docs(obj): update

Author: SamyOubouaziz

pages/object-storage/how-to/create-compliant-bucket.mdx

@@ -17,7 +17,7 @@ Adhering to these guidelines helps safeguard sensitive information against unaut
 - A Scaleway account logged into the [console](https://console.scaleway.com)
 - [Owner](/iam/concepts/#owner) status or [IAM permissions](/iam/concepts/#permission) allowing you to perform actions in the intended Organization
 
-## How to create a compliant Object Storage bucket to host healthcare data
+## How to create a compliant bucket
 
 Even though you can use an existing bucket to host healthcare data, we strongly recommend you create a dedicated bucket for this purpose. This is to make sure that no lifecycle rule exists, and that every object uploaded to this bucket is properly encrypted.
 
@@ -37,25 +37,45 @@ Even though you can use an existing bucket to host healthcare data, we strongly
 
 8. Optionally, you can use the cost estimator to simulate your Object Storage costs.
 
-10. Click **Create bucket** to confirm.
+9. Click **Create bucket** to confirm.
 
-Your bucket is now ready to store healthcare data. Refer to the section below for information on how to encrypt your objects.
+Your bucket is now ready to store healthcare data. Before uploading objects, refer to the sections below for information on how to encrypt and delete your objects in compliance with regulations.
 
-## Compliant methods to encrypt objects
+## Prohibited actions on a compliant Bucket
 
-Objects in a compliant bucket must be encrypted to make sure data is protected. To achieve this, several options are available:
+to host healthcare data, you must comply to the following requirements:
 
-- Scaleway's SSE-C (**S**erver-**S**ide **E**ncryption with **C**ustomer-provided keys) mechanism garantees that objects uploaded to the bucket are properly encrypted.
+- You must not use the [Glacier](/object-storage/concepts/#storage-classes) storage class. Refer to the [Shared responsibility model]() for more information on this requirement.
 
-- Customer-side encryption mechanisms to upload objects that are already encrypted. This method must be used in combination with [Scaleway's HDS-compliant deletion method]().
+- You must not use [lifecycle rules](/object-storage/concepts/#lifecycle-configuration) in your compliant bucket.
 
-## Compliant methods to delete objects
+## How to encrypt objects
 
-### SSE-C
+Objects in a compliant bucket must be encrypted to make sure data is protected. To achieve this, you can either use Scaleway's SSE-C feature, or encrypt objects yourself before uploading them to your bucket.
+
+### Encryption with SSE-C
+
+Scaleway's SSE-C (**S**erver-**S**ide **E**ncryption with **C**ustomer-provided keys) mechanism garantees that objects uploaded to the bucket are properly encrypted.
+
+You can check that your objects are propery encrypted by performing a simple `HeadObject` operation on an encrypted object. Scaleway Object Storage will return a `400` error if SSE-C has been used to upload this object.
+
+Refer to the [dedicated documentation](/object-storage/api-cli/enable-sse-c/) for comprehensive information on how to encrypt objects using SSE-C.
+
+### Customer-side encryption
+
+Customer-side encryption ensures that sensitive data is protected before reaching Scaleway Object Storage, giving you control on the encryption mechanism, and keys managemnent. This method must be used in combination with [Scaleway's HDS-compliant deletion method]().
+
+## How to delete objects
+
+Objects must be deleted following in a compliant way to make sure data cannot be retrieved afterward. The deletion method varies according to the encryption method.
+
+### Deleting objects encrypted with SSE-C
 
 If you use Scaleway's SSE-C to encrypt your data, using [DeleteObject](/object-storage/api-cli/object-operations/#deleteobject) is sufficient to garantee that your object is deleted in compliance with the regulatory requirements. 
 
-### Customer-side encrpytion methods
+### Deleting objects with customer-side encrpytion
+
+If you do not use Scaleway's SSE-C to encrypt your data, you must use Scaleway's HDS-compliant method to delete objects. You must enable bucket encryption beforehand, using the `PutBucketEncryption` operation. 
 
 <Message type="note">
 This mechanism is designed to handle compliant deletion of your data, and not its encryption. Make sure to use it in combination with a compliant encryption method, such as SSE-C or any other customer-side approach to upload your objects.
@@ -65,11 +85,17 @@ This mechanism is designed to handle compliant deletion of your data, and not it
 
 Make sure that your bucket follows the requirements below:
 
-- Your bucket must be created in the **France - Paris** (`fr-par`) region.
-- Your bucket must not have active lifecycle rules
-- Your objects within this bucket must not be stored using the **Glacier** storage class.
-- You must use a valid encryption and deletion method (as explained above)
-- You must follow the provided security best practices at all times
+1. Make sure you [created your bucket](#how-to-create-a-compliant-bucket) in the **France - Paris** (`fr-par`) region.
+
+2. Make sure that there is no active lifecycle rules for your bucket.
+
+3. Make sure that your objects within this bucket are not stored using the **Glacier** storage class.
+
+4. Use a valid [encryption method](#how-to-encrypt-objects).
+
+4. Use a valid [deletion method](#how-to-delete-objects).
+
+6. Follow the provided security best practices at all times.
 
 ## Enforcing compliance using bucket policies