Merge branch 'final_report' into 'master'

Final report

See merge request !1

report/00_Introduction.tex

-%% ----------------------------------------------------------------
-%% Introduction.tex
-%% ---------------------------------------------------------------- 
-\chapter{Introduction} \label{Chapter:Introduction}
-Example Introduction
\ No newline at end of file

report/0_Abstract.tex

-This is the abstract
+\section*{Abstract}
\ No newline at end of file
+
+There are hundreds of cyber security compliance standards, and many businesses require their partner companies and/or members of their supply chain to comply with numerous standards. Keeping track of each company's compliance to a particular standard is a lengthy and potentially expensive process since it can be very difficult to maintain without the use of an external service or consultant. Most SMEs will be unable to afford this - due to the required time and level of experience, it may not be something a system administrator can do on top of their other responsibilities, and a consultant could be too expensive.
+
+An engine that automatically generates cyber security compliance forms could provide a low cost, time efficient solution for businesses that need a flexible and customisable way of tracing their partner's compliance (or their own compliance) with multiple standards.
+
+The goal of this project is to create a web application system that will generate and store compliance forms for the end user. The forms will be generated by a user, and accessible to specified partners chosen by the user. This will include the ability to update the forms at a later date. The scope of this project includes cyber security compliance - while this project may be relevant to other forms of compliance, the focus will be on compliance within the cyber security field only, with the potential for future work to explore alternative forms of compliance.
\ No newline at end of file

report/10_FutureWork.tex

-%% ----------------------------------------------------------------
-%% FutureWork.tex
-%% ---------------------------------------------------------------- 
-\chapter{Future Work} \label{Chapter: Future Work}
-It works.

report/11_Bibliography.tex

-%% ----------------------------------------------------------------
-%% Bibliography.tex
-%% ---------------------------------------------------------------- 
-\chapter{Bibliography} \label{Chapter: Bibliography}
-It works.

report/1_Chapter1.tex

-%% ----------------------------------------------------------------
-%% Chapter1.tex
-%% ---------------------------------------------------------------- 
-\chapter{Project Goals} \label{Chapter:one}
-Example Chapter
\ No newline at end of file

report/1_Introduction.tex

+%% ----------------------------------------------------------------
+%% 1_Introduction.tex
+%% ---------------------------------------------------------------- 
+\chapter{INTRODUCTION}
+
+\section{Overview}
+    Many businesses require their partners to comply with numerous and varied cyber security compliances, of which there are literally hundreds. Cyber supply chain risk management (CSCRM) differs from cyber security, by gaining a higher degree of governance over the company in question, and over its extended enterprise partners, such as all its suppliers and customers. Whereas cyber security only considers security of a technical nature, CSCRM attempts to encompass both managerial and human factors in preventing risks from disrupting IT systems\textquoteright\ operations. \cite{CSCRM}
+
+    The following chapter will give an overview of the project\textquoteright s goals and objectives. The subsequent chapters will go on to talk about compliance in cyber security, cyber crime, supply chains and the impacts of security breaches on businesses, use cases, requirements, risks and functionality for the proposed application, followed by the proposed design of the implementation for the application.
+
+\section{Problem}
+    Keeping track of each company\textquoteright s compliance to a specific standard is a lengthy and potentially expensive task since it can be very difficult to maintain without the use of an external service or consultant. Due to the time and experience level required, it is unlikely to be a task a system administrator would be able to perform in addition to their other responsibilities, and a specialist will, in all likelihood, be too expensive for most SMEs.
+
+    An automatically generated cyber security compliance form engine, could provide a low cost, time efficient solution for businesses that need a flexible, customisable way of tracking their partner\textquoteright s compliance - or their own compliance - with multiple standards.
+
+\section{Aim}
+    Ultimately, the goal of the project is to enable organisations to maintain and improve their cyber security by adhering to various compliance standards, such as the guidelines set out by the UK government's Cyber Essentials scheme. The scheme aims to protect organisations from a range of attacks that could be carried out by relatively unskilled individuals - the most common cyber threat to businesses. \cite{CyberEssentials}
+
+    \subsection{Research}
+        A thorough review of relevant literature will be required to fully understand the problem and the existing solutions, if any exist. If they do, an assessment of possible improvements that could be made to those solutions should also be executed. A chapter detailing the analysis of the requirements for the project will be required to determine and gauge the feasibility and enable the planning and design of the application itself. This should include an assessment of likely risks to the project.
+
+    \subsection{Development and Testing}
+        The implementation of the web application, in a manner which allows for easy maintenance, extensions and other improvements at a later date, is essential. To ensure the functionality of all parts of the application, a testing system should also be implemented - set up as continuous integration with regression testing. This software validation should be automated for consistency and to save time. 
+    
+    \subsection{Analysis}
+        An analysis of the results of the testing and of the implementation should be carried out after it is finalised, to establish adherence to the designs and assure the quality of the code. 
+
+    \subsection{Evaluation}
+        An evaluation of the whole project including its management should be performed. Finally, a summary of possible future work that could be carried out should be developed, to improve upon this project and/or extend it.
+
+\section{Functionality}
+    The goal of the application is to have a system that will generate and store compliance forms for the end-user. The forms will be automatically generated via an interface on the application by a user, and accessible by \textquoteleft partners\textquoteright. Partners will be other users that can be added by the primary user, much like friends or followers on a social media application. Users will be able to update the forms\textquoteright\ parameters, and partners will be able to update their answers to the forms, later on. This project is a cloud-based application, and it will deal with cyber security compliance only - no other forms of compliance will be within the scope of this project.
\ No newline at end of file

