docs(governance): update compliance and audit documentation for clarity and detail

content/en/docs/governance/compliance-audit/_index.md

@@ -19,7 +19,7 @@ The internal service is officially designated as the [Edge Developer Platform (E
 The decision to utilize **[Forgejo](https://forgejo.org/)** as the core self-hosted Git service was driven by specific strategic requirements:
 
 - **EU-Based Stewardship:** Forgejo is stewarded by **[Codeberg e.V.](https://docs.codeberg.org/getting-started/what-is-codeberg/)**, a non-profit organization based in Berlin, Germany. This alignment ensures compliance with GDPR and data sovereignty requirements, placing governance under EU jurisdiction rather than US tech entities.
-- **License Protection (GPL v3+):** Unlike "Open Core" models, Forgejo uses a copyleft license. This legally protects our custom extensions (such as GARM support) from being appropriated into proprietary software, ensuring the ecosystem remains open.
+- **License Protection (GPL v3+):** Unlike "Open Core" models, Forgejo uses a copyleft license. This legally protects custom extensions developed in this project (such as GARM support) from being appropriated into proprietary software, ensuring the ecosystem remains open.
 - **Open Source Strategy:** The platform aligns with the "Public Money, Public Code" philosophy, mandating that funded developments are returned to the community.
 
 **Access Model:**
@@ -46,7 +46,7 @@ Contributions to the Forgejo community and other open-source projects.
 
 ### Forgejo
 
-We actively contributed our extensions back to the upstream Forgejo project on **[Codeberg.org](https://codeberg.org/)**.
+Project extensions were contributed upstream to the Forgejo project on **[Codeberg.org](https://codeberg.org/)**.
 
 **Key Pull Requests:**
 
@@ -67,7 +67,7 @@ Evidence (internal only):
 - A concrete external workshop session is documented in Confluence: [external stakeholder workshop](https://confluence.telekom-mms.com/spaces/IPCEICIS/pages/936478033/external+stakeholder+workshop) (incl. agenda attachment). Note: the page explicitly contains AI-generated content and should be verified.
 - An internal workshop session with detailed agenda and feedback is documented in Confluence: [internal stakeholder workshop 7.11.](https://confluence.telekom-mms.com/spaces/IPCEICIS/pages/915155061/internal+stakeholder+workshop+7.11.) (also includes AI-generated summary blocks).
 
-### What we learned / decided (PII-free synthesis)
+### Key decisions and learnings (PII-free synthesis)
 
 The workshop and research artifacts consistently point to a few pragmatic decisions and product learnings (summarized here without personal data[^pii-free]):
 
@@ -78,7 +78,7 @@ The workshop and research artifacts consistently point to a few pragmatic decisi
 - **Institutionalize UX feedback loops:** beyond ad-hoc workshops, the work moved towards a repeatable research cadence (panel/community, surveys, and insight logging) to reduce “one-off feedback” risk.
 - **Automated UX testing was formalized as a concrete use case:** a dedicated “use case identification” artifact structures automated UX testing around functional correctness, visual consistency/accessibility, and task-based end-to-end “happy path” flow checks (used as input for the later UX work package stream).
 
-[^pii-free]: PII = “personally identifiable information”. “PII-free synthesis” means we summarize patterns, decisions, and learnings without including names, participant lists, direct quotes, or other details that could identify individuals.
+[^pii-free]: PII = “personally identifiable information”. “PII-free synthesis” means summarizing patterns, decisions, and learnings without including names, participant lists, direct quotes, or other details that could identify individuals.
 
 Later, a dedicated “user experience” focus was strengthened and formalized via a dedicated work package / deliverable stream that explicitly frames UX validation as an activity with objectives, KPIs, and user validation:
 

content/en/docs/governance/project-history/_index.md

@@ -20,9 +20,9 @@ Primary source (internal only): [Confluence: Sub Project Developer Framework](ht
 
 ## Phases and milestones
 
-The following phase model is based on the project artifacts currently present in Confluence and this repository. It is intentionally phrased as “what changed and why”, rather than as a release plan.
+The following phase model is derived from the documented primary sources referenced in this chapter (Confluence and the referenced repositories). The phrasing focuses on “what changed and why”; it is not a release plan.
 
