eSentire will conduct phishing campaigns against those internal employees identified by Client to determine users susceptible to phishing attacks and track email links clicked, interactions with decoy webpages (Phishgates)*, opened attachments and such other metrics as may be determined by eSentire from time to time. The number of phishing campaigns shall be set out on the applicable Order Form. Client shall approve in advance of each phishing campaign the timing and schedule of such campaign. Pre-defined templates shall be used for each phishing campaign with a maximum of two (2) iterations of campaign template refinements. Client shall be responsible for ensuring the phishing campaign emails can be received by Client’s email infrastructure.