report/2_BackgroundAndLiteratureReview.tex

+%% ----------------------------------------------------------------
+%% 2_BackgroundAndLiteratureReview.tex
+%% ---------------------------------------------------------------- 
+\chapter{BACKGROUND AND LITERATURE REVIEW}
+
+\section{Crime}
+    There has been a significant increase in cyber-criminal activity in recent years. \cite{GDPR} The methods used by criminals are currently changing as businesses begin to be targeted more frequently than individuals. \cite{GDPR} Cyber crime is growing at a rapid rate, making it increasingly troublesome for regulations and legislation to keep pace, resulting in outdated laws that are often unfit for purpose. \cite{GDPR}
+
+\section{Supply Chains}
+    Supply chain management is a process essential for connecting major business actions and behaviours both internally and between organisations into a capable and effective business model. \cite{CSCRM} It encompasses all logistics management endeavours, not to mention manufacturing operations, and it drives the coordination of activities across multiple business areas including; marketing, sales, product design, finance, and IT. \cite{CSCRM}
+
+    \subsection{Supply Chain Security}
+        Supply chain security concentrates on the threats linked to an organisation\textquoteright s suppliers of goods and services, many of which potentially have considerable access to assets belonging to the company or to its customer data. \cite{CombattingCyberRisks}
+
+\section{Compliance}
+    Compliance is a crucial, costly, and complex issue for any company to deal with. \cite{ComplianceGovernance} It relates to the conformance to a set of laws, regulations, policies, or best practices known as standards. \cite{ComplianceGovernance} 1Organisations can be required to take steps to put policies and controls in place that ensure conformity with the regulations outlined in their given compliance standard(s), the purpose of which is to safeguard the organisation against security threats.
+
+    \subsection{Compliance in Cyber Security}
+        Cyber security is the aggregate of technologies, processes, and practices, which were designed to shield computer networks, software, and data from loss, theft, or manipulation. \cite{CSCRM} Cyber security standards have existed for a long time, affecting the necessary policies and practices of individuals and organisations over the last several decades. \cite{StanfordConsortium} Various regulations and legislation often struggle to keep up with the latest cyber threats due to the rapid evolution of the field. \cite{GDPR} As a result of the expanding pool of available tools, there is an ever-increasing number of people able to access the world of cyber crime. This makes it all the more crucial that conforming to the latest standards becomes an imperative for every company, regardless of the size of the enterprise. The hope for this project is that it will help to enable organisations to achieve compliance with any given standard in a cost effective manner.
+
+    \subsection{Cyber Essentials}
+        The UK Government worked with a number of other institutions to develop Cyber Essentials, a set of basic standards to help organisations defend themselves from common security threats online. \cite{CyberEssentials} The scheme is designed to prevent unskilled individuals from being able to find basic vulnerabilities in an organisation by providing advice, and two different levels of certification; \textquotedblleft Cyber Essentials\textquotedblright\ and \textquotedblleft Cyber Essentials Plus\textquotedblright. The former is a self-assessment designed to be light-weight and easy to follow, while in the latter, a certification body carries out the verification of the organisation\textquoteright s cyber security, instead of it being done by the company in question.
+
+\section{Impacts}
+    Cyber attacks are financially devastating and disrupting to people and businesses. Successful attacks have the potential to expose personal information, leaving the victims of these security breaches vulnerable to fraud. \cite{CyberCrime} Victims are also left vulnerable to further attacks, using the information previously gathered by attackers.
+        
+    \subsection{The Effect on Business and Loss of Confidence}
+        According to a survey by Ping Identity (a company that sells a number of cloud and software identity security solutions), 75\% of people stop engaging with a brand online following a data breach, as well as 59\% saying they were not willing to sign up to use an online service or application that had recently experienced a data breach. \cite{ITGovernance} In spite of this, a staggering 56\% said they were unwilling to pay any amount of money for additional security to protect their personal information. \cite{ITGovernance}
