From 1260a56a7ffb236b73f80f4f984dca17cb4e9411 Mon Sep 17 00:00:00 2001 From: Samy OUBOUAZIZ Date: Fri, 28 Nov 2025 17:21:40 +0100 Subject: [PATCH 1/4] docs(blk): add hds doc --- .../how-to/host-healthcare-data.mdx | 72 +++++++++++++++++++ pages/block-storage/menu.ts | 4 ++ 2 files changed, 76 insertions(+) create mode 100644 pages/block-storage/how-to/host-healthcare-data.mdx diff --git a/pages/block-storage/how-to/host-healthcare-data.mdx b/pages/block-storage/how-to/host-healthcare-data.mdx new file mode 100644 index 0000000000..050802ea9e --- /dev/null +++ b/pages/block-storage/how-to/host-healthcare-data.mdx @@ -0,0 +1,72 @@ +--- +title: How to create a compliant volume to host healthcare data +description: This page details the steps to follow to create a compliant Scaleway Block Storage volume to host healthcare data +tags: +dates: + validation: 2025-11-12 + posted: 2025-11-12 +--- +import Requirements from '@macros/iam/requirements.mdx' + +When hosting healthcare data using Scaleway Block Storage, you must follow the recommendations outlined in the [shared responsibility model](/block-storage/reference-content/storage-shared-responsibility-model/) to ensure compliance with legal and regulatory requirements, such as data protection laws, and industry standards. + +Adhering to these guidelines helps safeguard sensitive information against unauthorized access, breaches, and data loss, while also clarifying the roles and responsibilities between the cloud provider and the customer. + +This documentation provides the following elements: + +- A procedure to create a compliant volume +- Compliant encryption methods +- Compliant deletion methods +- A checklist to ensure you are ready to safely store healthcare data + + + +- A Scaleway account logged into the [console](https://console.scaleway.com) +- [Owner](/iam/concepts/#owner) status or [IAM permissions](/iam/concepts/#permission) allowing you to perform actions in the intended Organization +- Signed an HDS contract with Scaleway for the guarantees outlined in the [shared responsibility model](/block-storage/reference-content/storage-shared-responsibility-model/) to apply + +## How to create a compliant volume + +To host healthcare data in compliance with HDS requirements, you must create a new Block Storage volume. + +1. Click **Block Storage** in the **Storage** section of the side menu. The Block Storage page displays. +2. Click **+ Create volume**. +3. Follow the steps in the creation wizard: + - Select an [Availability Zone](/instances/concepts/#availability-zone) within the ¨**PARIS** region. + - Configure the volume: + - Enter a name for your volume or leave the automatically generated name. + - Select an [IOPS](/block-storage/concepts/#iops) option. You cannot edit the IOPS of a volume after its creation. + - Define a volume size of at least 5 GB. + - Optionally, select an **HDS-compliant Instance** from the drop-down to attach your volume. The Instance must be within the same Availability Zone as your volume. + - Verify the estimated cost. +4. Click **Create volume**. The volumes overview page displays. + +## How to encrypt data + +To guarantee compliance with HDS requirements, must proactively encrypt data stored on the Block Storage volume using a reliable mechanism, such as [LUKS](https://en.wikipedia.org/wiki/Linux_Unified_Key_Setup). + +Refer to the dedicated documentation for comprehensive information on [how to encrypt volumes using Cryptsetup with LUKS](/tutorials/encrypt-volumes/). + +## How to delete data + +Data must be deleted in a compliant way to make sure data can not be retrieved by any means immediately afterward. + +To do so, delete data from your volume as you would with a standard Block Storage volume, then delete the encryption keys used to encrypt the deleted data. + +## Compliant volume creation checklist + +Make sure that your volume follows the requirements below: + +1. Make sure you are using a **new** Block Storage volume. + +2. Make sure you [created your volume](#how-to-create-a-compliant-volume) in an Availability Zone within the **France - Paris** region (`fr-par-1`, `fr-par-2`, `fr-par-3`). + +3. Use a [proactive encryption method](#how-to-encrypt-data) to encrypt your data. + +4. Follow the provided security best practices at all times. + + +Failure to comply with this requirement may lead to voiding compliance on the data contained in the volume. + + +Refer to the [Storage Shared Responsibility Model](/block-storage/reference-content/storage-shared-responsibility-model/) for comprehensive information on the legal framework to host healthcare data. \ No newline at end of file diff --git a/pages/block-storage/menu.ts b/pages/block-storage/menu.ts index bfa5da0c55..c80f4404fd 100644 --- a/pages/block-storage/menu.ts +++ b/pages/block-storage/menu.ts @@ -30,6 +30,10 @@ export const blockStorageMenu = { label: 'Mount a volume', slug: 'mount-a-volume', }, + { + label: 'Host healthcare data (HDS)', + slug: 'host-healthcare-data', + }, { label: 'Increase the volume size', slug: 'increase-block-volume', From 498ecb8674663dd7f8eb994ab80a474b7b90c342 Mon Sep 17 00:00:00 2001 From: Samy OUBOUAZIZ Date: Mon, 1 Dec 2025 10:56:00 +0100 Subject: [PATCH 2/4] docs(blk): update --- pages/block-storage/how-to/host-healthcare-data.mdx | 7 ------- 1 file