of any kind not in the original Bid Schedule, or which is not in compliance with the Instructions to Bidder and Solicitation to Bid, or which is made in collusion with another bidder. The foregoing list is non-exhaustive and Company reserves the right to reject a bid or nullify any Contract between Company and the Contractor that is based on his bid for any other reason it deems is in the best interest of the Company.

10.00BIDS TO REMAIN OPEN

All bids and pricing submitted under this RFP shall remain valid and open for ninety (90)days after the day of the bid opening, but Company may, in its sole discretion, release any bid prior to that date.

11.00AWARD OF CONTRACT

11.01Company reserves the right to reject any and all bids, to waive any and all bid document requirements and to negotiate Contract terms with the successful bidder, and the right to disregard all nonconforming, nonresponsive or conditional bids. Discrepancies between words and figures will be resolved in favor of words. Discrepancies between the indicated sum of any column of figures and the correct sum thereof will be resolved in favor of the correct sum.

11.02Company reserves the right to issue one award, multiple awards, or reject all bids. All quotes are subject to negotiation prior to award. Awards may be issued without discussion of quote received, and quotes should initially be submitted on the most favorable terms from a price and technical standpoint.

11.03In evaluating bids, Company shall consider the qualifications of the bidders and whether or not the bids comply with the prescribed requirements.

11.04Company may consider the qualifications and experience of subcontractors and other persons and organizations (including those who are to furnish the principal items of material or equipment) proposed for those portions of the Work as to which the identity of subcontractors and other persons and organizations must be submitted. Operating costs, maintenance considerations, performance data and guarantees of materials and equipment may also be considered by Company.

11.05Company may conduct such investigations as it deems necessary to assist in the evaluation of any bid and to establish the responsibility, qualifications and financial ability of the bidders, proposed subcontractors and other persons and organizations to do the Work in accordance with the Contract Documents to Company’s satisfaction within the prescribed time.

11.06Company reserves the right to reject the bid of any bidder who does not pass any such evaluation to Company’s satisfaction.

11.07In the awarding of this Contract and the performance of these Contract Documents, Company, Contractor and its subcontractor(s) shall, to the greatest extent feasible, give preference to Indian organizations, Indian owned enterprises and individuals. First preference shall be given to members of the Cherokee Nation. Second preference shall be given to members of all other federally recognized tribes.

11.08The successful bidder shall execute and deliver the Contract Agreement, Contractor’s Performance Bond and the required certificates of insurance within five (5) calendar days of receipt of the Notice of Award. If the successful bidder fails to execute and deliver the Contract Agreement and the required certificate of insurance within five (5) calendar days of the Notice of Award, Company may annul the Notice of Award.

12.00BEGINNING WORK

The Work shall be commenced immediately (not more than 5 calendar days) after execution of the Contract Agreement unless otherwise agreed by the parties.

13.00CONTRACTOR’S LIABILITY INSURANCE REQUIREMENTS

13.01No Work is to be commenced and no invoices will be paid until Company is in receipt of a Certificate of Insurance covering all the requirements outlined in the General Terms and Conditions attached to the Contract Agreement.

14.00 DEBARMENT

By submitting a response to this Request for Proposal, the Contractor certifies to the best of their knowledge and belief that the Subcontractor, the firm, or any of its principals are not presently debarred, suspended, or proposed for debarment by any federal, state, local or tribal entity. This certification is a material representation of fact upon which reliance was placed when making award. If it is later determined the Subcontractor rendered an erroneous certification, in addition to other remedies available to CNB or its entities, CNB may terminate the contract resulting from this Request for Proposal for default .

SECTION III

PROJECT DESCRIPTION

CHEROKEE NATION BUSINESSES, LLC

INFORMATION TECHNOLOGY RISK ASSESSMENT

PROJECT MANAGER: GARY ARMSTRONG

INTRODUCTION

The Cherokee Nation (the “Nation”) is a federally recognized Indian tribe whose headquarters are located in Tahlequah, Oklahoma. The Nation is the second largest Indian tribe in the United States with more than 320,000 tribal members and a 9,234 square mile area called Cherokee Nation, which is not a reservation, but a jurisdictional area that includes all of eight counties and portions of six others in northeast Oklahoma. The Nation established its first gaming venture in 1990 with one small building in Roland, Oklahoma. Today the Nation, through a wholly owned tribal limited liability company, operates seven casinos, a horse racing facility with electronic gaming machines, two retail smoke shop facilities that include electronic gaming machines, three hotels/motels with a total of 638 guest rooms, several food and beverage outlets, live entertainment venues, three golf courses and other retail facilities, including an additional smoke shop, a travel plaza, convenience stores and gift shops. In addition to its gaming and non-gaming operations the Nation, through the same wholly owned tribal limited liability company, is involved in a variety of commercial enterprises including manufacturing, distribution, personnel services and environmental services.

