Data security & compliance · Canada-wide

Certified data destruction — the reason you can sell safely.

Data security is the reason most organizations hesitate to sell or dispose of old IT, so we lead with it and put it in writing. Every data-bearing drive is sanitized to NIST 800-88 and IEEE 2883-2022, with a certificate per drive and a documented chain of custody — aligned to Canada's privacy laws and OSFI Guideline B-13.

NIST 800-88IEEE 2883-2022Certificate per drivePIPEDA · Law 25 · OSFI B-13
NIST 800-88 (HDD)IEEE 2883-2022 (SSD/NVMe)Certificate per driveWitness destruction on requestChain of custodyAligned to Canadian law
Certified data destruction in Canada

The method is matched to the media — and documented per drive.

Different media need different methods, and an auditor wants to see the right one on the certificate. We sanitize spinning disk to NIST 800-88, solid-state to the current IEEE 2883-2022 standard, and physically destroy anything that can't be verifiably wiped. Every drive gets its own certificate, and the whole job travels on a documented chain of custody.

NIST 800-88

The framework auditors default to for media sanitization — Clear, Purge or Destroy, chosen per media and data classification. We default to Purge (which preserves the asset for reuse) and escalate to Destroy where the data or media demands.

Applies to: Enterprise HDD · working media at standard classifications

IEEE 2883-2022

The current authoritative standard for sanitizing solid-state media — it supersedes the older SSD guidance and treats NAND correctly. We apply it to every retiring SSD/NVMe drive, and document the firmware Sanitize and its verification.

Applies to: SSD · NVMe · self-encrypting drives

Physical destruction

For top-classified media, non-functional drives, or where reuse isn't appropriate — shredding or, for magnetic tape, degaussing — with witness or on-site destruction available on request.

Applies to: Top-classified data · dead drives · LTO/DLT tape

Certificate & chain of custody

A per-drive certificate of destruction — the document a regulator, auditor or incident-response team reads — plus a documented chain of custody from collection to settlement.

You receive: Per-drive certificate · signed manifests · chain of custody
Compliance

Aligned to the Canadian rules your auditor asks about

We keep the global destruction standards (NIST, IEEE) and align the process to the Canadian laws that govern your data.

PIPEDA

Canada's federal private-sector privacy law — secure disposal of personal information is a safeguarding obligation.

Quebec Law 25

Quebec's modernized private-sector privacy regime, with strict handling and destruction expectations.

Alberta & BC PIPA

The provincial private-sector privacy acts governing organizations in Alberta and British Columbia.

PHIPA (Ontario)

Ontario's health-information privacy law — relevant when retiring healthcare IT and imaging systems.

OSFI Guideline B-13

Technology and cyber-risk expectations for federally regulated financial institutions.

NIST 800-88 & IEEE 2883

The global sanitization standards we apply everywhere — the method named on every certificate.

What we deliberately don't claim

Honest about our credentials.

A little honesty buys a lot of credibility with compliance buyers, so plainly: we do not claim NAID AAA membership — we operate to a NAID-aligned discipline (vetted operators, witness destruction available, per-asset chain of custody). Where a contract requires AAA certification specifically, we partner with a NAID-AAA-certified destruction subcontractor and document the chain of custody through the partnership. We do not claim R2, e-Stewards or ISO certifications we have not been audited against, and we do not display marks we don't hold. No surprises at the audit.

Data security

Nothing is resold until your data is destroyed.

Everything above exists so one thing is always true: nothing you send us is resold or recycled until its data is destroyed to the right standard and documented.

IT asset disposal →  ·  Data-centre decommissioning →

NIST 800-88 & IEEE 2883Each drive sanitized to the standard for its media type; drives that can't be wiped are physically destroyed through a vetted partner.
Certificate of destructionPer-drive certificate and documented chain of custody — the paperwork your auditor asks for.
NAID-aligned disciplineVetted operators and witness destruction available; AAA certification via a certified subcontractor where a contract requires it.
Why Maxicom

Why sellers choose Maxicom.

We pay, we don't charge

Value recovered and paid in CAD against your PO — not a disposal fee. That single difference is the whole point.

We buy at the source

Direct from businesses, decommissions and the trade — so prices are keener and stock has a known history.

Honest about data & certs

NIST 800-88 / IEEE 2883 with a certificate per drive. No R2, e-Stewards, ISO or NAID AAA badges we don't hold.

We take the whole lot

Mixed conditions, faulty units, whole estates — one deal, not cherry-picking the easy items.

We respect the trade

Resellers' and ITADs' stock moves through our network on NDA, never back into your own market.

Documented, audit-ready

A written line-item offer, chain of custody, and certificates — the paperwork your auditor and privacy officer expect.

Questions

The short answers.

Is a software wipe enough, or do I need physical destruction?
It depends on the media and data classification. For most working drives, NIST 800-88 Purge (HDD) or IEEE 2883 Sanitize (SSD/NVMe) is sufficient and lets the asset be reused. For top-classified data or drives that can't be verifiably wiped, we physically destroy them. We recommend per asset; you approve before the destruction step.
What standards do you destroy data to?
NIST 800-88 for HDD and IEEE 2883-2022 for SSD/NVMe — the current authoritative standards — with physical destruction (shred, or degauss for tape) where required.
What certificate do I get?
A certificate of destruction per drive, with the method and verification recorded, plus a documented chain of custody from collection to settlement.
Which Canadian laws does this align to?
PIPEDA, Quebec Law 25, Alberta and BC PIPA, Ontario PHIPA, and OSFI Guideline B-13 for federally regulated finance.
Are you NAID AAA certified?
We operate to a NAID-aligned discipline but do not claim AAA membership. Where a contract requires AAA certification, we use a NAID-AAA-certified destruction subcontractor and document the chain of custody.
Can we witness the destruction?
Yes — witness or on-site destruction is available on request for sensitive exits, observed by your security or compliance officer.
Do you serve businesses across all of Canada?
Yes — we're based in Brampton, Ontario and work with businesses nationwide, with collection arranged across the GTA and the rest of Canada. Business hubs like Toronto, Montréal, Ottawa, Calgary and Vancouver are all served.
Can you sign an NDA?
Yes — NDA is standard for sensitive engagements and available on request. Confidentiality is part of how we work.
What documentation will we receive?
A documented chain of custody and a certificate of destruction per data-bearing drive — plus a written, line-item settlement where value is recovered.
Maxicom Inc. is a Canadian IT buyback and asset-disposition company, Brampton, Ontario, established 2022. We work to NIST 800-88 and IEEE 2883-2022 data-sanitization standards. We do not claim R2, e-Stewards, ISO or NAID AAA certification; where a contract requires NAID AAA specifically, we partner with a certified destruction subcontractor and document the chain of custody. Product names are trademarks of their respective owners, used for identification only. Page last reviewed July 2026.

Destroy your data to standard — and keep the proof.

Talk to us about your data-destruction and compliance requirements, or send your asset list for a written CAD offer with per-drive certificates included.