+
+    \subsection{Legal consequences}
+        GDPR requires proper management of all the personal information held by an organisation. \cite{BusinessInfo} If this information is compromised, and that organisation has neglected to deploy basic security measures, it is possible they will face fines and regulatory sanctions. \cite{BusinessInfo}
+
+
+\section{Case Study: Pouring Pounds Ltd}
+    Two cashback sites owned by Pouring Pounds Ltd were found to have leaked two terabytes worth of personally identifiable information and account data. This was made possible because of an unprotected database, which could be accessed through an exposed port on the company's server. The leak occurred in October 2019 and has affected approximately 3.5 million individuals. \cite{z6mag}
+
+
+\section{Previous and Similar Work}
+    Below is an overview and evaluation of two other products found during background research for the project.
+
+    \subsection{Formstack}
+        Formstack boasts a drag and drop interface to allow quick and easy customisation of a form you create, with various components for different data types and layouts and you can see your changes in real time. The product is aimed at developers and non-technical people, offering a time-saving way to build forms for a wide variety of different functions, including collecting payments, gathering customer data and automating day-to-day tasks. \cite{Formstack}
+
+        At the time of writing, the product has multiple pricing tiers, starting from \$19 USD per month with 'Bronze' and ending up at a \$249 USD per month for 'Platinum', which includes \textquotedblleft Advanced data collection features \& priority support\textquotedblright. \cite{Formstack} There is also an 'Enterprise' edition, however pricing for that seems to be on a case-by-case basis.
+
+        \begin{figure}[H]
+            \center
+            \includegraphics[height=90mm, width=145mm]{../figures/FormstackUserInterface1}
+            \caption{Formstack User Interface 1}
+        \end{figure}
+
+        \begin{figure}[H]
+            \center
+            \includegraphics[height=90mm, width=145mm]{../figures/FormstackUserInterface2}
+            \caption{Formstack User Interface 2}
+        \end{figure}
+    
+    \subsection{Device Magic}
+        With a broad focus that includes; job reports, inspections, audits, work orders and invoices, Device Magic is a data collection application that allows users to create and complete mobile forms. \cite{DeviceMagic} One of the key selling points is the ability to use all the features of the app when offline. It possesses an easy-to-use drag and drop user interface similar to that of Formstack and also allows users to preview forms in mobile format when creating them on a desktop. \cite{DeviceMagic} It also features the capability to capture rich data (such as images), and to automate workflows, for example, allowing a form submission to trigger another form to be sent. \cite{DeviceMagic}
+
+        \begin{figure}[H]
+            \center
+            \includegraphics[height=100mm, width=145mm]{../figures/DeviceMagicUserInterface1}
+            \caption{Device Magic User Interface 1}
+        \end{figure}
+
+        \begin{figure}[H]
+            \center
+            \includegraphics[height=100mm, width=145mm]{../figures/DeviceMagicUserInterface2}
+            \caption{Device Magic User Interface 2}
+        \end{figure}
+    
+    \subsection{Evaluation and Comparison of Existing Products}
+        The range of customisations available in Formstack and Device Magic make them a generic solution in comparison to the specialised nature of proposed in this project. CompForge will have a more streamlined interface and method for form creation. Compliance forms have a more straightforward and predictable structure, a fact which was taken advantage of during the design phase (see Chapter 4: Design).
\ No newline at end of file

report/2_Chapter2.tex

-%% ----------------------------------------------------------------
-%% Chapter2.tex
-%% ---------------------------------------------------------------- 
-\chapter{Background and Literature Review} \label{Chapter:two}

report/3_Chapter3.tex

-%% ----------------------------------------------------------------
-%% Chapter3.tex
-%% ---------------------------------------------------------------- 
-\chapter{Designs} \label{Chapter:three}
\ No newline at end of file

report/4_Chapter4.tex

-%% ----------------------------------------------------------------
-%% Chapter4.tex
-%% ---------------------------------------------------------------- 
-\chapter{Implementation} \label{Chapter:four}
\ No newline at end of file