-Terminology note: In this chapter, “Repository” refers to concrete Git repositories used as evidence sources. Unless stated otherwise:
+Terminology: In this chapter, “Repository” refers to concrete Git repositories used as evidence sources. Unless stated otherwise:
 
 - “Repository (this docs repo)” means this documentation repository (“website-and-documentation”), including `/docs-old/`.
 - “Repository (edp-doc)” means the EDP technical documentation repository at (internal only) [edp.buildth.ing/DevFW/edp-doc](https://edp.buildth.ing/DevFW/edp-doc).
@@ -96,7 +96,19 @@ Evidence:
 
 Across the phases above, delivery methods and team process evolved in response to scaling and operational needs:
 
-- Scrum ceremonies and working agreements are documented in Confluence (internal only): [Confluence: How we SCRUM](https://confluence.telekom-mms.com/spaces/IPCEICIS/pages/977833214/How+we+SCRUM).
+- Scrum ceremonies and working agreements are documented in Confluence (internal only): [Confluence: Scrum working agreement](https://confluence.telekom-mms.com/pages/viewpage.action?pageId=977833214).
 - Collaborative delivery techniques (mob / ensemble programming) appear as an explicit practice, including in incident documentation (“Team: Mob”) and internal guidance on sustainable mobbing models.
 
+### Team enablement and skill development (PII-free synthesis)
+
+This section summarizes team enablement and skill development, based on the project’s documented sources, and is presented without personal data[^pii-free]:
+
+- **Baseline skill assumptions**: Kubernetes and GitOps are foundational. The platform architecture explicitly uses Kubernetes and a CNOE-derived stacks concept (see [Platform Orchestration](/docs/edp/deployment/basics/orchestration/)).
+- **Enablement/training happened as part of delivery** (not a separate “academy”): retrospectives and planning explicitly track knowledge-sharing sessions and training topics (internal only, see References).
+- **Kubernetes enablement**: a Kubernetes introduction training was planned as part of team onboarding/enablement activities (internal only; see References).
+- **Go as a relevant skill**: multiple components are implemented in Golang (e.g., EdgeConnect tooling, Forgejo). Internal material discusses Golang developer skill profiles; this docs repo does not contain a single, explicit record of a dedicated “Go training” event.
+- **Skill leveling via collaboration**: Mob Programming is used as a deliberate practice for knowledge sharing and onboarding less experienced developers (see [Forgejo docs entry](/docs/edp/forgejo/)).
+
+[^pii-free]: PII = “personally identifiable information”. “PII-free synthesis” means summarizing patterns and practices without including names, participant lists, or direct quotes that could identify individuals.
+
 See also: the central [References](/docs/governance/references/) index.