The Nation conducts all of its economic activities through Cherokee Nation Businesses, L.L.C. (“CNB”), a wholly owned tribal limited liability company organized under the laws of the Nation. Formed on June 16, 2004, CNB was created to provide shared services and strategic coordination to the Nation and to act as a holding company for certain business enterprises and joint venture investments. The Nation controls 100% of CNB, and CNB’s board of directors is appointed by the Nation’s Principal Chief and confirmed by the Cherokee Nation Tribal Council.

CNB’s enterprises include various companies segmented by industry portfolios. Companies in the hospitality portfolio operate all of the gaming and gaming related operations; companies in the aerospace and manufacturing portfolio are involved in the production, assembly and repair of electronic component parts for the commercial and defense industry, telecommunications, and services; the technology portfolio contains companies which provide full-service information technology services to government agencies and commercial businesses; the security and defense portfolio provides security and safety services; the construction portfolio provides construction-related services, including general contracting, oversight of construction projects and safety training; the medical services portfolio sells and leases durable medical equipment, and provides professional medical services. CNB’s primary objective with respect to these enterprises is to develop economic self-sufficiency for the Nation’s members and provide jobs for members of the local communities. Combined, the CNB enterprises are the largest employers in Northeast Oklahoma with over 4,000 employees and generate over $700 million and $100 million in annual revenues and net income, respectively.

CNB IT supports +/- 50 physical locations, most of which have various levels of WAN connectivity. There are two main datacenters that are co-located within two (2) of our major entertainment and hospitality locations; Catoosa, OK at 777 West Cherokee Street, Catoosa, OK 74015 and West Siloam Springs, OK at 2416 Hwy 412, Watts, OK 74964. CNB has standardized primarily on Cisco, Aruba and Microsoft for its core infrastructure. There are approximately 450 physical and 350 virtual servers, 2,000 network devices and 3,000 managed end-user devices. Primary applications include: PeopleSoft Financials, PeopleSoft HCM, PeopleSoft CRM, Kronos, Deltek, Accura, IGT Advantage, Micros POS, Opera Hotel, SharePoint, IIS, and Exchange - Microsoft Active Directory (multi-forest) is used for directory services.

GOAL

The overall goal of this engagement is to perform a risk assessment of the CNB IT environment to improve IT functions, mitigate risk and to ensure IT is positioned to support CNB goals, the strategic plan and the Enterprise Risk Management initiative.

SCOPE

The successful respondent will examine and evaluate the organization, services and processes of the IT Department. The methodology of the risk assessment should conform to, or be developed from one or more of the professional organizations that have promulgated industry standards and guidelines for conducting IT risk assessments (e.g., IT Governance Institute, United States General AccountingOffice, ISACA). The methodology should provide an analysis of risk areas and serve as a basis for developing an enterprise-wide risk management plan. The successful respondent shall not be allowed to provide any equipment, software or management services to CNB that may be recommended as a result of the risk assessment or have any financial or operational ties to any potential vendors.

The primary objectives of the assessment are:

1. Obtain an understanding of key business operations, the IT environment, new and ongoing IT initiatives, key data information flows, and IT risk management infrastructure (policy, procedures, organization, etc.).
2. Analyze and evaluate the quality of processes, routines, controls/configurations of the following general IT areas:

• Organization and management of IT operations
• LAN/WAN/Wireless network and server infrastructure
• Application development and maintenance
• IT application, network and infrastructure security
• Disaster recovery/Business Continuity

1. Identify and describe high-risk areas.
2. Identify and describe mitigating controls/configurations for the defined high-risk areas and compare the existing control structure with IT best practices.
3. Evaluate each risk area and define overall risk level for CNB.
4. Identify opportunities for improvement and develop practical and cost effective recommendations for each opportunity identified.

DELIVERABLES