report/4_Design.tex

+%% ----------------------------------------------------------------
+%% 4_Design.tex
+%% ---------------------------------------------------------------- 
+\chapter{DESIGN}
+
+The design of the web application will be based on the requirements established in the previous chapter, coupled with standards for user friendly interfaces and the user experience.
+
+\section{Conducting User Research}
+    In order to design a good user interface, one needs to take into account who the user is and what kind of interface will suit them.
+
+    In an SME, any one person could be in charge of compliance, from an employee in IT to someone in an administration role or even the CEO. In light of the fact that the application must allow for both technical and non-technical users, the design must be as accessible as possible. In order to ensure accessibility, the application will be designed with non-technical users in mind, and to that end will also be tested and evaluated by them.
+
+    \subsection{Competitor Research}
+        Existing products have been evaluated in chapter 2. As previously stated, the design of these products is unnecessarily bloated for the purpose of producing cyber security compliance forms. Such products are designed to generate many other form types, whereas this product capitalises on the simple structure of compliance to streamline the design of the tool needed to build them.
+
+    \subsection{User Personas}
+        Creating personas allows the production of dependable, authentic representations of the target user group, in order to perform stakeholder analysis. \cite{Personas}
+
+        \begin{itemize}
+            \item
+                Alan is a 35-year-old head of IT at a small company. He is very capable when it comes to maintaining the company's network and cyber security, but does not know anything about the level of security at other organisations in his company's supply chain. He knows that those organisations could be compromised and used as an attack vector to infiltrate the company network and steal valuable data or do other serious harm.
+
+            \item
+                Emily is a 22-year-old computer science graduate, tasked with producing some cyber security best practices for her company to follow, in order for it to fend off the basic attacks that could be carried out by an unskilled individual. She knows about cyber security best practices from some of her modules at university but is not sure where to start with producing compliance forms for her company to follow.
+
+            \item
+                Bob is a 57-year-old systems administrator at a medium sized company that has just undergone a merger with another firm. He is tasked with combining the cyber security compliance standards that both old companies were using into a single standard for the new company to follow.
+        \end{itemize}
+
+
+\section{User Flows and Wireframes}
+    This section will illustrate the flow of the application from beginning to end, similar to the flow charts in chapter 3, but with wireframes representing the UI and how each page will transition to another.
+
+    \subsection{Wireframes} % 2D outline of single page
+        TODO: Sign in / Sign up wireframe
+
+
+
+        TODO: Dashboard wireframe
+
+        TODO: Create a Form wireframe
+
+        TODO: Add a Partner wireframe
+
+    \subsection{Flow Charts} % Map journey
+        TODO: Minified versions of the wireframes with arrows showing flow of the application...
+
+
+\section{Material-UI}
+    Material-UI is a popular React UI framework for faster and easier web development. It has a massive suite of components that help with building a fully customisable UI, it is incredibly well documented, and it receives regular monthly updates from its developers. For these reasons, Material-UI has been used for many of the components in the project in order to increase development speed.
+
+
+\section{Minimum Viable Product}
+    The Minimum Viable Product (MVP) is the encapsulation of the core features that allow an application to function. While not fully functional, it will have the necessary functionality to allow the application to work at its most basic level, and it provides a solid starting point for a project to work towards.
+
+    In the case of CompForge, the core features have been listed below:
+
+    \begin{itemize}
+        \item Register
+        \item Sign in
+        \item Sign out
+        \item Create Form
+        \item View Form
+        \item Share Form
+        \item Delete Form
+        \item Submit Form
+    \end{itemize}
+
+    \begin{itemize}
+        \item Edit Form
+        \item Add Partner
+    \end{itemize}
\ No newline at end of file

report/5_Chapter5.tex

-%% ----------------------------------------------------------------
-%% Chapter5.tex
-%% ---------------------------------------------------------------- 
-\chapter{Testing and Software Validation} \label{Chapter:five}
\ No newline at end of file