content/en/docs/governance/references/_index.md

@@ -12,13 +12,18 @@ This list is an index of links referenced across the Governance chapter, plus th
 - (internal only) Confluence: [System Design](https://confluence.telekom-mms.com/spaces/IPCEICIS/pages/856788272/System+Design) — architecture framing (planes model, baseline preferences, early decision drivers).
 - (internal only) Confluence: [Proof of Concept 2024](https://confluence.telekom-mms.com/spaces/IPCEICIS/pages/902010138/Proof+of+Concept+2024) — PoC scope, goals, and evaluation/acceptance framing.
 - (internal only) Confluence: [Forgejo as a service](https://confluence.telekom-mms.com/spaces/IPCEICIS/pages/999903971/Forgejo+as+a+service) — service decomposition and operational concerns used as evidence for Phase 4.
-- (internal only) Confluence: [How we SCRUM](https://confluence.telekom-mms.com/spaces/IPCEICIS/pages/977833214/How+we+SCRUM) — delivery process reference.
+- (internal only) Confluence: [Scrum working agreement](https://confluence.telekom-mms.com/pages/viewpage.action?pageId=977833214) — delivery process reference.
+- (internal only) Confluence: [Knowledge sharing sessions](https://confluence.telekom-mms.com/spaces/IPCEICIS/pages/999672269/Knowledge+sharing+sessions) — planning table of internal enablement sessions (training topics and facilitation). Note: contains personal data; use only for PII-free synthesis.
+- (internal only) Confluence: [Retro: How to improve our work](https://confluence.telekom-mms.com/spaces/IPCEICIS/pages/895683955/Retro+How+to+improve+our+work) — retrospective notes including explicit calls for Kubernetes training sessions and documentation/working-agreement improvements. Note: contains personal data; use only for PII-free synthesis.
+- (internal only) Confluence: [Retro 15/04/25](https://confluence.telekom-mms.com/spaces/IPCEICIS/pages/999671293/Retro+15+04+25) — retrospective notes showing iteration on ticket sizing, async refinement, and meeting overhead; also references “Knowledge sharing sessions”. Note: contains personal data; use only for PII-free synthesis.
+- (internal only) Confluence: [Retro 13/05/25](https://confluence.telekom-mms.com/spaces/IPCEICIS/pages/999891618/Retro+13+05+25) — retrospective notes explicitly discussing mobbing practices (roles, breaks, splitting mob groups) and knowledge exchange. Note: contains personal data; use only for PII-free synthesis.
+- (internal only) Confluence: [Research Paper Mob Programming](https://confluence.telekom-mms.com/spaces/IPCEICIS/pages/1131139130/Research+Paper+Mob+Programming) — internal background material on mob programming practices and trade-offs. Note: treat as internal working material.
 - (internal only) Confluence: [eDF Stakeholder Workshops](https://confluence.telekom-mms.com/spaces/IPCEICIS/pages/902567168/eDF+Stakeholder+Workshops) — plan for internal/external stakeholder workshops, target groups, and intended outcomes.
 - (internal only) Confluence: [internal stakeholder workshop 7.11.](https://confluence.telekom-mms.com/spaces/IPCEICIS/pages/915155061/internal+stakeholder+workshop+7.11.) — internal stakeholder session agenda and captured feedback (contains AI-generated summary blocks).
 - (internal only) Confluence: [external stakeholder workshop](https://confluence.telekom-mms.com/spaces/IPCEICIS/pages/936478033/external+stakeholder+workshop) — external stakeholder session notes (contains agenda attachment and AI-generated summary blocks).
 - (internal only) Confluence: [Workpackage e.3 - Sustainable-edge-management-optimized user interface for edge developers](https://confluence.telekom-mms.com/spaces/IPCEICIS/pages/1165704046/Workpackage+e.3+-+Sustainable-edge-management-optimized+user+interface+for+edge+developers) — UX-focused workpackage with objectives, KPIs, and “validation with users” framing.
 - (internal only) Confluence: [Deliverable D66 - Sustainable-edge-management-optimized user interface for edge developers](https://confluence.telekom-mms.com/spaces/IPCEICIS/pages/1165704082/Deliverable+D66+-+Sustainable-edge-management-optimized+user+interface+for+edge+developers) — deliverable page including PoC results summary for autonomous UI/UX testing.
-- (internal only) Confluence: [Customer Engagement](https://confluence.telekom-mms.com/spaces/IPCEICIS/pages/1040844220/Customer+Engagement) — research planning cadence (who/why/when), plus synthesized insights/assumptions used to justify PII-free “what we learned” summaries.
+- (internal only) Confluence: [Customer Engagement](https://confluence.telekom-mms.com/spaces/IPCEICIS/pages/1040844220/Customer+Engagement) — research planning cadence (who/why/when), plus synthesized insights/assumptions used to justify PII-free learnings summaries.
 - (internal only) Confluence: [UX Insights and Learnings](https://confluence.telekom-mms.com/spaces/IPCEICIS/pages/1033832272/UX+Insights+and+Learnings) — running log of UX observations and recommended improvements (useful for evidence-backed, non-PII synthesis of recurring friction patterns).
 - (internal only) Confluence: [[IPCEICIS-3703] Use Case identification for automated UX testing](https://confluence.telekom-mms.com/spaces/IPCEICIS/pages/1055949846/IPCEICIS-3703+Use+Case+identification+for+automated+UX+testing) — structured prioritization of automated UX testing scenarios (happy-path smoke flows, functional correctness, visual/accessibility checks). Note: treat as internal working material; do not replicate embedded credentials/content.
 - (internal only) Jira: [IPCEICIS-368](https://jira.telekom-mms.com/browse/IPCEICIS-368) — PoC part 1 traceability anchor.