changed, 7 deletions(-) diff --git a/pages/block-storage/how-to/host-healthcare-data.mdx b/pages/block-storage/how-to/host-healthcare-data.mdx index 050802ea9e..9efbceb404 100644 --- a/pages/block-storage/how-to/host-healthcare-data.mdx +++ b/pages/block-storage/how-to/host-healthcare-data.mdx @@ -12,13 +12,6 @@ When hosting healthcare data using Scaleway Block Storage, you must follow the r Adhering to these guidelines helps safeguard sensitive information against unauthorized access, breaches, and data loss, while also clarifying the roles and responsibilities between the cloud provider and the customer. -This documentation provides the following elements: - -- A procedure to create a compliant volume -- Compliant encryption methods -- Compliant deletion methods -- A checklist to ensure you are ready to safely store healthcare data - - A Scaleway account logged into the [console](https://console.scaleway.com) From b452842b225c37557bc4df48e15d91dcbb7ed8b8 Mon Sep 17 00:00:00 2001 From: Samy OUBOUAZIZ Date: Mon, 1 Dec 2025 11:27:06 +0100 Subject: [PATCH 3/4] docs(blk): update --- .../how-to/host-healthcare-data.mdx | 20 +++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/pages/block-storage/how-to/host-healthcare-data.mdx b/pages/block-storage/how-to/host-healthcare-data.mdx index 9efbceb404..fc27535c3b 100644 --- a/pages/block-storage/how-to/host-healthcare-data.mdx +++ b/pages/block-storage/how-to/host-healthcare-data.mdx @@ -25,7 +25,7 @@ To host healthcare data in compliance with HDS requirements, you must create a n 1. Click **Block Storage** in the **Storage** section of the side menu. The Block Storage page displays. 2. Click **+ Create volume**. 3. Follow the steps in the creation wizard: - - Select an [Availability Zone](/instances/concepts/#availability-zone) within the ¨**PARIS** region. + - Select an [Availability Zone](/instances/concepts/#availability-zone) within the **PARIS** region. - Configure the volume: - Enter a name for your volume or leave the automatically generated name. - Select an [IOPS](/block-storage/concepts/#iops) option. You cannot edit the IOPS of a volume after its creation. @@ -36,7 +36,7 @@ To host healthcare data in compliance with HDS requirements, you must create a n ## How to encrypt data -To guarantee compliance with HDS requirements, must proactively encrypt data stored on the Block Storage volume using a reliable mechanism, such as [LUKS](https://en.wikipedia.org/wiki/Linux_Unified_Key_Setup). +To guarantee compliance with HDS requirements, you must proactively encrypt data stored on the Block Storage volume using a reliable mechanism, such as [LUKS](https://en.wikipedia.org/wiki/Linux_Unified_Key_Setup). Refer to the dedicated documentation for comprehensive information on [how to encrypt volumes using Cryptsetup with LUKS](/tutorials/encrypt-volumes/). @@ -46,6 +46,18 @@ Data must be deleted in a compliant way to make sure data can not be retrieved b To do so, delete data from your volume as you would with a standard Block Storage volume, then delete the encryption keys used to encrypt the deleted data. +## Prohibited actions on a compliant volume + +To host healthcare data, you must comply with the following requirements: + +- You must not use an existing Block Storage volume. + +- You must not export snapshots to an Object Storage bucket located outside the **PARIS** region. + + +Failure to comply with this requirement may lead to voiding compliance on the data contained in the volume. + + ## Compliant volume creation checklist Make sure that your volume follows the requirements below: @@ -58,8 +70,4 @@ Make sure that your volume follows the requirements below: 4. Follow the provided security best practices at all times. - -Failure to comply with this requirement may lead to voiding compliance on the data contained in the volume. - - Refer to the [Storage Shared Responsibility Model](/block-storage/reference-content/storage-shared-responsibility-model/) for comprehensive information on the legal framework to host healthcare data. \ No newline at end of file From 9e0836281437d96fab9e5bbbeb34999032a9240a Mon Sep 17 00:00:00 2001 From: Samy OUBOUAZIZ Date: Mon, 1 Dec 2025 15:02:49 +0100 Subject: [PATCH 4/4] docs(blk): update --- pages/block-storage/how-to/host-healthcare-data.mdx | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pages/block-storage/how-to/host-healthcare-data.mdx b/pages/block-storage/how-to/host-healthcare-data.mdx index fc27535c3b..f71f1751f9 100644 --- a/pages/block-storage/how-to/host-healthcare-data.mdx +++ b/pages/block-storage/how-to/host-healthcare-data.mdx @@ -52,10 +52,10 @@ To host healthcare data, you must comply with the following requirements: - You must not use an existing Block Storage volume. -- You must not export snapshots to an Object Storage bucket located outside the **PARIS** region. +- You must not export snapshots to an Object Storage bucket **that is not HDS-compliant**. Refer to the [dedicated documentation](/object-storage/how-to/host-healthcare-data/) to create an HDS-compliant bucket. -Failure to comply with this requirement may lead to voiding compliance on the data contained in the volume. +Failure to comply with these requirements may lead to voiding compliance on the data contained in the volume. ## Compliant volume creation checklist