report/5_Implementation.tex

+%% ----------------------------------------------------------------
+%% 5_Implementation.tex
+%% ---------------------------------------------------------------- 
+\chapter{IMPLEMENTATION}
+
+\section{Project Development Objective}
+    The objective of this project was to produce a web application that would allow an organisation to create, store and share and submit completed compliance forms, in order to reduce the cost of tracking and maintaining compliance to any cyber security standard.
+    
+    \subsection{Functionality}
+        The application, called CompForge, allows a user to create custom compliance forms, which are stored on a serverless database, hosted on Google Firebase. These forms can be shared with partners - other users that are added in a similar fashion to friends or followers on social media. When a form is shared with a partner, that partner can complete and return it to the original user, with their given responses to each question.
+
+
+\section{Technologies}
+    The implementation of a variety of different features was required to complete the application and this required the employment of a number of different technologies. Requirements included a fast and flexible frontend framework to reduce loading times and adapt quickly to changes from the backend, a real-time database to send those changes to the frontend, and good out-of-the-box security.
+
+    \begin{table}[H]
+        \centering
+        \begin{tabular}{|c|c|c|}
+            \hline
+            Tool/Library & Purpose & Justification\\
+            \hline
+            \hline
+            \multicolumn{3}{|c|}{Application}\\
+            \hline
+            \hline
+            \makecell{React} & \makecell{Front end development} & \makecell{Reusable components,\\development speed,\\ reduced loading times}\\
+            \hline
+            \makecell{React Router} & \makecell{Navigation between\\virtual pages} & \makecell{Reduced loading times}\\
+            \hline
+            \makecell{Material-UI} & \makecell{Flexible pre-built\\components} & \makecell{Development speed}\\
+            \hline
+            \makecell{create-react-app} & \makecell{Quick start\\for React apps} & \makecell{Development speed}\\
+            \hline
+            \makecell{Firebase} & \makecell{Backend as a Service} & \makecell{Development speed,\\no need to\\setup and maintain\\own server}\\
+            \hline
+            \makecell{Firebase Authentication} & \makecell{Authentication as a Service} & \makecell{Development speed,\\security}\\
+            \hline
+            \makecell{Firestore} & \makecell{Serverless real-time\\NoSQL database} & \makecell{Development speed,\\real-time updates}\\
+            \hline
+            \makecell{Firebase CLI} & \makecell{Utility for\\administering\\Firebase projects} & \makecell{Configuration of\\React-Firebase connection}\\
+            \hline
+            \hline
+            \multicolumn{3}{|c|}{Report}\\
+            \hline
+            \hline
+            \makecell{Latex} & \makecell{Document preparation system} & \makecell{Produces refined and\\polished PDF reports}\\
+            \hline
+            \makecell{TikZ} & \makecell{Latex library for\\drawing and\\diagram creation} & \makecell{Creation of clean wireframes\\and UML diagrams}\\
+            \hline
+            \hline
+            \multicolumn{3}{|c|}{Miscellaneous}\\
+            \hline
+            \hline
+            \makecell{GitLab} & \makecell{Version control system} & \makecell{Project planning and\\code management}\\
+            \hline
+            \makecell{Batch \& WSL} & \makecell{Scripting \& providing\\Linux commands\\on Windows} & \makecell{Latex build and\\clean up script\\(see appendix)}\\
+            \hline
+        \end{tabular}
+        \caption{Technologies and Justifications for Use}
+    \end{table}
+
+    \subsection{React}
+        React is a JavaScript library specialising in the development of user interfaces, developed and maintained by Facebook. \cite{React} React was chosen as the medium for the frontend due to it's manipulation of the virtual DOM, which reduces loading times; reusable components to increase development speed, and built-in defence against Cross Site Scripting attacks. Given that the core of the application involves user inputting data to forms, the latter is especially important.
+
+        \subsubsection{Redux/Thunk}
+            Redux was utilised to manage the state of the application, including the user's data, and whether they are authenticated. Redux imposes certain restrictions when it comes to state management, increasing a developer's control over how and when the state can be updated.
+
+            To change the application's state, you need to dispatch an action (a JavaScript object). The action and the application's current state are passed into a JavaScript function, called a reducer. A reducer takes these two parameters and returns the new state of the application. Usually the state of an application will be quite large, so instead of managing the entire state with a single reducer, multiple reducers are written to manage different parts of the state.
+
+            Thunk allows asynchronous logic to interact with the state. It was used in CompForge to do ...
+
+        \subsubsection{Code Structure}
+            The structure of the React frontend is heavily influenced by create-react-app - a tool used in this project to get a head start on the setup and configuration of the frontend application. Since there is no recommended way to structure React projects, my opinion on the best way to do this for the remainder source code was to group by page, thereby simplifying the process of finding and editing related components.
+
+        \subsubsection{Single Page Application and Routing}
