Certified data protection you can trust.
When IT reaches end-of-life, deletion alone doesn't satisfy PIPEDA Schedule 1, Principle 4.7 (Safeguards). We wipe to NIST SP 800-88 Rev. 1 and IEEE 2883-2022, log every device by serial, and issue a per-job Certificate of Destruction the auditor can drop straight into your evidence pack. On-site or in-facility, your choice.
Discipline, not assertion.
Method matched to the storage class. SSDs and NVMe drives default to NIST 800-88 Purge via cryptographic erase - the only method that's verifiable on flash media. Magnetic HDDs default to Clear or Destroy depending on the data classification. Tape is destruction-only.
Per-device wipe log. Live capture during the destruction process - operator name, timestamp, serial, method, verification status. Two-operator + witness sign-off.
Compliance-documentation discipline. Each Certificate of Destruction includes the PIPEDA Schedule 1, Principle 4.7 (Safeguards) alignment statement, the NIST 800-88 method citation per device, and the downstream-recipient receipt for any residual material.
Every storage class on the live equipment list.
- ♦ SSDs & NVMe - cryptographic erase (Purge) with verification; physical destruction on request for higher classifications.
- ♦ Magnetic HDDs - multi-pass overwrite (Clear) by default; degaussing or shredding (Destroy) for sensitive classifications.
- ♦ Removable media - tape libraries (LTO 5-9), optical, USB sticks, SD cards - destruction-only.
- ♦ Mobile devices - corporate phones, tablets - factory reset + cryptographic erase + physical destruction of storage chips on request.
- ♦ Networking config sanitisation - switches, routers, firewalls - startup-config erase + flash-Purge for any non-volatile log storage.
- ♦ Embedded storage in non-traditional kit - copier hard drives, IP-camera DVRs, building-management controllers, retired POS terminals.
Five stages, full audit trail.
Same workflow on every job; documentation scales with volume.
- 1. Intake & scanning · Serial-scan on receipt; condition photos; data-bearing media segregated and tagged.
- 2. Method selection · Per-device decision based on storage class + data classification - captured in the wipe log.
- 3. Certified wiping · Cryptographic / overwrite / degauss / shred performed by named operators; live verification.
- 4. Verification · Per-device confirmation that the method completed successfully; failed wipes route to physical destruction.
- 5. Documentation · Per-job Certificate of Destruction with serial list, method citation, two-operator + witness sign-off, PIPEDA alignment statement.
Compliance evidence that survives an inspection.
- ♦ Per-job Certificate of Destruction citing NIST SP 800-88 Rev. 1 + IEEE 2883-2022 standards by name.
- ♦ Per-device wipe log with serial, operator, timestamp, method, verification status - auditable per asset.
- ♦ PIPEDA Schedule 1, Principle 4.7 (Safeguards) alignment statement on every Certificate.
- ♦ Quebec Law 25 - alignment statement available on request for Quebec-resident data.
- ♦ Cross-border discipline - when refurbished kit re-exports, data is destroyed Canada-side first; the data does not cross.
- ♦ Long-term archival format (PDF/A) delivered alongside standard PDF for retention spanning years or decades.
Nationwide pickup. Local presence in every major hub.
We collect from Toronto, Vancouver, Calgary, Edmonton, Winnipeg, Montreal, Ottawa, Halifax, Hamilton, Quebec City and surrounding regions on a single national operating model - same chain-of-custody, same NIST 800-88 destruction, same CAD settlement on every job, regardless of which province the kit ships from.
Sustainable IT disposition. Audit-ready paperwork.
Every engagement closes with a per-job Certificate of Destruction, a serial-level chain-of-custody log, and a CAD settlement summary. Send an asset list to purchase@maxicom.ca or call +1 437-996-2283 (also WhatsApp). Written quote in 2 hours; settlement on uplift; no consignment.
Maxicom Canada — frequently asked
On-site or in-facility - which should I pick?
On-site is right when data-bearing media cannot leave the premises in media-bearing form - common for some hospitals, certain bank trading floors, government-cleared facilities. Mobile shred unit (truck-mounted industrial shredder, particle-size <2mm) and witnessed-wipe operator are the two formats.
How long should we retain Certificates of Destruction?
PIPEDA does not set a fixed retention period for disposal evidence; in practice, retain for as long as the underlying data was retained, typically 5-7 years for general personal data.
Can the Certificate include OSFI B-13 / Quebec Law 25 wording?
Yes. Default Certificate cites NIST 800-88 + IEEE 2883-2022 + PIPEDA Schedule 1, Principle 4.7. On request we add OSFI B-13 alignment statements (for federally-regulated FIs) or Quebec Law 25 alignment statements.
Why cryptographic erase on SSDs and not multi-pass overwrite?
Multi-pass overwrite was designed for magnetic media. On SSDs and NVMe drives, the controller's wear-levelling layer means an overwrite cycle does not necessarily touch every flash cell. NIST 800-88 Purge via cryptographic erase renders all cells cryptographically inaccessible in a single deterministic operation.
Has the OPC issued enforcement decisions about IT disposal?
Yes. Disposal-related OPC decisions have applied financial penalties on Schedule 1 Principle 4.7 failures. Common patterns: media sold or disposed without verification; destruction claimed but not evidenced; chain-of-custody gaps; wrong destruction method for the storage class.