+            Another reason for using the create-react-app tool is that it initialises the application as a single-page application (SPA), which further reduces the loading time for users. As an SPA, the entire frontend is loaded when the user enters the application, and it is not necessary to load anything further, even when navigating the app. From there all the routing between the different pages is done by React Router, a library of React components that are used to navigate between pages in an SPA. However, everything in React is a component, including the \textquoteleft pages\textquoteright, and so the beauty of React Router is that it allows redirection between components, and as such, will only need to re-render the relevant component(s) that are being loaded to the screen, as opposed to the entire page.
+
+        \subsubsection{Node.js}
+            Node is a free cross platform open source server environment that runs JavaScript. It was used in this project as a local testing environment as it allows the React project to run on a local development server. Node also manages a range of modules that the project was dependent on, including Material-UI, and the Firebase CLI.
+    
+    \subsection{Google Firebase}
+        Firebase is Google's mobile application development platform. \cite{Firebase} It is used by many large applications such as Lyft, Venmo and Trivago for its multitude of services including hosting, authentication, database, storage, and functions.
+
+        \subsubsection{Firestore}
+            The benefit of using Firebase's database (called Firestore) is that data sent to the database is immediately forwarded on to relevant interested instances of the application, so changes made by one user can update another user in close to real time. In addition, you can add multiple apps to the service and they will all share the same database, making maintaining the application across multiple platforms, like Web, iOS and Android far easier, however, this project is only a web application.
+        
+        \subsubsection{Serverless Architecture}
+            Serverless architecture is the model Firebase uses as its platform. It is not, in fact, serverless as the name suggests. It simply means that the need for server software and hardware management by the developer is erased, because the infrastructure is provided by a host, like Firebase. This allows for improved scalability for hosted applications.
+
+\section{Progression}
+    This section describes the progression of the implementation during each sprint. The original plan for these sprints is laid out in chapter 8. Much of the implementation took longer than expected due to the fact it was the first time many of the technologies were being used, resulting in a steep learning curve for myself.
+
+    \subsection{Sprint 1}
+        The implementation started with the installation and running of create-react-app to kickstart frontend development. From there Material-UI components were used and tweaked alongside custom code to construct the \textquotedblleft Dashboard\textquotedblright\, and \textquotedblleft Create a Form\textquotedblright\ pages. Below is a screenshot of an early iteration of the dashboard.
+
+        \begin{figure}[H]
+            \center
+            \includegraphics[height=100mm, width=145mm]{../figures/Dashboard (hardcoded)}
+            \caption{Dashboard}
+        \end{figure}
+
+    \subsection{Sprint 2}
+        A \textquoteleft Compforge\textquoteright\ project was created on Firebase. Some configuration in the React code ws needed to connect to the project's Firestore. In addition, a lot of work was done to implement the Redux/Thunk reducers and actions needed to store and manipulate the state of the application.
+
+        \begin{figure}[H]
+            \center
+            \includegraphics[height=100mm, width=145mm]{../figures/Firebase}
+            \caption{Firestore}
+        \end{figure}
+
+    \subsection{Sprint 3}
+        With the basics finished, the next step was to set up authentication and user accounts, implemented using Firebase Authentication. For simplicity, I only configured sign ups by email, though it is possible to set up authentication via many other methods in Firebase namely; phone number, Google, Facebook, Twitter, GitHub, Yahoo, Microsoft and Apple accounts. Once accounts and authentication were completed, the frontend needed a \textquoteleft Sign up\textquoteright\ and \textquoteleft Sign in\textquoteright\ page. Using a Material-UI template, some configuration of the React code, as well as adjustments to the routing, the ability to sign up, sign in and sign out was added to the web app.
+
+    \subsection{Sprint 4}
+        After user accounts had been set up, the had been to implement the partner system. However, due to time constraints (discussed further in Chapter 7: Evaluation) this requirement was removed. Instead work focused on finishing the MVP; saving forms from the form creation page to Firestore, and the ability to share forms direct to users via their email addresses.
+
+    \subsection{Sprint 5}
+        The final requirements were for a user to create submissions for forms that are shared with them, and to view forms and submissions. After creating a frontend page for completing and submitting a form, and adding it to the routing, the submissions were stored in Firestore in their own collection.
+
+    \subsection{Sprint 6}
+        Refinements to the UI were made to improve the user experience, including changes to the columns shown on the form table on the dashboard. Some compiler warnings were also cleared and links between the \textquotedblleft sign in\textquotedblright\ and \textquotedblleft sign up\textquotedblright\ pages were created.
\ No newline at end of file